Uber backlash brings privacy concerns to light
An Uber executive's suggestion that the company should investigate the private lives of journalists has sparked a backlash against the popular car service, offering a potent reminder that tech companies are amassing detailed - and potentially embarrassing - records of users' communications, Internet traffic and even physical movements.
The controversy stemmed from remarks by Uber Senior Vice President Emil Michael on Friday night as he spoke of his desire to spend $1 million to dig up information on "your personal lives, your families," referring to journalists who write critically about the company, according to a report published Monday night by BuzzFeed. The same story said a different Uber executive once had examined the private travel records of a BuzzFeed reporter during an email exchange about an article without seeking permission to access the data.
That combination of vindictiveness and willingness to tap into user information provoked outrage Tuesday on social-media sites, spawning the hashtag "#ubergate" on Twitter. Critics recounted a series of Uber privacy missteps, including a 2012 blog post in which a company official analyzed anonymous ridership data in Washington and several other cities in an attempt to determine the frequency of overnight sexual liaisons by customers - which Uber dubbed "Rides of Glory."
This week's incident was the latest reminder about the potential for abuse as intimate information accumulates on the servers of tech companies that have widely varying approaches to user privacy and face few legal barriers in how they use personal data.
"We have never in history been at a point where we were more exportable," said Chris Hoofnagle, a law professor at the University of California at Berkeley who specializes in online privacy. "We have to think about how the service provider itself can be a threat."
Uber officials have sought to distance themselves from Michael's comments. Chief executive Travis Kalanick tweeted that they were "terrible," and Michael issued an apologetic statement calling the remarks "wrong" and expressing regret.
On Tuesday, the company said in a blog post: "Uber has a strict policy prohibiting all employees at every level from accessing a rider or driver's data. The only exception to this policy is for a limited set of legitimate business purposes."
The controversy appeared to have wide resonance, especially among women, some of whom already had expressed uneasiness about Uber and its drivers knowing where customers live, work and socialize. Many critics noted that the remarks by Michael focused on the work of a female journalist, Sarah Lacy, editor of Silicon Valley-based PandoDaily, who had repeatedly reported on what she called evidence of sexism by Uber.
"I know many women who erased Uber [apps] from their phones last night ... They really stepped over a line," said Katherine Losse, a former Facebook employee who wrote about that company's early days in the 2012 book "The Boy Kings."
Yet Losse and others said privacy issues go far beyond Uber. Days after being hired as Facebook's 51st employee in 2005, she was given a master password that she said allowed her to see any information users typed into their Facebook pages. (Facebook has instituted more rigorous privacy controls since, it has said.)
Such incidents occasionally have burst into public view, and they are not limited to tech companies. Google in 2010 fired an engineer after he reportedly spied on several teens using company services. The Walgreen Co. has been battling a $1.4 million fine for a violation federal privacy laws after a pharmacist in Indianapolis showed private prescription records to her husband, who once had dated the patient, according to news reports.
In the public sphere, several State Department employees inappropriately viewed Barack Obama's passport records in 2008 when he was running for president.
"In a time when our data ends up in databases, people can use it for their own prurient interests," said Christopher Soghoian, principal technologist for the American Civil Liberties Union. "Time and time again, people do it."
Soghoian said that while he was a graduate student - and before he worked for the ACLU - an official with a major technology company once threatened him while he was working to bring attention to a privacy problem with its service, which collected extensive personal information on users. "If you keep doing this stuff," the official said, according to Soghoian, "they will dig up stuff on you and try to destroy you."
Federal law provides little protection should a company decide to deploy users' information against them. Though the Federal Trade Commission has cracked down on companies that violate their own representations about how they handle data, they have wide latitude so long as they comply with the privacy policies written by company lawyers.
In March, for example, Microsoft revealed that it had searched a user's Hotmail email account to find an alleged leaker of its corporate secrets. Microsoft initially said that its policies allowed it to "protect our customers and the security and integrity of our products," but later, amid criticism, it said it would in future cases refer allegations to authorities instead of conducting its own searches of user accounts.
Uber, which connects riders with available drivers through smartphone apps, has quickly grown from a startup to a company worth $18 billion and operating in 46 countries. Yet the company, like many in the tech industry, has struggled with privacy issues.
Entrepreneur and writer Peter Sims reported in a September blog post that the company displayed his location in an Uber vehicle to the crowd at a 2011 launch party for the service in Chicago. He learned of this after receiving a text from an attendee detailing his exact location.
In Uber's "Rides of Glory" blog post from 2012, the company published maps highlighting the neighborhoods where residents most often participated in "brief overnight weekend stays." And while the identities of individual users were "blind" - meaning not personally identifiable - the Uber official studied the gender breakdown to conclude that when a higher ratio of men use the car service, there are more such brief visits in a neighborhood.
Ron Linton, chairman of the D.C. Taxicab Commission, which has battled with Uber over a range of issues, says the company uses data to gain a competitive advantage over traditional cabdrivers. "The greater part of their business plan is that they're going to amass the greatest database of consumer habits that the world has ever seen," he said.