Uber used secret technology to hinder investigations in Montreal and other cities
The tool, was used from spring 2015 until late 2016 in several cities including Paris, Hong Kong, Brussels, Amsterdam and Montreal. The technology remotely locked-out devices during raids by police
Research & Development
Risk & Compliance
Technology / IIoT
NEW YORK—The ride-sharing company Uber confirmed Thursday that it had technology to shield company data when law enforcement raided its offices outside the U.S.
Uber spokeswoman Melanie Ensign said this tool—no longer in use—could lock computers and smartphones and change passwords remotely from the company’s headquarters in San Francisco.
Bloomberg reported last week that Uber used the tool, known as Ripley, from spring 2015 until late 2016 in several cities, including Paris, Hong Kong, Brussels, Amsterdam and Montreal.
Bloomberg said some Uber employees felt the system hindered legitimate investigations, while some people believed its use was justified when police didn’t come with warrants or specific-enough data requests.
The use of this tool raises questions for Uber because the company has in the past used a phoney version of its app to thwart authorities. The “Greyball” software identified regulators who were trying to hail a ride in an attempt to collect evidence of local law-breaking. Those rides would be cancelled or never arrive. It has also been reported that the Justice Department was investigating whether Uber illegally used software to track drivers of its rival Lyft.
Bloomberg reported that authorities in Montreal were seeking evidence in May 2015 that Uber had violated tax laws. Uber’s use of Ripley meant they didn’t get any information, but Uber co-operated with a second search warrant and agreed to collect provincial taxes for each ride, Bloomberg said.
Ensign said the company shut down Ripley in 2016 because it didn’t work well.
She said Uber now has a tool called ULocker that can remotely lock and encrypt devices. Ensign could not immediately say if Uber has used that to protect data from law enforcement as well. But she said Uber’s guidance to employees bars use of the tool where it isn’t legal.
In a statement, Uber said this security tool is similar to those used by other companies and gives Uber a way to block access to data when an employee loses a device. The company said its policy is to co-operate with “all valid searches and requests for data.”
The ride-hailing service had a scandal-ridden 2017 that included lawsuits, government probes, the revelation of a significant sexual-harassment problem and the disclosure of a coverup of a hack that stole personal information of 57 million passengers and 600,000 drivers. The company’s hard-charging CEO, Travis Kalanick, resigned in June and was replaced in August by the former CEO of Expedia, Dara Khosrowshahi.