At the heart of the recent privacy kerfuffle about the, shall we say, rather exuberantly managed Uber lies one very tempting data stash.
After all, as it has a history of boasting about, the ride-sharing company has online databases full of deep, rich, and quite intimate travel data – all of which is likely making cyber crooks and spies salivate.
As the Washington Post pointed out on Monday, the tastiest data about Uber customers include GPS-precise travel details about government officials in Washington, financiers in London, and entrepreneurs in San Francisco.
In other words, Uber knows where the movers-and-shakers go, when they go, where they go, and who else went to the same place at the same time.
Is this information guarded closely by a company that has the hard-won chops to protect data, along with a battalion of lawyers and a ton of security experts on hand?
Alas, says the Post’s Craig Timberg, it is not. At Uber, it is guarded instead by…
A start-up that was growing with viral exuberance – and with so few privacy protections that it created a 'God View' to display the movements of passengers in real-time and at least once projected such information on a screen for entertainment at a company party.
On top of all that comes word from a Post source who says he interviewed for a job at Uber in 2013 and enjoyed unfettered access to customer data for a day – including for hours after the interview ended – just as if he were an employee.
Here’s what went down, according to the Post:
He happily crawled through the database looking up the records of people he knew – including a family member of a prominent politician – before the seemingly magical power disappeared.
"What an Uber employee would have is everything, complete," said this person, who spoke on the condition of anonymity for fear of retribution from the company.
That policy is a somewhat slim one lacking much detail – one that Uber swears was hanging around somewhere in the company all this time, perhaps in a broom closet, as opposed to, say, being glued together and slapped up online right when the privacy outrage blossomed.
As a matter of security, we don't discuss publicly the details of our security.
But after the Post’s article was online for a few hours on Monday, Uber sent this updated statement about how it’s trying to review and improve privacy measures:
Legal action? Huh. Well, no wonder that job applicant chose to remain anonymous.
Whether or not Uber plans to take such legal action against upper management who’ve tried to impress reporters by showing off private information (and mulling digging up and publishing dirt on reporters it doesn’t like) is another question – one on Senator Franken’s list, in fact.
James A. Lewis, a cyber-security expert with the Center for Strategic and International Studies, told the Post that the highest government officials tend to use government cars, which likely shields their professional movements from the eyes of cyber spies who might use it to threaten national security.
Rather, it’s us ordinary people that are the sitting ducks.
That would include Peter Sims, the writer, entrepreneur, and former VC investor who got a call while he was riding in an Uber car.
The caller had a blast telling Sims where his car was at the moment, keeping a running update of his movements and informing him he was one of a few notables being tracked for the amusement of partygoers at a Chicago Uber launch.
Lighten up – it’s a party! It’s fun! She said, telling him it was a “cool” event and that he should have been honored to have been featured.
Wheeeee! Fun-fun! Oh, look, there goes your privacy, right out the window.
Oh, darn, look, it was lying in the road and got run over by an Uber car.
Don’t bother to call an ambulance.
It’s sounding like that privacy was dead as soon as you got into that first Uber ride.