Sophos Cloud Optix
In a letter to Senator Al Franken, Uber says it accessed a reporter’s account because “She was 30 minutes late” to a meeting and an executive wanted to know when she’d show up so he could meet her in the lobby.
And flash his iPhone at her. And tell her that he was tracking her, according to a report from The Guardian.
In fact, Uber New York General Manager Josh Mohrer reportedly poked at BuzzFeed reporter Johana Bhuiyan’s personal data twice, on both occasions tracking her movements without her permission.
That’s just one of a rash of eyebrow-raising reports about Uber’s data collection practices and possible misuse of consumers’ data that came to light last month and which prompted Sen. Franken to send the company a letter with 10 pointed questions about the company’s privacy policies.
(Note: Non-US readers might not be familiar with the American use of the term “rider” as used in these letters. Uber, Senator Franken and American media use the term to indicate “passenger”.)
He also asked Uber, which connects passengers with drivers-for-hire using a GPS-based mobile app, to explain how widely it uses its so-called “God View” tool, which allows Uber to track passengers’ locations.
In a 3-page response, Uber’s Managing Counsel of Privacy, Katherine M. Tassi, reiterated what the company’s been saying all along: that it has a “strong culture of protecting rider information” and that the company “prohibits employees from accessing rider information except for legitimate business purposes.”
Franken said in a press release on Monday that while he was glad to get a reply, the letter wasn’t particularly forthcoming with the details he’d asked for.
To wit:
I am concerned about the surprising lack of detail in their response. Quite frankly, they did not answer many of the questions I posed directly to them. Most importantly, it still remains unclear how Uber defines legitimate business purposes for accessing, retaining, and sharing customer data.
Franken had originally asked what, exactly, would trigger the company to discipline an employee for violating privacy policies and whether any disciplinary actions had been taken on that basis.
In the case of the twice-tracked BuzzFeed reporter, Uber says that Mohrer “believed he had a legitimate purpose for looking at” Bhuiyan’s location as she travelled to his office, but that Uber “regarded his judgment in this instance to be poor” and has “disciplined him accordingly”.
Franken had also asked about Uber SVP of Business Emil Michael having suggested spending $1 million to mine personal data for dirt to discredit a journalist who criticized the company.
Franken had noted in his letter that Michael’s statements sound like they were intended to have a chilling effect on journalists covering Uber and had asked if he’d been disciplined as a result.
Apparently not.
Uber mentioned in its letter that if the company had in fact used account details to discredit journalists, it would have been a “gross invasion of privacy” and a “violation of our commitment to our users”, but in fact the executive’s comments were just “ill-considered” given his “frustration with reporters” and “don’t reflect company policies or practices.”
Uber has publicly apologized for the incident, Tassi notes.
With regards to the “God View” function, which allows Uber to see where all of its cars and all of its passengers are at any given time, the letter says that the company’s scaled it back so that only employees in “operations or other areas, like fraud prevention” can use it.
Uber also stated that the company had shown God View to “third parties” in the past because it has a “compelling visual display,” but when showing it to those outside the company, it’s stripped down to “presentation view, which has been available for about a year now and makes rider personal data inaccessible.”
Franken said that he’s “concerned” by the response and will continue “pressing for answers.”
Earlier this month, the senator also sent a letter to Uber competitor Lyft to clarify its own privacy policies.
Image of taxi courtesy of Shutterstock.
The term rider wouldn’t normally be used, even in the U.S. I might ask a friend for a ride in his car but I would still be a passenger. Using rider as the term for passenger is Uber’s attempt at separating themselves from taxi companies. I assume the Senator used the term to be consistent with Uber’s terminology but I could be wrong.
I’m mystified by this word “rider”, as well.
To me, a “rider’ is either someone at the helm of a horse, bicycle or motorcycle (or any conveyance you sit astride rather than in), or a section added to a document such as a contract or a mathematical proof.
Most particularly, when I see “rider” in the context of a journey, it implies the person actively in control of the conveyance, not the, ahem, passenger. My American English Dictionary seems to agree with me.
Interestingly, my dictionary adds a third meaning – something you don’t see a lot in these digital days – of the tiny auxiliary weight you slide along the balance arm of a weighing scale to add precision to your answer.
A person in control would be a driver, not merely a rider. Your definition would render illogical the common phrase “just along for the ride.”
Riders ride; do passengers passenge? Hmmm…
Duck wrote “I’m mystified by this word “rider”, as well.
“To me, a “rider’ is either someone at the helm of a horse, bicycle or motorcycle (or any conveyance you sit astride rather than in), or a section added to a document such as a contract or a mathematical proof.”
In US English, not necessarily. “Astride” has that distinction, but not “ride.” In the US one would ride a Ferris wheel or roller coaster in bench seats, not straddling anything. (Note that I am also using US punctuation style with the period (full stop) inside the closing quotation mark.)
And Duck continued “Most particularly, when I see “rider” in the context of a journey, it implies the person actively in control of the conveyance, not the, ahem, passenger. My American English Dictionary seems to agree with me.”
Hmm, I don’t think so. In the US, the person actively in control is the “driver.” The other passengers are “riders” regardless of whether the vehicle is a car, railroad train, motorcycle, or jet ski.
And Duck further stated “Interestingly, my dictionary adds a third meaning – something you don’t see a lot in these digital days – of the tiny auxiliary weight you slide along the balance arm of a weighing scale to add precision to your answer.”
And a fourth meaning, an amendment to an insurance policy which provides the policyholder extra protection beyond the provisions contained in a standard insurance agreement. For example Duck might get a rider to his homeowner’s policy to cover the original Rembrandt in the den.
It might be a regional thing in the US. It isn’t uncommon in some parts of the country to hear the term “rider” used to describe a passenger in a private, not-for-hire, vehicle.
There are many words and phrases used in various parts of the US that are seldom heard in other parts.
This is really pant-wetting Daily Mail-level garbage. For the app to work, they have to know your location. That should be in the terms and conditions when you sign up. That means that Uber systems and personnel have access — not to think so is naive. But let’s not let this detract from the more important etymological discussion occurring.
The issue is not that Uber systems and personnel have access, it’s *which* Uber systems and personnel have access and to *what*.
Companies need to treat private data with the same care they’d treat anything that belongs to one of their customers and I’d expect Uber to operate under the principle of least privilege.
Surprising how many wanted to discuss the use of ‘rider’ when it was not the meat of the article. How they are mis-using the data is the question, not how one part of the world uses words differently.
They appear to be misusing quite a bit of the information they have and probably will continue to mis use it. Until legislators realize that they are also being targeted by these companies noting will change. Such a pity that the NSA a so forth has not only been chastised by congress, but then given the ok to continue it!
Jack