Uber’s given US agencies data on more than 12 million users

Catching up to tech brethren Apple, Google, and Facebook, et al., Uber on Tuesday released its first ever transparency report.

This number may seem like a typo at first glance, but here goes: more than 12 million riders and drivers were affected by regulators’ data demands between July and December 2015.

The fact that regulators are doing the demanding is what makes the number so big. Uber’s the first company, it claims, to include regulatory requests.

Uber says the reason it’s including regulatory requests is that its business is “different.”

From a post the company published on Medium about the report:

While most tech companies are dealing with bits - emails, photos and messages  –  Uber is in the bits and atoms business. Our technology connects riders and drivers in the real world, a world that is regulated by agencies like the California Public Utilities Commission and the New Orleans Department of Safety and Permits.

These agencies have the power to force companies to give them information, such as trip data.

Besides regulatory data, Uber provided data on 469 users to state and federal law agencies. The agencies requested information on trips, trip requests, pickup and dropoff areas, fares, vehicles, and drivers.

It got 415 requests from law enforcement agencies, the bulk of which came from state governments. It produced data in nearly 85% of these cases.

Uber used the transparency report release to push back against regulatory agencies that it thinks could compromise users’ privacy by going after more data than necessary.

From the Medium post:

In many cases they send blanket requests without explaining why the information is needed, or how it will be used. And while this kind of trip data doesn’t include personal information, it can reveal patterns of behavior  –  and is more than regulators need to do their jobs.

It’s why Uber frequently tries to narrow the scope of these demands, though our efforts are typically rebuffed.

This isn’t the first time Uber has wrangled with the California Public Utilities Commission (CPUC) over rider and driver data.

In January, the CPUC fined Uber $7.6 million for failing to meet data reporting requirements in 2014. The CPUC was after data about accessible cars, the number of rides requested and accepted per ZIP code, and driver safety information.

It’s not that regulators are picking on Uber, per se. Regulators at airports, for one, go after the same type of ride data from taxis, limousines and livery providers.

But the type, and specificity, of data being demanded differs between digital and real-world companies, Uber said:

Today requests to digital companies often exceed those for offline companies. For example, a taxi company might have to submit a paper log with the rough pickup and dropoff locations of a trip.

But we might be asked to share the precise GPS coordinates of the pickup and dropoff locations, or even the entire path of the trip.

Besides releasing records about data requests, Uber also slipped a warrant canary into its transparency report. A warrant canary is a published statement that changes or disappears from the documentation published by ISPs, telecoms and other technology providers when they’ve been gagged by secret court orders.

Uber says it hasn’t received “any requests issued under the provisions of national security statutes.”

In other words, it hasn’t been issued subpoenas that come with gag orders.

Reddit, for one, can’t say the same. Going by its latest transparency report and its lack of “we haven’t received any” language, its canary is now pushing up the daisies.

Image of Uber logo courtesy of 360b / Shutterstock.com