Uber faces privacy audits every two years until 2037, rules FTC

Surely someone inside Uber had doubts about the riskiness of the company’s internal software program today infamously known to the world as “God View”.

If the name “God view” doesn’t sound dystopian enough, the description of what it was for – monitoring the location of customers taking rides in real time – should have made management think hard about the potential for it to be misused.

Including by them, it turns out: in 2014, it emerged a senior vice-president had used the system to monitor a journalist said to be hostile to the company as she moved around New York as a way of, allegedly, spying on her.

Last year, a former employee claimed that this was no one-off with God View being used to track:

High-profile politicians, celebrities and even personal acquaintances of Uber employees, including ex-boyfriends/girlfriends, and ex-spouses.

That’s a lot of intrusive God Viewing for one company, although it’s fair to say that the concept of big internet companies having access to the intimate details of their users’ lives doesn’t only apply to Uber.

In the event, in November 2014 the company responded by re-stating its privacy policy, including that it had deployed an automated tool to monitor employee access to God View as a way of deterring abuse.

The US FTC later discovered that tool was in use for less than a year, abandoned for reasons that still aren’t clear. Separately, around the same time, the New York Times also discovered that Uber started using a tool called Greyball to track officials investigating the company’s operations in a number of cities.

Compounding all this, the company had failed to encrypt driver data stolen during a 2014 data breach said at the time to affect 50,000 but since upped to 100,000.

This week the FTC ruled on this catalogue of data privacy problems and bad behaviour. Summarised FTC acting chairman Maureen K Ohlhausen:

Uber failed consumers in two key ways: first by misrepresenting the extent to which it monitored its employees’ access to personal information about users and drivers, and second by misrepresenting that it took reasonable steps to secure that data.

Among a series of undertakings, Uber has six months to undertake an independent audit of its privacy controls, which will have to be repeated every two years until 2037.

That sounds like a big deal until you realise that in 2011 the FTC handed the same 20-year privacy undertaking to Facebook and Google, and in 2014 to Snapchat.  This kind of privacy case in the EU could perhaps have resulted in a fine large enough to, at the very least, seriously annoy investors. In the US, companies end up with extra admin.

But damage has still been done, not only to Uber’s image but also the fast-sinking notion that Silicon Valley shows how technology and society can work together in a mutually beneficial way.

To a growing band of sceptics, Uber’s God View is just the latest example of the tech industry’s irresistible temptation to become unhinged by its own importance in pursuit of objectives it refuses to be honest about.