Uber is reported to have used remote shutdowns of computers to thwart police raids. It is said to have ‘routinely’ used the system more than 20 times between spring 2015 until late 2016, in places as far afield as Canada, Brussels and Hong Kong …
Bloomberg opens with an example.
In May 2015 about 10 investigators for the Quebec tax authority burst into Uber Technologies Inc’s office in Montreal. The authorities believed Uber had violated tax laws and had a warrant to collect evidence. Managers on-site knew what to do, say people with knowledge of the event.
Like managers at Uber’s hundreds of offices abroad, they’d been trained to page a number that alerted specially trained staff at company headquarters in San Francisco. When the call came in, staffers quickly remotely logged off every computer in the Montreal office, making it practically impossible for the authorities to retrieve the company records they’d obtained a warrant to collect. The investigators left without any evidence.
The ability to lock down devices wasn’t limited to computers, according to the report.
The Uber HQ team overseeing Ripley could remotely change passwords and otherwise lock up data on company-owned smartphones, laptops, and desktops as well as shut down the devices.
Uber said the system – named Ripley, after character activating the self-destruct sequence in Alien – was there to protect customer data.
Like every company with offices around the world, we have security procedures in place to protect corporate and customer data. When it comes to government investigations, it’s our policy to cooperate with all valid searches and requests for data.
But some employees felt that the system slowed down legitimate investigations, and one academic said that the use of the system could potentially amount to obstruction of justice.
“It’s a fine line,” says Albert Gidari, director of privacy at Stanford Law School’s Center for Internet & Society. “What is going to determine which side of the line you’re on, between obstruction and properly protecting your business, is going to be things like your history, how the government has interacted with you.”
Uber is said to have even considered a system called uLocker, which would present law enforcement officials with a dummy login screen.
Uber’s former manager of global intelligence recently accused the company of wiretapping, bribery and more, a month after Uber concealed for a year a data breach impacting 57M users. It is currently engaged in a battle with London’s taxi licensing authorities after it was found to ‘pose a threat to safety and security.’