Uber and Privacy: Should You Be Concerned?

Should the public be concerned about Uber's controversial use of data-collection technology? See what we think:

uber app
FILE - JANUARY 21: According to reports January 21, 2015, Uber, the ride-hailing service, has closed on $1.6 Million in financing from clients in the private wealth arm Of Goldman-Sachs. BARCELONA, SPAIN - JULY 01: In this photo illustration, logos of 'Uber', a Barcelona taxi and Barcelona City guide apps are seen in a smart phone on July 1, 2014 in Barcelona, Spain. Taxi drivers in main cities strike over unlicensed car-halling services. Drivers say that is a lack of regulation behind the new app. (Photo Illustration by David Ramos/Getty Images) ** OUTS - ELSENT, FPG - OUTS * NM, PH, VA if sourced by CT, LA or MoD **

Concerns with Uber Privacy

Though recent estimates valued Uber at more than $40 billion, like any young company the San Francisco-based ride service enterprise is not without challenges. Privacy issues have been a threat to Uber’s public perception since controversial use of data-collection technology by company executives was revealed at a 2011 launch party in Chicago. Since this initial controversy, a number of additional incidents have further fostered concerns over Uber’s privacy practices.

In an attempt to address the unease these transgressions have inspired, the company has released an updated privacy statement that is set to go into effect today: July 15, 2015. However, instead of alleviating this potential problem of public perception, the new statement and the policy changes it sets forth have prompted the Electronic Privacy Information Center, a non-profit research center based out of D.C., to compose a letter to the Federal Trade Commission demanding Uber’s new policies be prohibited from taking effect.

Uber pic 1

The EPIC Letter

Just as the letter reminds the FTC that Uber has “a history of abusing the location data of its customers,” EPIC has a history of bringing these perceived abuses to the public eye. The non-profit has targeted a variety of large companies (self-cited successes include Google, Facebook, and Snapchat). While Uber hails its updated policy as an act to increase the transparency of its practices and provide its customers with a clear choice of whether or not to share certain information, EPIC suggests that this change is actually an intentional act of deception. One particular concern that the letter raises is Uber’s failure to surrender its right to assemble a trip history for all customers. EPIC implores the FTC to establish a law in which the company is required to delete trip information after the completion of a ride. In other words, once you’re out of an Uber, isn’t the ride you took your own business and no one else’s?

EPIC says Uber has a history of abusing the location of its customers.

While this particular complaint seems more than valid, Uber executives fail to put forth a legitimate reason for reserving this right. The company’s vague explanation is that it could be beneficial for customers to be able to view their ride history, though it remains unclear what these specific benefits could be. Other principle requests stated in the letter were for the FTC to prohibit Uber from collecting any geolocation customer information that is not pertinent to the ride, and to require Uber to publish a detailed summary of its system used for profiling and evaluating customers. EPIC also takes issue with the fact that once a customer gives Uber permission to access certain information, such as contact lists, the customer is unable to revoke this permission.

Uber pic 4

Uber’s Defense

While EPIC claims that Uber’s updated privacy statement allows for increasingly concerning data collection practices, Uber argues that the revised statement marks less of a policy change than it does an increase in policy transparency. This seems to suggest that while some of the provisions signal an increase in invasive data collection, the company may actually just be illuminating practices that have been used all along. For instance, the company now reserves the right to request customers’ contact lists for the sake of promotion. Whether this is a new practice or a once-covert one that is now being publicly revealed remains unclear.

Uber argues that the revised statement is about increased transparency.

In an attempt to alleviate concerns over their data collection policies, Uber hired IBM’s former chief privacy officer Harriet Pearson, known as the “First Lady of Privacy,” to conduct an audit of the company. The results of the audit, released in January of this year, praised the company for having “dedicated significantly more resources to privacy at this point in its age as a company given its sector and size than other companies that we’ve observed.” Pearson and her Hogan Lovells law firm also assured the public that Uber employees not entitled to customer information are locked out via technical controls. While Pearson’s report was overwhelmingly positive, it did offer recommendations for improvement through efforts such as increased employee training and greater policy transparency. Pearson also recommended for Uber to make its privacy policies easier for the average customer to comprehend, though this seems a vital component of increased transparency.

While Uber pledged to incorporate Pearson’s advice, its updated privacy statement makes no mention of employee training. Indeed, it is still unclear whether or not the company has any formal training program at all. The updated statement also features some ambiguous language, such as the notice that the company may share your information with “affiliated entities.”

Though it is clear that Uber’s updated statement is not perfect by any means, it is important to acknowledge some improvements, if only to encourage more to come. For one, this statement is shorter than the last and uses more precise and accessible diction. As Uber services are available in 300 cities in 57 countries, it is also significant that the new statement is available in more languages than was its predecessor. Though not a product of the new statement, Uber’s claim to have terminated its infamous “God View” tool, which allowed any employee to track a ride in real-time, is certainly a step in the right direction. In regards to EPIC’s grievance that Uber continues to use customer IP addresses to track location, this is a practice utilized by most apps and cell phone IP addresses do not reveal precise locations, only approximate ones.

uber 7

The Snowden Factor

In the age of drones, heightened counterterrorism efforts, and Google Maps, personal privacy is a common topic of debate. When Edward Snowden controversially leaked classified documents from the NSA in 2013 he pushed this debate to the forefront of the national dialogue. Although the collective memory of the populace is short and no federal reforms have been made in the aftermath of Snowden’s action, the issue of personal privacy remains in the minds of many Americans.

Uber's updated statement is easier to understand.

To what extent the post-Snowden climate of this country affects suspicion over Uber’s data collection processes is unclear, though it certainly plays a role. In regards to the issue of privacy, Uber driver Leslie Lowdermilk says, “Most customers aren’t all that concerned about privacy except when they are going…someplace they should not be.” Lowdermilk’s statement is strikingly similar to the arguments espoused by those who are unconcerned with the NSA’s ubiquitous surveillance that Snowden exposed.

On the other hand, the founder of uberkit.net, Malik Akande, says, “The Snowden issue has definitely made the average person more aware of the legitimate concerns we should have about data management.” Akande goes on to say, facetiously, “We know how fond of the PATRIOT Act the average American is/was.” And yet The USA PATRIOT Act, minus three provisions that have expired, will enjoy its 14th birthday this October. Uber, like The PATRIOT Act, suffers from issues of public perception yet continues on as an ever-present force. Even if it can avoid the wrath of the FTC, might Uber still be overly concerned by its poor reputation in regards to privacy? Akande says that “Uber is a data-driven company, and would probably only respond to very negative public perception if it is hurting their growth.” For now, Uber continues to grow unabated while concerns over its privacy policy linger.

Previous articleWill 3-D Printed Cars Kill Jobs?
Next articleWhy Trucks Aren’t as Safe as Cars
Justin Bregman is a film student at The University of Texas at Austin. Although originally from Connecticut he neither plays golf nor belongs to a country club. Justin loves fishing, hiking and all-things outdoors when he is not reading about current events or watching movies. As a staff writer for UT’s campus humor newspaper, Texas Travesty, Justin finds humor in the absurd and ridiculous.