Concerns with Uber Privacy
Though recent estimates valued Uber at more than $40 billion, like any young company the San Francisco-based ride service enterprise is not without challenges. Privacy issues have been a threat to Uber’s public perception since controversial use of data-collection technology by company executives was revealed at a 2011 launch party in Chicago. Since this initial controversy, a number of additional incidents have further fostered concerns over Uber’s privacy practices.
In an attempt to address the unease these transgressions have inspired, the company has released an updated privacy statement that is set to go into effect today: July 15, 2015. However, instead of alleviating this potential problem of public perception, the new statement and the policy changes it sets forth have prompted the Electronic Privacy Information Center, a non-profit research center based out of D.C., to compose a letter to the Federal Trade Commission demanding Uber’s new policies be prohibited from taking effect.
The EPIC Letter
Just as the letter reminds the FTC that Uber has “a history of abusing the location data of its customers,” EPIC has a history of bringing these perceived abuses to the public eye. The non-profit has targeted a variety of large companies (self-cited successes include Google, Facebook, and Snapchat). While Uber hails its updated policy as an act to increase the transparency of its practices and provide its customers with a clear choice of whether or not to share certain information, EPIC suggests that this change is actually an intentional act of deception. One particular concern that the letter raises is Uber’s failure to surrender its right to assemble a trip history for all customers. EPIC implores the FTC to establish a law in which the company is required to delete trip information after the completion of a ride. In other words, once you’re out of an Uber, isn’t the ride you took your own business and no one else’s?
While this particular complaint seems more than valid, Uber executives fail to put forth a legitimate reason for reserving this right. The company’s vague explanation is that it could be beneficial for customers to be able to view their ride history, though it remains unclear what these specific benefits could be. Other principle requests stated in the letter were for the FTC to prohibit Uber from collecting any geolocation customer information that is not pertinent to the ride, and to require Uber to publish a detailed summary of its system used for profiling and evaluating customers. EPIC also takes issue with the fact that once a customer gives Uber permission to access certain information, such as contact lists, the customer is unable to revoke this permission.
While EPIC claims that Uber’s updated privacy statement allows for increasingly concerning data collection practices, Uber argues that the revised statement marks less of a policy change than it does an increase in policy transparency. This seems to suggest that while some of the provisions signal an increase in invasive data collection, the company may actually just be illuminating practices that have been used all along. For instance, the company now reserves the right to request customers’ contact lists for the sake of promotion. Whether this is a new practice or a once-covert one that is now being publicly revealed remains unclear.
In an attempt to alleviate concerns over their data collection policies, Uber hired IBM’s former chief privacy officer Harriet Pearson, known as the “First Lady of Privacy,” to conduct an audit of the company. The results of the audit, released in January of this year, praised the company for having “dedicated significantly more resources to privacy at this point in its age as a company given its sector and size than other companies that we’ve observed.” Pearson and her Hogan Lovells law firm also assured the public that Uber employees not entitled to customer information are locked out via technical controls. While Pearson’s report was overwhelmingly positive, it did offer recommendations for improvement through efforts such as increased employee training and greater policy transparency. Pearson also recommended for Uber to make its privacy policies easier for the average customer to comprehend, though this seems a vital component of increased transparency.
While Uber pledged to incorporate Pearson’s advice, its updated privacy statement makes no mention of employee training. Indeed, it is still unclear whether or not the company has any formal training program at all. The updated statement also features some ambiguous language, such as the notice that the company may share your information with “affiliated entities.”
Though it is clear that Uber’s updated statement is not perfect by any means, it is important to acknowledge some improvements, if only to encourage more to come. For one, this statement is shorter than the last and uses more precise and accessible diction. As Uber services are available in 300 cities in 57 countries, it is also significant that the new statement is available in more languages than was its predecessor. Though not a product of the new statement, Uber’s claim to have terminated its infamous “God View” tool, which allowed any employee to track a ride in real-time, is certainly a step in the right direction. In regards to EPIC’s grievance that Uber continues to use customer IP addresses to track location, this is a practice utilized by most apps and cell phone IP addresses do not reveal precise locations, only approximate ones.
The Snowden Factor
In the age of drones, heightened counterterrorism efforts, and Google Maps, personal privacy is a common topic of debate. When Edward Snowden controversially leaked classified documents from the NSA in 2013 he pushed this debate to the forefront of the national dialogue. Although the collective memory of the populace is short and no federal reforms have been made in the aftermath of Snowden’s action, the issue of personal privacy remains in the minds of many Americans.
To what extent the post-Snowden climate of this country affects suspicion over Uber’s data collection processes is unclear, though it certainly plays a role. In regards to the issue of privacy, Uber driver Leslie Lowdermilk says, “Most customers aren’t all that concerned about privacy except when they are going…someplace they should not be.” Lowdermilk’s statement is strikingly similar to the arguments espoused by those who are unconcerned with the NSA’s ubiquitous surveillance that Snowden exposed.