A former Uber employee has said employees abuse access to features allowing them to keep tabs on users including celebrities and employees’ personal acquaintances, according to the CIR publication Reveal. Other former employees told the outlet the ride-hailing app allowed access to surveillance-enabling features even after the company said it had implemented strict policies restricting access.
“Uber’s lack of security regarding its customer data was resulting in Uber employees being able to track high profile politicians, celebrities, and even personal acquaintances of Uber employees, including ex-boyfriends/girlfriends, and ex-spouses,” Uber’s former forensic investigator Ward Spangenberg was quoted as saying under penalty of perjury in filings from a lawsuit is pursuing against the company. The 45-year-old alleges the company discriminated against him for his age and retaliated against him for acting as a whistleblower.
Uber disputes Spangenberg’s claims that access to data is widespread, and says it has safeguards in place to prevent unauthorized surveillance.
“It’s absolutely untrue that ‘all’ or “nearly all” employees have access to customer data, with or without approval. And this is based on more than simply the ‘honor system’: we have built entire system to implement technical and administrative controls to limit access to customer data to employees who require it to perform their jobs,” reads a statement from the company.
Reporting on Spangenberg’s claims follows recent changes to Uber’s app that effectively require users to give Uber permission to track their location when the app is running in the background of a user’s phone, according to The Verge. Uber said it restricts background location tracking to five minutes after a trip ends, and that the change is meant to improve precision of the app.
The other revelation from Spangenberg: While Uber employees might be checking up on the whereabouts of celebrities and old flames, the company has also been deleting information requested as part of litigation proceedings.
“Uber routinely deleted files which were subject to litigation holds, which was another practice I objected to,” Spangenberg said in his court declaration. That type of scrubbing can result in legal penalties.
In other words, Uber allegedly cares quite a bit about keeping its own data secure from prying eyes; its users’ data, not so much.