The ride-sharing company Uber confirmed Thursday that it had technology to shield company data when law enforcement raided its offices outside the US. Uber spokeswoman Melanie Ensign said this tool — no longer in use — could lock computers and smartphones and change passwords remotely from the company’s headquarters in San Francisco.
Bloomberg reported Thursday that Uber used the tool, known as Ripley, from spring 2015 until late 2016 in several cities, including Paris, Hong Kong, Brussels, Amsterdam and Montreal. Bloomberg said some Uber employees felt the system hindered legitimate investigations, while some people believed its use was justified when police didn’t come with warrants or specific-enough data requests.
The use of this tool raises questions for Uber because the company has in the past used a phony version of its app to thwart authorities. The ‘Greyball’ software identified regulators who were trying to hail a ride in an attempt to collect evidence of local law-breaking. Those rides would be canceled or never arrive. It has also been reported that the Justice Department was investigating whether Uber illegally used software to track drivers of its rival Lyft.
Bloomberg reported that authorities in Montreal were seeking evidence in May 2015 that Uber had violated tax laws. Uber’s use of Ripley meant they didn’t get any information, but Uber cooperated with a second search warrant and agreed to collect provincial taxes for each ride, Bloomberg said. Ensign said the company shut down Ripley in 2016 because it didn’t work well.
She said Uber now has a tool called ULocker that can remotely lock and encrypt devices. Ensign could not immediately say if Uber has used that to protect data from law enforcement as well. But she said Uber’s guidance to employees bars use of the tool where it isn’t legal. In a statement, Uber said this security tool is similar to those used by other companies and gives Uber a way to block access to data when an employee loses a device. The company said its policy is to cooperate with “all valid searches and requests for data.”
The ride-hailing service had a scandal-ridden 2017 that included lawsuits, government probes, the revelation of a significant sexual-harassment problem and the disclosure of a cover-up of a hack that stole personal information of 57 million passengers and 600,000 drivers. The company’s hard-charging CEO, Travis Kalanick, resigned in June and was replaced in August by the former CEO of Expedia, Dara Khosrowshahi.