Uber shared data on 12 million passengers and drivers with the government in six months

You may be more private catching the bus and paying cash…

Uber

Between July and December 2015, Uber provided data on 12 million passengers and drivers following requests from US regulators and law enforcement agencies.

That is one of the major findings of the online transportation network company's first-ever transparency report, which was released on Tuesday.

In the report, Uber reveals it received 33 requests from local regulated agencies for information pertaining to approximately 11,644,000 riders and 583,000 drivers between July and December 2015.

Those agencies requested information about trip requests, pickup and drop-off areas, fares, vehicles, drivers, and in some instances electronic trip receipts including trip routes.

As required, Uber complied in 21.2 percent of those cases. It also attempted to negotiate a narrower scope for the vast majority of the data requests. For 42.4 percent of the cases, it succeeded.

Uber described in a blog post some of the thinking behind its first transparency report:

"Of course regulators will always need some amount of data to be effective, just like law enforcement. But in many cases they send blanket requests without explaining why the information is needed, or how it will be used. And while this kind of trip data doesn't include personal information, it can reveal patterns of behavior - and is more than regulators need to do their jobs. It's why Uber frequently tries to narrow the scope of these demands, though our efforts are typically rebuffed."

Uber app

In addition to being contacted by regulatory agencies, Uber received requests from law enforcement agencies on more than 600 of its riders and drivers.

A vast majority of these cases related to fraud or the use of stolen credit cards.

The transportation company fully complied with less than a third (31.8 percent) of those requests and either partially complied/found no data on the remaining 78.2 percent of cases.

In its report, Uber was careful to include a "warrant canary" claiming it received neither a national security letter nor a court order under America's Foreign Intelligence Surveillance Act (FISA).

Uber policy

Uber is by no means a perfect company when it comes to user privacy.

In February of 2015, researchers found it had left its lost-and-found database open to the web. This discovery came only a few weeks before a database containing the information on 50,000 drivers was revealed to have been accessed by an unauthorized third party.

Even so, this transparency report is a step in the fight direction. And it's encouraging to see reported that Uber will release more in the future.

The transportation company joins more than 60 companies, including Google, Facebook, Amazon and Apple, that regularly release transparency reports.

Tags: , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

, ,

One Response

  1. IanH

    December 15, 2016 at 5:34 pm #

    11,644,000 passengers reported to government in 33 requests averages more than 350,000 passengers per request. So it's mass surveillance?

Leave a Reply