Uber shared data on 12 million passengers and drivers with the government in six months

David Bisson

Uber shared data on 12 million passengers and drivers with the government in the second half of 2015

Uber

Between July and December 2015, Uber provided data on 12 million passengers and drivers following requests from US regulators and law enforcement agencies.

That is one of the major findings of the online transportation network company’s first-ever transparency report, which was released on Tuesday.

In the report, Uber reveals it received 33 requests from local regulated agencies for information pertaining to approximately 11,644,000 riders and 583,000 drivers between July and December 2015.

Those agencies requested information about trip requests, pickup and drop-off areas, fares, vehicles, drivers, and in some instances electronic trip receipts including trip routes.

As required, Uber complied in 21.2 percent of those cases. It also attempted to negotiate a narrower scope for the vast majority of the data requests. For 42.4 percent of the cases, it succeeded.

Uber described in a blog post some of the thinking behind its first transparency report:

“Of course regulators will always need some amount of data to be effective, just like law enforcement. But in many cases they send blanket requests without explaining why the information is needed, or how it will be used. And while this kind of trip data doesn’t include personal information, it can reveal patterns of behavior – and is more than regulators need to do their jobs. It’s why Uber frequently tries to narrow the scope of these demands, though our efforts are typically rebuffed.”

Uber app

In addition to being contacted by regulatory agencies, Uber received requests from law enforcement agencies on more than 600 of its riders and drivers.

A vast majority of these cases related to fraud or the use of stolen credit cards.

The transportation company fully complied with less than a third (31.8 percent) of those requests and either partially complied/found no data on the remaining 78.2 percent of cases.

In its report, Uber was careful to include a “warrant canary” claiming it received neither a national security letter nor a court order under America’s Foreign Intelligence Surveillance Act (FISA).

Uber policy

Uber is by no means a perfect company when it comes to user privacy.

In February of 2015, researchers found it had left its lost-and-found database open to the web. This discovery came only a few weeks before a database containing the information on 50,000 drivers was revealed to have been accessed by an unauthorized third party.

Even so, this transparency report is a step in the fight direction. And it’s encouraging to see reported that Uber will release more in the future.

The transportation company joins more than 60 companies, including Google, Facebook, Amazon and Apple, that regularly release transparency reports.

David Bisson David Bisson is an infosec news junkie and security journalist. He works as Contributing Editor for Graham Cluley Security News and Associate Editor for Tripwire's "The State of Security" blog.

One Reply to “Uber shared data on 12 million passengers and drivers with the government in six months”

  1. 11,644,000 passengers reported to government in 33 requests averages more than 350,000 passengers per request. So it's mass surveillance?

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Never miss a thing. Sign up for the free GCHQ newsletter from Graham Cluley.
GET EMAIL UPDATES