Former Employee Accused Uber Of Hacking And Surveillance

Former Employee Accused Uber Of Hacking And Surveillance

In a damning letter released today, a former Uber employee, Richard Jacobs, claims that the company engaged in several illegal practices, including hacking, trade secret theft and surveillance – all in an effort to emerge at the top of the competitive ride-hailing market.

Photo: Getty

The allegations, only some of which have been substantiated by an internal investigation at the company, are the latest example of Uber pushing ethical boundaries and contravening regulations to advance its business. This year alone, Uber has been caught using a special program to block local officials from hailing rides, surreptitiously obtaining a rape victim’s medical records, and paying off hackers to keep a data breach quiet.

“While we haven’t substantiated all the claims in this letter – and, importantly, any related to Waymo – our new leadership has made clear that going forward we will compete honestly and fairly, on the strength of our ideas and technology,” an Uber spokesperson said.

The letter, written by an employment lawyer who represented Jacobs after he resigned from Uber, triggered an internal investigation spearheaded by two special committees of Uber’s board and conducted by the law firm WilmerHale. That investigation is ongoing.

The letter was made public in Waymo’s trade-secret-theft lawsuit against Uber, which alleges that the ride-hailing company incorporated technology stolen by a former Waymo employee into its self-driving cars. Jacobs’ letter has become central to the lawsuit because it accuses an Uber security team of stealing trade secrets from Waymo, and of using secret servers and encrypted, ephemeral messaging to evade discovery. The trial has been delayed until February 2018 to give Waymo more time to investigate Jacobs’ claims.

Uber ran an extensive data-scraping and surveillance program to gather information about its competitors, Gizmodo reported this week. For years, Uber gathered intelligence from competing firms’ websites, apps and Github repositories. Many of these incidents are described in Jacobs’ letter as examples of hacking.

In some cases, Uber also conducted physical surveillance of executives at other companies. Jacobs’ letter alleges that Uber’s surveillance also targeted public officials and regulators who could clear the company’s path into new markets, as well as law enforcement officials, labour unions and taxi groups.

Uber “used undercover agents to collect intelligence against the taxi groups and local political figures. The agents took rides in local taxis, loitered around locations where taxi drivers congregated, and leveraged a local network of contacts with connections to police and regulatory authorities,” the letter claims.

Intelligence was gathered, the letter claims, “to determine which political figures may have been supporting opposition groups in the taxi/transport sector”, as well as to identify someone or some group that had been allegedly ordered to “begin targeting Uber vehicles for harassment and impoundment”.

At times, Uber employees also posed as protesters to gain access to private Facebook and WhatsApp groups, the letter claims. Jacobs cites a specific instance, first reported by Gizmodo on Tuesday, in which security employees in a WhatsApp group discovered a protester’s plan to light themselves on fire at an event then-CEO Travis Kalanick was attending in India.

However, Jacobs cast doubt on some of his own claims during a November court appearance. His lawyer’s letter said that Uber’s Marketplace Analytics team stole trade secrets from Waymo, the self-driving car company owned by Alphabet, but Jacobs testified that portion of the letter wasn’t true. Jacobs said he’d only had 20 minutes to review the 37-page letter before it was sent to Uber, and that he didn’t notice the claims about Waymo when he read it.

“I tried to make sure it was accurate with the time that I had,” Jacobs explained. “There’s hyperbolic language in here or things that I would not have stated in the same manner.”

But Jacobs stuck to other claims he’d made, including that Uber harvested proprietary code a competitor posted on Github, and that the company conducted physical surveillance of its competitors.

“I know it’s scandalous, but it’s something that the United States Attorney thinks at least is true enough to give to me,” US District Judge William Alsup, who is presiding over the Waymo case, said of Jacobs’ letters during a November hearing. “When the United States Attorney has enough faith in the evidence to submit it to the judge in a civil case, who had no idea this was coming, they must believe that it has some credibility. So I’m going to treat it that way.”

Earlier this year, Uber disclosed Jacobs’ letters to the US Attorney’s Office, which is conducting several investigations focused on the company. The US Attorney’s Office for the Northern District of California disclosed Jacobs’ allegations Judge Alsup in November and asked him not to make them public because doing so could confirm the office’s investigation into Uber. However, Judge Alsup decided to release the letters.

“There’s not a stitch of anything in any of those papers that should have been redacted, and it should all be public,” Alsup said during a November hearing.

Jacobs started working at Uber in March 2016 as a member of its global intelligence team, where he evaluated the risks the company faced in emerging markets. He resigned this April after he was caught forwarding internal emails to his personal address, and told Uber that he intended to blow the whistle on illegal activity at the company.

Jacobs’ work on the security team was overseen by Uber’s former chief security officer, Joe Sullivan, who left the company in November after an incident in which Uber paid hackers $US100,000 ($130,343) to keep a data breach quiet. Sullivan, who also oversaw the Marketplace Analytics team at the centre of many of Jacobs’ allegations, said in a statement to Gizmodo, “From where I sat, my team acted ethically, with integrity, and in the best interests of our drivers and riders.”

Uber’s deputy general counsel Angela Padilla testified that Jacobs and his attorney were attempting to extort the company and that Uber disclosed his letters to the US Attorney’s Office to “take the air out of his extortionist balloon.” Uber ultimately settled out of court with Jacobs for $US4.5 million ($5.9 million), in a deal that keeps Jacobs on as a consultant to help with Uber’s internal investigation into his allegations. His lawyer also received $US3 million ($3.9 million) in the settlement.

Matthew Umhofer, an attorney who represents Mat Henley, Nick Gicinto, Jake Nocon and Ed Russo – four Uber employees named in Jacobs’ letter – echoed Padilla’s testimony. “Jacobs took the good work my clients did and twisted it into something it wasn’t,” he said. “Mat, Nick, Ed and Jake are good guys who worked day and night to protect Uber’s riders, drivers and employees from real danger around the world. The competitive information gathering that was done at the explicit request of management was unremarkable and no different than what’s done by law-abiding companies across the country and Uber’s own competitors.”

Additional reporting by Dell Cameron.