Uber isn’t going to win any corporate do-gooder awards. In recent news stories it has been characterized as a ruthless, money-bloated raptor of a company that will do anything to win. Still, there’s no need to be alarmed about every accusation of skullduggery that critics direct at the ride-sharing platform.
Uber improves (a little)
Uber performed an appalling series of privacy gaffes last year – tracking journalists, flaunting a “God View” of its customers at parties, failing to protect data, and so on – but it’s been trying to get its act together, and has made some progress. In recent months, for instance, the company says it has deep-sixed the “God View” trick, and it also commissioned a law firm to propose some privacy guidelines.
In light of this modest progress, EPIC’s “deception” accusations (set out in the FTC complaint) ring a little hollow.
Take for instance, EPIC’s gripes in the complaint (embedded below) that Uber is being deceptive about collecting customers’ location data. First off, is anyone surprised that an app for summoning taxis can know your whereabouts? This would be like using Google Maps and objecting to it using your GPS position when you navigate.
To be fair, EPIC’s complaint also points out that Uber might ask for data when the app is not in use, and that it currently uses customer IP addresses to determine location. The latter charge, however, does not really rise to the level of “deceptive” since it’s a common practice among apps, and since an IP address from a mobile phones typically won’t disclose an exact location.
“We have always disclosed our collection of location information – it is core to our product (we are a location-based service),” said an Uber spokesperson, by email. “EPIC’s allegations about IP tracking are misleading; we receive IP addresses as part of the traffic data that all apps receive.”
As for EPIC’s claim that the new Uber policy could one day allow the company to collect more information about users’ location and contact lists, well, that day will only come sometime in the future – and Uber will (perhaps) have the good sense to inform its customers what it is doing.
Could the Uber policy be better? Sure. Does it merit a federal investigation? Hardly. Except for one thing.
Location, location, location
The folly of this is plain. Hired car trips are often used for sensitive personal matters like late night affairs, secret business meetings or discreet visits to the STD clinic. But under Uber’s rules, the company compiles a personal dossier for every single trip taken by every customer.
The database that Uber possesses is known among security types as a “honey pot” that can attract all sorts of snoops, from the U.S. government to Chinese hackers. And those hazards are in addition to whatever intrusive uses – marketing, third party partnerships, etc –that Uber itself might make of the information.
Uber, meanwhile, can’t even offer a plausible reason for why it insists on storing this information.
“[It’s] a benefit to riders to be able to keep track of their trip history,” was the best explanation I could get. If that’s the real reason, then surely Uber would let those users who don’t wish to have this “benefit” delete the information?
No dice. And worse, even former Uber customers can’t delete the data for sure. All Uber can promise is that it will eventually delete personal information if you quite the service – unless it deems there are “account issues.”
The solution is easy enough. As Julia Horwitz, the lawyer who authored the EPIC complaint, suggests, Uber should delete trip data after a ride is complete. Or at least allow its customers an easy way to do so themselves. If not, the FTC should step in.
You can read EPIC’s complaint for yourself below (I’ve underlined some of the relevant bits). Keep in mind, this is just EPIC’s suggestion for the sort of complaint the FTC should bring against Uber – there’s no indication for now if the agency will get involved one way of the other.