Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
Businesses Government IT Technology

Uber Used Another Secret Software To Evade Police, Report Says (bloomberg.com) 226

schwit1 shares a Bloomberg report: In May 2015 about 10 investigators for the Quebec tax authority burst into Uber Technologies's office in Montreal. The authorities believed Uber had violated tax laws and had a warrant to collect evidence. Managers on-site knew what to do, say people with knowledge of the event. Like managers at Uber's hundreds of offices abroad, they'd been trained to page a number that alerted specially trained staff at company headquarters in San Francisco. When the call came in, staffers quickly remotely logged off every computer in the Montreal office, making it practically impossible for the authorities to retrieve the company records they'd obtained a warrant to collect. The investigators left without any evidence.

Most tech companies don't expect police to regularly raid their offices, but Uber isn't most companies. The ride-hailing startup's reputation for flouting local labor laws and taxi rules has made it a favorite target for law enforcement agencies around the world. That's where this remote system, called Ripley, comes in. From spring 2015 until late 2016, Uber routinely used Ripley to thwart police raids in foreign countries, say three people with knowledge of the system. Allusions to its nature can be found in a smattering of court filings, but its details, scope, and origin haven't been previously reported. The Uber HQ team overseeing Ripley could remotely change passwords and otherwise lock up data on company-owned smartphones, laptops, and desktops as well as shut down the devices. This routine was initially called the unexpected visitor protocol. Employees aware of its existence eventually took to calling it Ripley, after Sigourney Weaver's flamethrower-wielding hero in the Alien movies. The nickname was inspired by a Ripley line in Aliens, after the acid-blooded extraterrestrials easily best a squad of ground troops. 'Nuke the entire site from orbit. It's the only way to be sure.'

Uber Used Another Secret Software To Evade Police, Report Says

Comments Filter:
  • If a mere remote network command can thwart police ... er, well, insert devastating finish here.
    • Re: (Score:3, Funny)

      by Anonymous Coward

      If a mere remote network command can thwart police...

      It was written by jerks and evil geniuses.

    • Alternatively, if a mere network command can brick Uber in a region ... er, well, insert devastating finish here.

  • by Opportunist ( 166417 ) on Thursday January 11, 2018 @11:55AM (#55908433)

    We'll take all the computers in your office. No evidence? Guess we'll return next week when you bought new equipment.

    By the way: Due to legal regulations, everything confiscated is forfeited. You pay your tax. One way or another.

    Welcome to Europe.

    • by Z00L00K ( 682162 )

      With no network connection it's not possible to do a remote access to log out the users.

      And if the visits are frequent enough then it would be pretty stressful.

      Remember that the tax authorities always are right even if they are wrong.

      • If they're already going to these lengths, a cellular modem would be easy to add to their arsenal. If the main Internet feed cuts out, ping HQ and send over ingress/egress security cam photos. They could still lock down.

    • Surprisingly, Europe has not yet annexed Canada.

      Well, surprising to you maybe. Not me. The Brits gave it up, the Crown not so much. And before you ask, Quebec isn't yet a part of France. Ask the French, and they will make it clear. Crystal. Clear.

    • Last time I looked Quebec was in North America.

    • by quarrel ( 194077 )

      Re: forfeited stuff

      Where in Europe is this the case?

      It certainly doesn't appear to be EU regulations. I know of lots of regulatory "raids" (you'd be amazed at the breadth of reasons that companies get raided, often not hanging or even moral-outrage stuff) and this isn't the general case.

      • Takes a bit of creative warrant writing, I give you that, but our judges generally know how to word it that you'll never see your computers again.

  • Annoying Trend (Score:3, Informative)

    by ScentCone ( 795499 ) on Thursday January 11, 2018 @11:59AM (#55908455)
    I'm seeing more and more references to "a software." Would you like to buy a software with your hardware? How will you be using your mobile device to update your time sheet ... will you be using a software? And, "Uber used another secret software." Ugh.
    • I have an information for you! Do you want a clothing with that? =ugh=
    • by OzPeter ( 195038 )

      I'm seeing more and more references to "a software." Would you like to buy a software with your hardware?

      Sure .. can you inbox me with the details?

  • by Anonymous Coward on Thursday January 11, 2018 @12:04PM (#55908483)

    Most tech companies don't expect police to regularly raid their offices

    Every non-government entity should treat the government as an adversary. Government agencies want to compromise everything.

    • by Opportunist ( 166417 ) on Thursday January 11, 2018 @12:09PM (#55908517)

      If your government is your adversary, I guess it's time to overthrow it and install one that is elected by the people for the people.

      Oh wait...

      • by Alypius ( 3606369 ) on Thursday January 11, 2018 @12:32PM (#55908745)
        We routinely describe our legal system as "adversarial" without rancor; it's the same reason why people are advised not to speak with investigators without legal counsel present.
        • In fact the very structure of our government, as chartered in the constitution, is as a three-way adversarial arrangement of checks and balances. It's by design.
          • by gfxguy ( 98788 )

            Constituents aren't part of the adversarial government triangle of checks and balances. At least, they're not supposed to be.

            Then again, even congress (senators vs. representatives) was supposed to be adversarial (not necessarily, but they were supposed to represent different entities). Things have greatly changed in the U.S. (and elsewhere, of course). Our constitution has been subverted to the point where I guess the government does consider us "adversaries." Given that point, I say "bully for Uber."

            • Constituents aren't part of the adversarial government triangle of checks and balances. At least, they're not supposed to be.

              Sure they are. Depending on the situation, a constituent might have the executive, or legislature, or courts working on their behalf "against" one or both of the other branches. You might have your congressional representative helping you out with the IRS, or you may ask the courts to help you out with something the executive branch is or isn't doing.

            • by anegg ( 1390659 )
              I don't know about your government, but the U.S. government was initially established with the expectation of an adversarial relationship between the government and the governed. The government was granted an enumerated list of limited powers, and (before too long) the constitution was amended with an explicit set of rights (the so-called "bill of rights") that although not intended to be a complete list of rights held by the people and the states apart from the federal government, captured a number of exp
      • No. We should try and neuter the current one first. Get it back to minding it's business, as intended.

        We know the euros don't understand 'limited government', don't care.

        • by Opportunist ( 166417 ) on Thursday January 11, 2018 @07:11PM (#55911939)

          We prefer to have a government that does its job. We understand that there are certain requirements for this to be possible. That means that taxes have to be paid to fund what they're supposed to do, and we also need to give them the ability to do it. It's pretty much the same that I'd expect to get at work. If I'm supposed to do a project, I need funding and I need the ability to command people to do what I need them to do to make the project work out. If I get neither money nor power, well, I will not be able to do my project, will I?

          Oddly it seems that in the US, the government is supposed to not do anything. At least when listening to people claiming that taxation is theft and that the police shouldn't have any kind of power. How the hell are they supposed to do their job if that's what you expect from them? So in return, they try to force this onto you, to take by force what's not given, so they can do what they perceive as their job. And they overdo it by quite a margin.

          Maybe that's the main difference. We try for cooperation, in the US, confrontation seems to be rather the norm.

    • by borcharc ( 56372 ) * on Thursday January 11, 2018 @12:11PM (#55908537)

      This could just be as easy a using desktop virtualization and pulling the plug on access when needed. Keep the servers backing it in a different, more friendly country. There is no reason to have any data on local computers.

    • by Flozzin ( 626330 )
      If you treat the government as an adversary, trying to undermine them, then I would say you are more of a parasite to the country. I see no reason for those types of companies to be dissolved. They want to take advantage of the government infrastructure and exploit its people but not give back their due. If you disagree with what a government does, you should not interact with them, or you should work to get the laws changed. They are instead just disregarding the portions of the law they do not like, and
      • "If you treat the government as an adversary, trying to undermine them, then I would say you are experienced in dealing with them."

        There, FTFY

      • by gfxguy ( 98788 )

        I have to agree with rickb928 - a lot of people have reached a breaking point with government taxes and rules and regulations. It's not that they don't want to pay anything at all (well, there is that, too), it's that it's gotten to the point where all the rules and tax laws have gotten too burdensome - and not just for companies, but for people. Consider that not only are you paying taxes, but the more complicated the laws get the more you have to pay accountants to figure it all out for you... the "burd

        • 99% of the "complexity" of regulations, is because business people are cheating bastards who spend more time thinking up ways to steal a dishonest buck than make an honest one, and the Government response to that.
      • by anegg ( 1390659 )

        I know people who failed to treat the government as an adversary, who were asked by the police to come in and talk to them, and who did so because they had "nothing to hide" and wanted to cooperate. They ended up in jail for the weekend (with no evidence to hold them but the police knew they couldn't get out until a court hearing on Monday and wanted to "soften them up" and try to wring a confession out of them) and although they ultimately prevailed in the legal battle, they lost their college degree (col

  • Uber. (Score:5, Interesting)

    by ledow ( 319597 ) on Thursday January 11, 2018 @12:08PM (#55908505) Homepage

    So... obviously they were sued for contributory acts towards the obstruction of justice, no?

    If not, why not?

    Literally, the guy who phoned it in has deliberately obstructed justice, whether or not the company policy says to do it, or whether the system is entirely operated remotely, or even whether the data asked for was to hand. You can go to jail for decades for that offence alone, whether or not anything is found, which would make anyone think twice about paging that number, no?

    I'm more concerned not that Uber did this (they're scumbags, we get the idea already), but that a manager would press it (and in Canada) at personal risk of imprisonment, and that no action was taken about it (whether or not they later provided the data).

    If you're trading in Canada, you're liable to their laws and they are able to seize related equipment and data with your co-operation or not, and performing a deliberate act with the express intention of removing said access can only be construed as obstruction of justice and/or contempt of court depending on the court order. It's not even "open to interpretation"... it's quite clear that the only reason to use a facility that cuts off the system should the police come knocking is to stop the police seeing things you don't want them to see but that they may well be otherwise entitled to see.

    Uber are scumbags because courts like this allow them to be.

    • Re:Uber. (Score:4, Insightful)

      by bluefoxlucid ( 723572 ) on Thursday January 11, 2018 @12:15PM (#55908571) Homepage Journal

      I've always defended Uber against accusations of not having insurance (they documented that every driver is covered by a $1M policy while driving for Uber) and against being treated as a taxi (in the same way GrubHub, Eat24, and Delivery.com aren't restaurants or delivery services, but a service connecting an independent delivery restaurant with an independent customer).

      Then, all kinds of bullshit started coming out of Uber.

      I still say Uber as a business model is fine and sensible: you're using their service whether you're a driver or passenger. Nobody is trying to drive a stake into Lyft these days for doing the same sort of business (well, almost nobody).

      I haven't come out to defend Uber in a long, long time because nobody's been attacking them based on what kind of business they want to pretend Uber is. Uber shit its own pants this time, and it never stopped shitting. Sexual harassment, corporate espionage, invasions of privacy, and now they've taken it all the way up to bona fide organized crime with countermeasures in place to impede investigators. They have a great business model, but they've ruined it with terrible business ethic.

      • Sexual harassment,

        Was anyone ever taken to court, charged and convicted of Sexual Harassment, or is this just another case of accusation and the label sticking?

        • It's a case of lots of complaints and circumstantial evidence from people testifying to the media, and the CEO at some point kind of suggesting he might step down because he let it go farther than it should. I think. So much of this shit has come through that I'm not 100% sure which specifics go where anymore, well aside from Uber's CEO mailing out to Corp-all that he's not allowed to have sex with anyone at company parties.

        • by Anonymous Coward

          Was anyone ever taken to court, charged and convicted of Sexual Harassment, or is this just another case of accusation and the label sticking?

          Yeah, because that's really an option for someone when Uber has a mandatory arbitration clause in their contracts disallowing you from taking your case to court. It makes a good soundbite to hollar "no court cases, no convictions, so innocent" but the reality is very different, and not just at Uber. If we ever get a government that cares about humans more than corpo

          • by gfxguy ( 98788 )

            You're wrong, though - you can put an arbitration clause in your contract for civil matters, but not criminal matters. Sexual harassment is a criminal offense.

          • Yeah, because that's really an option for someone when Uber has a mandatory arbitration clause in their contracts disallowing you from taking your case to court.

            If someone rapes or tries to rape you, no forced arbitration clause is going to prevent shit. (Unless the someone raping you is the government.)

          • Uber has a mandatory arbitration clause in their contracts disallowing you from taking your case to court.

            Err...that does NOT apply to criminal charges.

            Now, unless you are only looking to win $$ in a settlement and not have justice served, well, I think that speaks more about the alleged victim, doesn't it?

        • Dunno.

          DDG [duckduckgo.com] might know?
      • And in the midst of this, does Lyft have the same problems with government and such?

      • Same here. Uber is starting to look like scum, but I think the basic idea is still pretty damn cool.
    • Re: (Score:2, Insightful)

      by Anonymous Coward
      I don't know how it is in Canada but in the US a search warrant does not obligate you to preserve evidence or assist in the search in any way. Being served with a subpoena triggers a requirement to preserve evidence but a police raid is not a subpoena. Notifying the San Francisco main office that a raid is in progress isn't obstruction and the San Fran office is outside of Canadian jurisdiction anyway. I don't see how Canada could go after anyone unless their laws are nastier than I already understand them
    • The only problem is the authorities have to know if someone makes that call and who made it to prosecute. I guess if they have a stingray setup they can track every mobile call or text to see who did it if they use that kind of notification method. But then again it could be passed off as simple as someone talking to another office at the time the police arrive saying to the other end, "Oh the Police are here I better go see what's up". Or a simple IM sent to another office. The remote participant then
    • If you're trading in Canada, you're liable to their laws and they are able to seize related equipment and data with your co-operation or not, and performing a deliberate act with the express intention of removing said access can only be construed as obstruction of justice and/or contempt of court depending on the court order. It's not even "open to interpretation"... it's quite clear that the only reason to use a facility that cuts off the system should the police come knocking is to stop the police seeing things you don't want them to see but that they may well be otherwise entitled to see.

      Uber are scumbags because courts like this allow them to be.

      While I agree with you, as TFA points out there is a hazy line between obstructing justice and not allowing access to material not in the warrant; as it points out in other cases Uber complied with the warrant after they had a chance to review it. A warrant should not be grounds for a fishing expedition just as a company should be eld accountable if they destroy evidence once they know it may be part of an investigation.

      Doesn't mean Uber is not a bad actor but I do not think such things are cut and dry eit

    • An employee phoning head office to tell them the police have arrived is not a crime. It's perfectly reasonable behaviour. What the head office choose to do with that information is not the responsibility of the employee doing the phoning.

  • by Wrath0fb0b ( 302444 ) on Thursday January 11, 2018 @12:11PM (#55908531)

    Normally if police want records, they have to subpoena them and the company has a chance to contest the subpoena in front of a neutral judge. The judge can sustain the subpoena, quash it entirely or tweak just parts of it depending on their view of what is relevant to the ongoing investigation and any other claim of privilege. Most importantly, after any challenges are made and ruled on, the subpoena requires the positive action of the company to produce the responsive documents. The judge overseeing the case can penalize the company and the principles for not producing the records fast enough, for withholding responsive documents. This includes fines to induce compliance (usually a per-day fine) and contempt proceedings for gross misconduct.

    Increasingly, the police see all this judicial process as an impediment rather than part of working in a country that respects rule of law. So instead they get a warrant and try to seize all the records they want that way. A warrant is usually pretty broad ("any electronic devices capable of holding evidence" really means anything with a circuit board) and lets them shift through at their leisure. It's also something they can do and execute without notifying the company until it happens and litigate after the fact. But importantly, warrants (generally) do not require the company to actively assist anything. And if the police miss something relevant, that's on them, whereas in the subpoena case it's the company's responsibility to ensure that all responsive records are found.

    So there are tradeoffs: the warrant is quicker but doesn't guarantee that you'll get anything meaningful -- it just entitles the police to search/seize whatever they find. The subpoena can drag on in court, but once upheld requires the company to do the heavy lifting and deliver the responsive records directly to the police.

    [ And before we get all up about "Uber is evil" and so .., I'll just leave this here [youtube.com] ]

    • Increasingly companies with deep pockets can evade the law through continual delays, impediments, and endless appeals, twisting the law to delay justice until it is moot. If a company like Uber can delay their judgement day a few years through these vile tactics it lets them illegally get the leg up on competitors and an opportunity to lobby for rule changes or even stack a few legislatures with candidates more favorable to them. Basically illegal actors can stay solvent longer than justice can stay effec

      • Subpoenas have time limits associated with them. Judges can hand out sanctions for raising frivolous challenges or not responding in a timely manner.

        Remember that whatever rules you empower for the government to go after Uber, they can use to go after anyone else. That's the purpose of the quote from Bolt.

    • by hey! ( 33014 ) on Thursday January 11, 2018 @01:16PM (#55909131) Homepage Journal

      There is another salient difference between a warrant and a subpoena: a subpoena requires the cooperation of the target. The writ obtains that cooperation viathreat of punishment -- in fact that's the root of the word: sub poena -- under punishment.

      However that threat is empty if you're never caught.

      If subpoenas truly compelled a suspect to turn over evidence, you'd never have to do anything like a high stakes drug raid. You'd simply have the court issue a writ ordering the suspect to turn over all the drugs and related records and wait for your evidence to show up at the court on the appointed date.

      So the choice of search warrant and subpoena in the case of a company like Uber depends on your estimate of their willingness to risk defying the law.

    • In this modern world going to a judge and contesting a subpoena pretty much guarantees data being deleted, purged, or just modified.

      A proactive collection followed by challenges is common unless you're politically connected.

    • by Kohath ( 38547 )

      In this time of NSA snooping and privacy concerns, its amazing to see so many people siding with police raiding people and seizing documents by the millions to fish for evidence.

      What was Uber's great crime again? Giving people car rides for money? What kind of person thinks heavy-handed government raids to interfere with car rides are legitimate and just?

    • They're Used to seize evidence when police have a reasonable expectation evidence would be destroyed if subpoenaed. It's up to a judge to decide if that expectation is warranted (pun not intended). In Uber's case we now have definitive proof that they intended from the get go to destroy evidence. They'd built an entire business process around it.

      If we take your ideas to their logical conclusion police lose search warrants as a tool and must rely on subpoenas. But if they're not allowed to do a forceful
    • by Pascoea ( 968200 )

      Their tactics would lead a person to believe that this is some lawmaker looking to make life difficult for uber. Had they subpoenaed records it would be a pain for Uber to collect what was demanded, but their operations would continue. If the police use a warrant to "collect evidence" (IE every computer, phone, tablet, etc.) that sure as hell would slow them down for a while.

      From a legal perspective, if the police come barging through my front door demanding my phone I don't believe I'm required to unlock

  • by nospam007 ( 722110 ) * on Thursday January 11, 2018 @12:18PM (#55908601)

    Did you think PriceWaterhouse et al would just give you everything just because some lowly policeman has a piece of paper?
    They protect their clients with teeth and nails, like everybody.

    • Accounting does NOT have an equivalent of attorney-client privilege. So yes, I would expect that PW would hand over everything with a proper documentation and then challenge it after the fact.
      • Re: (Score:2, Informative)

        by Anonymous Coward

        Subpoenas require you to hand over evidence, this was not a subpoena. This was a warrant, you are not required to assist with a warrant. So no, PW would not "hand over everything" for a warrant. The cops have to come and get it. If all the computers are locked, they are on their own getting it.

        There is a big difference.

        • Excellent. And we've come full circle, where this is a similar argument for or against encryption. The difference is, can the corporation (or individual, actually) delete data upon being served a warrant, or are they immediately guilty of obstruction etc. because they were aware of the warrant? Are they under any obligation to NOT destroy evidence when asked for it?

          I'm even more glad I'm not a lawyer.

          • They can delete up on being served a warrant. They absolutely cannot upon being given a subpoena.
  • They won (Score:4, Interesting)

    by rsilvergun ( 571051 ) on Thursday January 11, 2018 @12:27PM (#55908687)
    they managed to evade labor law long enough to get entrenched, buy off the necessary politicians and win. Nobody discusses forcing them to comply with minimum wage law. Nobody mentioned that there are millions of commercial drivers without the necessary insurance to protect passengers. No unemployment insurance, no OSHA. Nobody making sure their drivers don't work 30 hours straight off amphetamines, only the most casual background checks....
    They've managed to erode several hundred years worth of hard fought worker & consumer protections in about 20 years...
    • by ghoul ( 157158 )

      20 years? Try 10

    • Re: (Score:2, Flamebait)

      by Kohath ( 38547 )

      Which is excellent. Someone finally beat the corrupt self-dealing government insiders at their own game. Cheers to Uber. Most of the world is now free to give others car ride for money. Uber won that freedom for us all.

      • when you're earning $1/hour living in a shanty town. Yeah, yeah, you'll run your own business. It'll get run out of business by mega corps who can undercut your prices. Then you'll go to work for one of those mega corps for enough food to make it through the day...
    • Good point. All the negativity around Uber lately has completely centered on things that can be blamed on the ex-CEO, while the company moves forward making tons of money.
  • by supernova87a ( 532540 ) <kepler1@@@hotmail...com> on Thursday January 11, 2018 @12:32PM (#55908743)
    When exactly does it become obstruction of justice? After you're informed and instructed not to interfere with an investigation? Or before?

    If you delete a file on your laptop in the course of a normal day that no police is interested in, clearly that cannot be obstruction of justice. Even if 2 weeks later someone tells you that file was relevant to some investigation.

    If you actively push a police investigator with a valid warrant away from your computer and type a command to erase the laptop, clearly that could be called obstruction of justice.

    Now, how about if you erase your file after you read in the news that your general industry is being investigated for some wrongdoing? How about as you see the police pull up to your house? They haven't given you any notice that your files are of interest to "justice". How about as they knock on the door?

    Where is the line drawn?
    • Re: (Score:2, Interesting)

      by Anonymous Coward

      The law actually does define it quite clearly in all of your clear cut examples.

      Intent.

      If you delete a file because you no longer need it and it's uglying up your desktop, then you've committed no crime. If a LEO comes knocking and you delete it because you don't want them to find it, congrats, you're going to jail if they find out. If you read about your industry getting investigated and delete it because you're done with it, you're fine. If you read about your industry getting investigated and delete i

      • If you read about your industry getting investigated and delete it "just in case we get investigated and we really don't want them to find it", congrats, you're going to jail if you get found out.

        Nope, that's legal too. Plenty of places destroy business records so they can't be subpoenaed. Libraries started destroying patrons' borrowing records when the FBI started to come calling for them.

        The only time you get into legal trouble for destroying records is _after_ you've been asked for them (legally).

  • Anytime the blood sucking leeches who contribute nothing are thwarted, I cheer.

  • The summary reports, "The investigators left without any evidence." They had a warrant, they could have grabbed the physical machinery. Depending on the type of data, they could have compelled the company to turn over access methods... Why no evidence?

    Ah.

    Because what they wanted was not physically present in the jurisdiction the warrant was issued in. They were trying to gain legal-on-their-side but likely considered unauthorized use and access of the company's intranet via an employee's existing login session. Like how some people might consider it totally fair to send themselves a copy of all the email you've ever sent because you left your phone unlocked or a browser open.

    This is all based on an assumption, but I can't think of anything else that fits the bill. If so, that's pretty shady work on the part of the police. Replace 'Quebec' with any other country, or Uber with any other corporation (or agency) and the justification falls apart.

    * It was okay for the _Foreign Government_ to access all the _Domestic Government agency emails_ because they (legally) confiscated a laptop that was still logged in.
    etc.

    You might think this is the right thing to do when the target is someone you feel is morally bankrupt, like drug dealers, terrorists, uber, or westboro baptists, but that justification can just as easily be used by bad actors against peaceful protestors, political opponents, spouses, and so on.

    I'd be more surprised if something like this isn't widely set as policy in any multinational company, especially those with subtle or overt government pressure against them or their country of origin. It's just good policy.

  • ... like a two-bit criminal organization but instead of keeping their records out of the law's hand by igniting old-fashioned flash paper they're written on with a cigarette, they're using a digital equivalent by killing all the logins to Uber headquarters from the office that's called in. I can't see this scheme working for much longer.

I judge a religion as being good or bad based on whether its adherents become better people as a result of practicing it. - Joe Mullally, computer salesman

Working...