Uber Avoids Federal Prosecution Over 2016 Breach of Data on 57M Users (reuters.com) 16
"Uber has officially accepted responsibility for hiding a 2016 data breach that exposed the data of 57 million passengers and drivers..." reports Engadget.
Reuters explains this acknowledgement "was part of a settlement with U.S. prosecutors to avoid criminal charges." In entering a non-prosecution agreement, Uber admitted that its personnel failed to report the November 2016 hacking to the U.S. Federal Trade Commission [for nearly one year], even though the agency had been investigating the ride-sharing company's data security... U.S. Attorney Stephanie Hinds in San Francisco said the decision not to criminally charge Uber reflected new management's prompt investigation and disclosures, and Uber's 2018 agreement with the FTC to maintain a comprehensive privacy program for 20 years.
The San Francisco-based company is also cooperating with the prosecution of a former security chief, Joseph Sullivan, over his alleged role in concealing the hacking.
Here's what the Department of Justice is now alleging against that security chief (as summarized by Reuters last month: "he arranged to pay money to two hackers in exchange for their silence, while trying to conceal the hacking from passengers, drivers and the U.S. Federal Trade Commission."
That's led to three separate wire fraud charges against the former security chief, as well as two charges for obstruction of justice. The defendant was originally indicted in September 2020, and is believed to be the first corporate information security officer criminally charged with concealing a hacking. Prosecutors said Sullivan arranged to pay the hackers $100,000 in bitcoin, and have them sign nondisclosure agreements that falsely stated they had not stolen data.
Uber had a bounty program designed to reward security researchers who report flaws, not to cover up data thefts.... In September 2018, the San Francisco-based company paid $148 million to settle claims by all 50 U.S. states and Washington, D.C. that it was too slow to reveal the hacking.
Reuters explains this acknowledgement "was part of a settlement with U.S. prosecutors to avoid criminal charges." In entering a non-prosecution agreement, Uber admitted that its personnel failed to report the November 2016 hacking to the U.S. Federal Trade Commission [for nearly one year], even though the agency had been investigating the ride-sharing company's data security... U.S. Attorney Stephanie Hinds in San Francisco said the decision not to criminally charge Uber reflected new management's prompt investigation and disclosures, and Uber's 2018 agreement with the FTC to maintain a comprehensive privacy program for 20 years.
The San Francisco-based company is also cooperating with the prosecution of a former security chief, Joseph Sullivan, over his alleged role in concealing the hacking.
Here's what the Department of Justice is now alleging against that security chief (as summarized by Reuters last month: "he arranged to pay money to two hackers in exchange for their silence, while trying to conceal the hacking from passengers, drivers and the U.S. Federal Trade Commission."
That's led to three separate wire fraud charges against the former security chief, as well as two charges for obstruction of justice. The defendant was originally indicted in September 2020, and is believed to be the first corporate information security officer criminally charged with concealing a hacking. Prosecutors said Sullivan arranged to pay the hackers $100,000 in bitcoin, and have them sign nondisclosure agreements that falsely stated they had not stolen data.
Uber had a bounty program designed to reward security researchers who report flaws, not to cover up data thefts.... In September 2018, the San Francisco-based company paid $148 million to settle claims by all 50 U.S. states and Washington, D.C. that it was too slow to reveal the hacking.
Cooperation Means Getting Off (Score:4, Insightful)
I need to incorporate.
"Yes, ma'am. I talked with the other voices in my head, and we did an investigation. Totally did it. But here is our report. Just let us know. Hope you like the pie. Have a good day!"
--
Laughter is the closest distance between two people. - Victor Borge
Re:Cooperation Means Getting Off (Score:4, Interesting)
I need to incorporate.
It is easier than you think. You can incorporate online in 30 minutes for about $200.
My spouse and I are incorporated in Delaware, Nevada, and the Cayman Islands.
We incorporated in Nevada back in the good ol' days when bearer shares were still legal. Alas, they were banned in 2007 under pressure from the feds, so Nevada is no longer the capitalist utopia it once was. But it is still one of my favorite states.
The Cayman Island corporation is a great place to park IP such as trademarks and copyrights that we license back to ourselves. We can also take a cruise that stops in George Town and write the trip off as a board of directors meeting expense.
Re: (Score:3)
The Cayman Island corporation is a great place to park IP such as trademarks and copyrights that we license back to ourselves. We can also take a cruise that stops in George Town and write the trip off as a board of directors meeting expense.
So it's a tax dodge, is what you are saying. Licence your own IP back to yourself and pay royalties that eat up your taxable profits. Write of holidays as business trips, reducing your tax burden in the process.
Re: (Score:2)
If everything ShanghaiBill is doing is within the law and passes scrutiny of the IRS...then there is nothing to see so MOVE ALONG.
Laws cannot be so narrowly tailored in the USA as to target a specific individual. Those laws would have to target a defined group.
In this case that defined group involves the rich & powerful...the ELITE so you know those laws have a snowball's chance in [blank] of being changed.
Re: (Score:3)
There is legal and there is moral. In any case, I was hoping to get a response from Bill to see what he thought about it, e.g. if the rules should be tightened up. The rules he makes use of only help people who have incorporated, ordinary salaried employees can't make use of them.
Re: (Score:2)
There is legal and there is moral.
I don't feel any "moral" obligation to pay taxes beyond the legal minimum. My spouse has her own business, and more retained profit means she can hire more people. She can "create jobs" far more efficiently than the government can. We donate to targeted charities that are working on permanent solutions to problems and are audited. The more we keep, the more we can help. I feel no particular obligation to give extra money to the MIC [wikipedia.org] or pay for corn subsidies.
Just for comparison, how much extra money do you
Re: (Score:2)
I am salaried so I pay a lot of tax. In fact right now we have the highest tax level since WW2, mostly because the government stole tens of billions during the pandemic and botched the response to it, and now with brexit on top our economy is tanking.
Obviously I object to the way that my taxes are being pissed away or used as bribes for Tory donors, but I'm not going to optimise my tax liability.
Re: Cooperation Means Getting Off (Score:2)
Re: (Score:2)
Re:Sounds like scapegoating to me (Score:4, Insightful)
A CEO that knows what that security chief would transfer 100k for and wants to have plausible deniability.
Try that next time you're in court. (Score:4, Insightful)
"Ok, fine, I admit I killed my wife. I paid 100 grand, too. Are you satisfied, can I go home now?"
The law's been warped for a while now (Score:1)
Why is it Uber's fault that some hacker managed to gain access? That would be like blaming Walgreen's for the San Francisco shoplifters stealing stuff e.g. drug precursors. It sounds to me like the Justice Department realizes that prosecuting and convicting actual criminals is hard but they have to be seen to be "doing something" in the same way that politicians don't give a rip if the laws they write are effective or not as long as they can tell their constituents that they "did something" when it comes