Uber's secret Greyball program tracks cops, avoids authorities

Summary: The secretive system uses data and other techniques to ferret out cops and root out anyone who may do the service harm.

An internal program used by Uber for years to dance around the police in areas where the ride-hailing service was frowned upon has been exposed.

In cities such as Boston, Las Vegas, and Paris, alongside countries including China and South Korea, Greyball is used as part of the violation of terms of service (VTOS) program which Uber created in 2014 to ferret out and black-mark anyone that may be a threat to the firm.Dubbed Greyball, Uber's program uses data analytics and a myriad of other tactics to avoid the authorities in places where the service is resisted by law enforcement or banned outright, according to the New York Times.
Predominantly used in the US, Greyball first came to light in the same year when investigators began to hail rides using the Uber app to build a case against the company. One such investigator, Erich England from Portland, Oregon, found his ride requests were swiftly canceled after being submitted.
England, alongside many others, were tagged with a small piece of code which read "Greyball." To stop them using the service and building up evidence which could be used to support the case for banning Uber in the area or completing suspected sting operations, when a ride was hailed by a "Greyball" account, the company served up a fake version of the app complete with ghost cars to frustrate them and leave them standing on the sidewalk.
If a suspect user remained in question, the company would also reportedly look at user credit card information to determine whether the rider's financial details were linked to institutions of interest, such as police credit unions, as well as investigate individuals through social media networks.
When large-scale sting operation and trap were being laid, enforcement officials would sometimes visit local electronics stores and buy up dozens of cheap smartphones to create new accounts.
Uber employees caught wind of this tactic and in response would go to the same stores and look up the device numbers of the cheapest models on offer, which would, in turn, be used to track suspect Uber accounts.
Uber says that these tactics started as a way to thwart competitors and stay in business in areas where there are not clear ride-sharing and booking laws, where officials would sometimes attempt to catch and impound Uber vehicles.
However, once employees realized these tactics could also be used to dance around regulators and law enforcement, Uber engineers created a handy tactical guide and gave copies to managers in over a dozen countries.
Uber has faced a long, uphill struggle to expand -- but despite constant battles with city officials, regulators, and court cases brought forward by traditional taxi firms, Uber has still managed to attain a valuation of $68 billion.
However, using data analysis and other methods to unveil potential investigators and prevent them from using the service at all may skirt both moral and legal boundaries, despite Greyball being approved by Uber's legal team.
Peter Henning, a legal expert consulted by the Times, believes that the program could have violated the US Computer Fraud and Abuse Act or may be considered "intentional obstruction of justice."
"This program denies ride requests to users who are violating our terms of service -- whether that's people aiming to physically harm drivers, competitors looking to disrupt our operations, or opponents who collude with officials on secret 'stings' meant to entrap drivers," Uber said in a statement.
In related news, last week a security researcher revealed the existence of a bug in Uber systems which could be exploited to book and enjoy rides without ever paying for them -- and it took nothing more than a simple code tweak

Comments

Popular Posts

Hacker steals data of millions of Bulgarians, emails it to local media

​Linux totally dominates supercomputers

Microsoft tries to stem its self-made collaboration-tool confusion