Ward Spangenberg is suing Uber. He’s a former information security manager for the ride-sharing giant, and he’s blowing the whistle: Spangenberg claims Uber employees violated user privacy by routinely tracking their whereabouts. Technicians used the proprietary “God View,” and other private information, to stalk high-profile celebrities (Beyoncé, for one), politicians, ex-boyfriends, ex-girlfriends, and ex-spouses. And whoever else they so wished to locate and track.
Five ex-Uber security professionals gave further credence to Spangenberg’s story, Reveal reports. The privacy violations date back to 2014, when various news outlets first exposed Uber’s God View — a map that enabled Uber employees to surveil drivers and passengers in real time.
After joining the small security team in March, 2015, Spangenberg attempted to patch these weaknesses, and “frequently objected to what he believed were reckless and illegal practices,” Reveal reports. So, in February, Uber fired him.
Now, the 45-year-old is suing the company for both age discrimination and whistleblower retaliation, reports Reveal, which is the Center for Investigative Reporting’s online publication. In his declaration, he states that Uber’s security weaknesses enabled people to “track high profile politicians, celebrities, and even personal acquaintances of Uber employees,” which constituted “a violation of governmental regulations regarding data protection and consumer privacy rights.”
Uber collected data regarding every ride a user requested, their username, the location the ride was requested from, the amount they paid, the device used to request the ride (i.e., iPhone, Droid, etc.), the name and email of the customer, and a myriad of other data…
Spangenberg included a document collating all the data Uber had harvested about him, which shows the extent of these privacy breaches. He also alleged that driver information was particularly vulnerable, and that Uber would remotely encrypt computers to cover its tracks and preclude any and all government investigations. (“Uber would lock down the office and immediately cut all connectivity so that law enforcement could not access Uber’s information,” he wrote.)
Uber claims that it has since made up for these vulnerabilities, but five former internal security professionals disagree. In May, the Electronic Frontier Foundation claimed Uber was trustworthy. After these revelations, EFF may need to reassess that judgment.
Next time you’re looking for a ride, maybe stick with a taxi or your friendly neighborhood car service. Or hold out for the Tesla Network. And if you’re an Uber driver, maybe — for starters — don’t participate in its facial recognition program.