Uber’s cloud technology use for a ‘God view’ was exciting to experience among its employees. With every innovative creation there is always the bit of excitement and a bit of dreaming of the capability devoid of cognition for security and for its ramifications. To insert concepts of security and considerations of ramifications is a downer, watering out the limitless dream of innovation. One can fathom how excited the engineers were to have the technological ability to employ a ‘God view’ to track users, their location, trajectory of travel, and rider history log, along with riders’ personal information. This feature and use was revealed by one of Uber’s managers to a journalist.
The New York Attorney General’s office started an investigation into, not into the ‘God view’ technology but into the security policies of the company. A security breach in late 2014 had exposed the data of over 50,000 Uber drivers throughout the U.S. Uber’s data security breach followed a report on Buzzfeed which stated that an Uber executive claimed to have used a “God view” technology program that helps track the vehicles and that it tracked its reporter’s ride without permission.
Subsequently the Senate Subcommittee on Privacy, Technology, and the Law, upon looking into Uber’s privacy policies, New York AG conducted an investigation November 2014. How Uber managed the collected data regarding customer emails, names, addresses, phone numbers, and credit card information was now being looked into. The innovative use of technology was giving Uber the ability to track in real time the GPS location of the vehicle in use.
Uber has caught the world by storm with its users able to book a taxi ride through its mobile application. Gone is soon to be the day that one stands along the street to hail a cab. The function is now used in over 50 countries and over 250 cities. This has caused municipal entities and taxi firms firing out lawsuits to stop Uber’s spread.
However, an external source entered Uber’s third-party cloud storage database and acquired Uber user and driver information. The access to the cloud storage database was available as well to Uber employees. Also, Uber did not timely inform drivers and users of its data breach. Over a year’s worth of investigating Uber has ended with a settlement that has resulted in a $20,000 fine, but with stipulated conditions.
Similar to Wyndham, as previously commented, who entered into a series remedial stipulations, Uber agreed to maintain more secure standards for collected data. It stipulated to encrypt the real-time transit information, sort of limiting the access to the ‘God view’ others in company had. It agreed as well to store the GPS location data in a password protected environment.
It is now obliged to restrict access to the ‘God view’ tool by implementing diligent privacy and security practices, coupled with innovative genius of password protection, encrypting transit data of users and drivers, and foremost, using multi-step process for authenticating valid user access. Moreover, Uber under advice of counsel will be emphasizing employee accountability with the implementation of training on security guidelines and installing a data retention policy. The emphasis among many FTC highlighted guidelines will be the principle of transparency, governance, internal access controls, and scheduled monitoring of the company’s privacy program and external source applications, i.e., Android.