Uber stirred up some controversy with its “God View” technology, which allowed Uber employees to track individual riders in real-time using their private information. The company paid its dues in a settlement back in January, though the company assured users that its policies are strict and prevent employees from committing such actions, barring limited exceptions.
According to ex-Uber employee Ward Spangenberg, however, those assurances were part of a fallacy perpetuated by Uber to give the impression that the company was being responsible. Spangenberg, who was brought into the fold to help develop security procedures and systems, wrote in a court declaration that there were security vulnerabilities that resulted in Uber keeping track of individual riders.
“Uber’s lack of security regarding its customer data was resulting in Uber employees being able to track high profile politicians, celebrities, and even personal acquaintances of Uber employees, including ex-boyfriends/girlfriends, and ex-spouses,” Spangenberg wrote.
Spangenberg’s allegations of security lapses were backed up by five former Uber security professionals, who allege that “thousands” of Uber employees could get information about where and when a customer travels. In other words, even though Uber assured its users that employees could not access such specific information, the former security professionals said employees had general access to such data.
In addition to its security lapses, Spangenberg also alleged that Uber encrypted its computers to give authorities a hard time and deleted files it was legally obligated to keep. The former employee allegedly brought all of this to Uber’s attention, only for the company to fire him 11 months after his March 2015 hiring.
Spangenberg is not only suing Uber for what he believes is retaliation on the company’s part, but also for alleged age discrimination.
“Uber continues to increase our security investments and many of these efforts, like our multifactor authentication checks and bug bounty program, have been widely reported,” Uber said in a statement to The Verge. “We have hundreds of security and privacy experts working around the clock to protect our data. This includes enforcing to authorized employees solely for purposes of their job responsibilities, and all potential violations are quickly and thoroughly investigated.”
The allegations come at a bad time for Uber, which faces pressure over its self-titled app’s newest surveillance feature, which can track a rider’s location before and after rides. Furthermore, if the allegations are proven true, they could violate Uber’s settlement with New York Attorney General Eric Schneiderman, whose representative confirmed his office is “looking into it.”
