Uber's first-ever transparency report, released Tuesday, reveals that in the second half of 2015 alone, the popular ride-sharing app handed over information affecting more than 12 million riders and drivers to a number of U.S. regulators, and shared data about more than 400 users with federal and state law enforcement agencies.
In a blog post, the company said that while it had complied with the majority of law enforcement requests, it also pushed back on the scope of the regulatory inquiries from entities ranging from port officials to taxi commissions to utility regulators:
Of course regulators will always need some amount of data to be effective, just like law enforcement. But in many cases they send blanket requests without explaining why the information is needed, or how it will be used. And while this kind of trip data doesn’t include personal information, it can reveal patterns of behavior—and is more than regulators need to do their jobs. It’s why Uber frequently tries to narrow the scope of these demands, though our efforts are typically rebuffed.
As Andrew Crocker, a staff attorney with the Electronic Frontier Foundation in San Francisco, told the San Jose Mercury News: "I think it's always concerning when location data and other possibly identifying data is being shared by third parties about you."
Meanwhile, Quartz explained how the revelations raise "real privacy concerns."
"In New York City, for example, the taxi commission periodically releases a summary of the data it collects, and the details could be obtained through a public records request," reporter Alison Griswold wrote. "In theory, an enterprising individual could cross-reference that information against addresses to figure out who's requesting an Uber and when. In cities where Uber is required to provide end-to-end trip data, you could hypothetically track a person's travel."
Uber said it had not received any national security letters or orders under the Foreign Intelligence Surveillance act.
But as the Guardian pointed out, its inclusion of that information—a so-called "warrant canary"—could be important in the long run. "Such generally secret government data requests often come with a gag order," the newspaper explained. "If Uber ever does receive such a request in the future it would, in theory, remove the language."
