Cab startups former forensic investigator Samuel Ward Spangenberg claims he was fired from the company after blowing whistle on lack of security

Uber employees regularly abused the companys God view to spy on the movements of high-profile politicians, celebrities and even personal acquaintances of Uber employees, including ex-boyfriends/girlfriends, and ex-spouses, according to testimony from the companys former forensic investigator Samuel Ward Spangenberg. Even Beyoncs account was monitored, the investigator said.

Spangenberg, who is suing the minicab company alleging age discrimination and whistleblower retaliation, made the claims in a court declaration in October. He says he told Uber executives including the companys head of information security, John Flynn, and its HR chief Andrew Wegley, of his concerns around the lack of security, and was fired 11 months later.

As well as a lack of oversight regarding customer data, Spangenberg alleges numerous other ethical breaches at Uber. The company stored driver and employee information in an insecure manner, he says, while it operated a vulnerability management policy which allowed data to be stored that way if the company deemed there to be a legitimate business purpose for doing so.

The
Uber said it continues to increase our security investments and many of these efforts, like our multi-factor authentication checks and bug bounty program, have been widely reported. Photograph: Carl Court/Getty Images

In his testimony, given under penalty of perjury, Spangenberg also objected to Ubers protocols to deal with raids on its offices a relatively common occurrence at the company, which has been frequently criticised for riding roughshod over local regulations.

As part of Ubers incident response team, I would be called when governmental agencies raided Ubers offices due to concerns regarding noncompliance with governmental regulations, Spangenberg said. In those instances, Uber would lock down the office and immediately cut all connectivity so that law enforcement could not access Ubers information. I would then be tasked with purchasing all new equipment for the office within the day, which I did when Ubers Montreal office was raided.

Spangenbergs allegations were reported by the Centre for Investigative Reportings (CIR) Reveal project, but it isnt the first time Uber has been accused of mistreating customer data. In 2014, Buzzfeed revealed the existence of the God View tool, after Ubers New York general manager discussed using it to track a reporters journey. The tools existence appears to date back to 2011, when venture capitalist Peter Sims says he was tracked by a visitor to Ubers Chicago offices, where the God View data was shown on a large public screen.

In a statement given to a number of media outlets, Uber said it continues to increase our security investments and many of these efforts, like our multi-factor authentication checks and bug bounty program, have been widely reported. We have hundreds of security and privacy experts working around the clock to protect our data. This includes enforcing to authorised employees solely for purposes of their job responsibilities, and all potential violations are quickly and thoroughly investigated.

Spangenberg told CIR that Uber had increased security provisions during his time there, as well as renaming the tool Heaven View. Uber confirmed that some employees fewer than 10 had been fired for abusing the tool, and said that it needs to provide relatively widespread access for a number of reasons, including refunding customers and investigating accidents. To prevent spying on celebrities, Uber implemented a flag for searches for customers considered MVP, but Spangenberg pointed out that that did nothing to protect non-MVPs.

The news comes just two weeks after Uber updated its app to increase the amount of location information collected about users. The company said the new collection practices, which continue to send the users location for five minutes after they are dropped off, would be used to improve drop-offs and pick-ups, but it faced a backlash from users worried about the increased permissions.

Read more: www.theguardian.com