System called Ripley was reportedly used at least two dozen times in 2015 and 2016, including once to prevent tax investigators from collecting evidence
Uber developed a secret system called Ripley that would lock down staff computers in the event of a police raid, preventing officials from accessing company data.
The ride-sharing company used Ripley at least two dozen times in 2015 and 2016 in countries including Canada, the Netherlands, Belgium, France and Hong Kong, according to Bloomberg.
In one case Ripley was deployed to prevent Canadian tax investigators, who believed Uber had violated tax laws, from collecting evidence even though they had a warrant. As soon as they burst into the Montreal office, Uber staff paged the headquarters in San Francisco who remotely logged everyone in that office off their devices.
Uber first developed the system, initially called the “unexpected visitor protocol”, after a police raid in its Brussels office, where Belgian law enforcement officers accessed the company’s financial documents, payments system and worker data. A court order subsequently forced Uber to shut down its service for operating without proper licenses.
It was nicknamed Ripley after a line spoken by the protagonist in the Alien movies, who decides that the only way to destroy all the murderous extraterrestrials is to destroy their entire habitat. “I say we take off and nuke the entire site from orbit. It’s the only way to be sure,” she says. The line has been reappropriated by information security teams to describe an extreme response to a detected threat.
Uber downplayed the tool and said it was common practice to have such software to remotely change passwords or lock devices in the event they were lost or stolen.
“Like every company with offices around the world, we have security procedures in place to protect corporate and customer data,” said an Uber spokeswoman. “When it comes to government investigations, it’s our policy to cooperate with all valid searches and requests for data.
After the Montreal raid, a judge in the subsequent tax lawsuit wrote that Uber’s actions showed “all the characteristics of an attempt to obstruct justice” and that the company was trying to hide “evidence of its illegal activities”. Uber granted access to the relevant files once issued with a second, more specific search warrant.
Timeline
A timeline of Uber’s terrible year
Uber’s decision to lift surge pricing during a New York taxi drivers’ work stoppage in protest of the Trump travel ban prompts a viral #DeleteUber campaign.
Former Uber engineer Susan Fowler publishes a blog post with allegations of widespread sexual harassment and gender discrimination.
The New York Times exposes Uber’s use of Greyball, a tool to systematically deceive authorities in cities where Uber was violating local laws.
Uber admits it has for years been underpaying New York City drivers by tens of millions of dollars.
Uber fires 20 employees following the conclusion of an investigation into sexual harassment and workplace culture.
Uber is sued by an Indian passenger who was raped by an Uber driver after reports reveal that a top executive had obtained the woman’s medical records, allegedly in order to cast doubt upon her account.
CEO Travis Kalanick resigns.
The Wall Street Journal reports that Uber had rented fire-prone cars to drivers in Singapore, despite knowing that the vehicles had been recalled over serious safety concerns.
Uber loses its license to operate in London due to a lack of corporate responsibility. The company is appealing the decision.
Uber admits concealing a 2016 breach that exposed the data of 57 million Uber customers and drivers, failing to disclose the hack to regulators or affected individuals. The company paid a $100,000 ransom to the hackers to destroy the information and keep the breach quiet.
Albert Gidari, director of privacy at Stanford Law School’s Center for Internet & Society, added that companies often protect networks and computers against dawn raids where the scope of authority is in question and the data to be seized is in another jurisdiction.
“If a company centralises its business data in country X and the authorities in country Y raid the local office and try to access that data through computers at employee desktops, that’s a cross-border search,” he said. “It also generally may permit access to areas and data not covered by any warrant.”
Ryan Kalember from cybersecurity firm Proofpoint added that although it is standard practice to be able to remotely lock all systems or wipe data from devices, it’s less typical to develop a specific tool and to give it such an evocative name. “That’s the only strange thing here to me,” he said.
Even so, Uber has a history of developing tools to evade regulators, some of which are facing criminal investigations in the United States. Federal investigators are looking into a tool called Greyball, which was used to ensure drivers wouldn’t pick up law enforcement officials in cities where its service violated regulations and another code-named “Hell” which was designed to track the drivers at rival Lyft.
Read more: www.theguardian.com
