It’s no secret that Uber has a sometimes tense relationship with policymakers around the world; much of the San Francisco ride-hailing company’s explosive rise has been attributed to its willingness to defy regulation. But now it seems that in some places, Uber may have resorted to extraordinary measures to identify and defeat law enforcement officers in a years-long game of cat and mouse.
In what some employees have questioned as an ethically and legally murky maneuver, Uber has mined some customers’ geolocation data, credit card information, app usage habits and social media profiles to determine whether they may be working for city governments or rival ride-hailing services or intend to harm Uber drivers, according to a report by the New York Times.
The program, code-named Greyball, surfaced in 2014 when Portland, Ore., officials posing as regular customers tried to request rides on Uber to gather evidence that the company was operating illegally in the city, according to the report. But rather than procuring a driver for the “customer,” the service showed officials a fake version of the app with drivers who didn’t really exist. Any drivers who did respond would quickly cancel the rides, sometimes through direct intervention from Uber itself via phone calls to a driver who had mistakenly picked up a fake fare.
“This program denies ride requests to fraudulent users who are violating our terms of service,” said Uber in a statement, “whether that’s people aiming to physically harm drivers, competitors looking to disrupt our operations, or opponents who collude with officials on secret ‘stings’ meant to entrap drivers.”
The report on Uber’s covert activities is the latest blow for a company that has suffered a growing backlash in recent weeks. It adds to accusations of sexual harassment by a former engineer, widespread defections by customers upset over Chief Executive Travis Kalanick’s handling of the company and an apology by Kalanick after a video showed him getting into an argument with an Uber driver about driver wages.
Greyball reportedly began as a tool to flag abusive riders in countries where violence against Uber drivers is common. But the company eventually discovered its utility as a way to identify problematic government officials, the report said. To determine whether a user warrants special treatment, Greyball reportedly looks at roughly a dozen factors, such as whether a customer who spends a lot of time around government buildings frequently opens and closes the app.
This would not be the first time Uber has covertly taken aim at rivals; the company was said in 2014 to have engaged in corporate warfare with its U.S. competitor Lyft by secretly poaching Lyft’s drivers. It has also run grass-roots organizing campaigns designed to influence state legislatures. In other cases, Uber executives have suggested digging up opposition research on journalists to get its way, and another information-gathering tool named God View enabled Uber to track the locations of its users without their knowledge.
In Portland, officials sought to gather evidence for Uber’s illegal operations by having the authorities request rides on the app. But, having been flagged by Greyball, law enforcement officials were left hanging — the fake version of the app failed to get them any rides. Soon after, the city began to allow Uber to operate legally in the city.
“Greyballing is an acceptable business risk in the poorly governed realm of cyberspace,” said Kenneth Geers, a former analyst at the National Security Agency and a senior research scientist at Comodo, a global cybersecurity firm.
But unlike its other efforts at shaping policy, Uber’s Greyball appears to be a far more technologically sophisticated and systematic approach to outmaneuvering the opposition. And it may be one of Uber’s most closely held trump cards.
Now that policymakers are aware of Greyball, other analysts say, they could take steps to make the tool illegal — forcing Uber to adapt again in its push to expand into new markets.
Fung writes for the Washington Post.