
Three Uber security managers resign after CEO criticizes practices - petethomas
https://www.reuters.com/article/us-uber-executives/three-uber-security-managers-resign-after-ceo-criticizes-practices-idUSKBN1DV5SD?il=0
======
WisNorCan
I wonder when Dara (CEO) will start being held accountable for Uber. So far
his message has been, "That was them, not me". If he is sincere, he should ask
the managers of Uber to share all the dirty laundry that they know. Then, he
should disclose it publicly and get ahead of it. That for me would qualify as
"that was them, not me".

He has been there 3 months, but there are 8 years of scandals built into
Uber's culture before he joined. I expect Uber to be on the front page of HN
for years to come. That can't be the right PR strategy.

He has to get ahead of it or he will lose credibility with the drip, drip,
drip of bad news.

~~~
valuearb
He released the information about the security failure (which occurred a year
before he was hired) and fired 3 security managers because of it.

He just issued a new company culture statement (with massive employee
participation) that eliminates the prior version's language that encouraged
jerks, and includes the statement "We do the right thing".

He's been there 3 months. What else do you expect him to do? It takes time to
acclimate to a new company. A CEO really needs to learn the staff, meet as
many employees and customers as possible, and soak all this in before they
start making big decisions. Being a CEO is never a "shoot first, aim later"
type of job.

~~~
hawkice
He didn't fire 3 security managers. They resigned. That may seem academic, but
I'm sure it wasn't for the people involved. If they want good publicity from
firing people... fire them. If people resign I just assume it was because they
got a better job (I've had a coworker pushed out this way -- the CEO just got
another company to give him a better offer).

If you want to avoid bad publicity from 'fired' being in the headline, you
also avoid the good publicity.

~~~
nl
Did either of you read the story?

 _Uber last week said it fired its chief security officer, Joe Sullivan, over
his role in the 2016 data breach, which compromised data belonging to 57
million customers and about 600,000 drivers. The resignations Friday came amid
mounting frustration within Uber’s security team over Sullivan’s dismissal and
the company’s handling of the public disclosure of the breach._

So he fired the CSO, and then those reporting to Sullivan resigned ( _The
departures include most of Sullivan’s direct reports._ ).

~~~
bogomipz
>"So he fired the CSO, and then those reporting to Sullivan resigned "

Which is not the same thing as actually firing 4 people.

Did you read the parents comment?

~~~
nl
Yeah, but it is pretty important given the context. He did fire the person
directly responsible.

------
bitmapbrother
>Uber’s general counsel, Tony West, on Wednesday sent a note to employees,
which was seen by Reuters, saying that human surveillance of individuals would
no longer be tolerated.

The fact that this even had to be said is sickening on so many levels.

~~~
ProAm
This has been an issue at Uber for many years. Google 'Uber god view' and the
scandals that came from that one.

------
ilamont
_Sullivan in August told Reuters that his security team totaled around 500
employees._

Google says Uber has more than 12,000 employees. Uber is not a typical
company, but how do other tech companies compare?

~~~
valuearb
They probably have proportionately far fewer security employees, just far more
effective ones.

All snark aside, I'd guess that the vast amount of Uber security staff's role
is investigating driver fraud. Uber grew so immensely fast because they
offered compelling sign up inducements to drivers, and in lots of cases those
were easy to game. It's why Uber got caught "fingerprinting" iPhones by Apple
so they could detect whether the same phone was being used to sign up for
multiple driver accounts to double dip the signup bonus programs.

~~~
greggarious
>All snark aside, I'd guess that the vast amount of Uber security staff's role
is investigating driver fraud.

I thought most companies separate out pure infosec from anti-fraud? Some orgs
may house both under the bubble of risk management but there's a big
difference between a security engineer and an anti-fraud analyst.

~~~
stickfigure
Since the third person mentioned in the article was "Jeff Jones, who handled
physical security", I'm assuming Uber lumped anything possibly related to
"security" in one org. Which does seem peculiar.

~~~
kenbaylor
You are correct. All things with even the vaguest hint of security and safety
were lumped there. Antifraud, monitoring who touches which logs, being the
sole provider of electronic evidence in all investigations, infosec,
competitive information, investigating rapes, putting listening devices into
the uber app .....very unorthodox.

------
yalogin
What is a chief of staff in a tech company?

~~~
tptacek
My understanding: a masculine term for "executive assistant". Or: a technical
secretary. Personal project manager.

~~~
vm
This article from First Round Capital outlines the modern tech company
approach: [http://firstround.com/review/why-you-need-two-chiefs-in-
the-...](http://firstround.com/review/why-you-need-two-chiefs-in-the-
executive-office/)

Tl;dr - CoS stands in for the CEO in meetings, fills her in on what's going on
across the organization (or outside of it), and overall leverages her time.
It's beyond someone who just does scheduling but short of being COO, which
entails direct reports and accountability.

~~~
tptacek
I guess. That squares with Pooja Ashok's resume, too.

------
bogomipz
>"The three managers who resigned were Pooja Ashok, chief of staff for
Sullivan ..."

C-level execs have "Chiefs of Staff" at Uber? How bloated is that
organization?

They were literally Chief of Staff to the Chief of Security.

EDIT: changed to gender-neutral pronoun.

~~~
arachnids
"Chief of Staff" is valley-speak for secretary.

~~~
bogomipz
That's essentially what it is in Washington D.C which as far as I know is the
origin of the title:

>"The White House Chief of Staff has traditionally been the highest-ranking
employee of the White House. The chief of staff's position is a modern
successor to the earlier role of the president's private secretary."[1]

[1]
[https://en.wikipedia.org/wiki/White_House_Chief_of_Staff](https://en.wikipedia.org/wiki/White_House_Chief_of_Staff)

~~~
appstateguy
Yes, but remember cabinet members are called secretaries — it's right in their
titles (e.g., Secretary of State). The President's Chief of Staff has enormous
power.

~~~
icebraining
_Sir Humphrey: Well briefly, sir, I am the Permanent Under Secretary of State,
known as the Permanent Secretary. Woolley here is your Principal Private
Secretary. I too have a Principal Private Secretary and he is the Principal
Private Secretary to the Permanent Secretary. Directly responsible to me are
ten Deputy Secretaries, 87 Under Secretaries and 219 Assistant Secretaries.
Directly responsible to the Principal Private Secretaries are plain Private
Secretaries, and the Prime Minister will be appointing two Parliamentary
Under-Secretaries and you will be appointing your own Parliamentary Private
Secretary._

 _Hacker: Can they all type?_

 _Sir Humphrey: None of us can type. Mrs Mackay types: she 's the secretary._

(Yes, it's a comedy show, but the titles are correct)

~~~
fjsolwmv
Yes Minister was a comedy show like HBO's Silicon Valley is a comedy show -- a
farcical quasi-documentary

Yes, Minister was fed leaks from British government that became plotlines.

~~~
icebraining
My favorite is the episode about the Channel Tunnel, in which the French
security services plant a bomb to test the British security and gain a
diplomatic gain. I thought that was completely ridiculous, just good idea for
finishing up a good plot.

Thirty years after, when the official papers of the time were released, what
do we discover..?

[https://www.theguardian.com/uk-news/2014/jan/03/french-
bomb-...](https://www.theguardian.com/uk-news/2014/jan/03/french-bomb-
london-1984-thatcher-mitterand)

------
_pdp_
Physical security, digital security and fraud prevention are separate fields.
They may all have something to do with "security" but the goals are very
different and as a result, the management structure needs to be different. If
you fail to do so you will simply dilute the key objectives each of these
fields deliver.

------
NelsonMinar
It never fucking ends with this company, does it?

~~~
j4ship
it ends every time i get out of the car and give my driver 5 stars. And then
it begins again with me being picked up damn near any where i want to at any
time in the bay area.

The scandals are for the company , the employees , and the gov to figure out.

As a user (and Im also guessing for the drivers) its one of the best companies
out there. Reliable , efficient, high quality.

~~~
crpatino
You assume too much. Uber might be good for the customer, but it is a total
jerk to the driver.

Last scandal at my hometown, that is unlikely to reach the English speaking
world, is as follows.

Our airport, which lays on federal grounds, grants a monopoly of
transportation services to certain well established company. Not even city
taxis are allowed in (they can drop passangers, but cannot pick up anyone else
while they are on premises). Uber attitude towards this situation is the
standard one, basically an extended middle finger to every law, institution or
authority of the land.

The problem is that if airport security catches an unofficial taxi on
premises, they call federal police, the car is taken to a seized and the
driver cannot recover until he's paid a very considerable fine (think several
months of blue collar wages). Uber strategy to deal with that is to swarm
security, so they always catch someone, but the process to deal with the
offender is very time consuming and all other Uber cars are free to do
business while the guards are preocupied.

Uber will punish any driver that refuses to take airport calls with bad karma,
and will "gratiuouly" pay for your fine... once (if you get caught twice, it
is on you), but they will not pay you any wages while your car is locked in
federal grounds (a time that is measured in weeks, not days). They will also
not pay for any damages to the car itself, which unfortunatelly is a rampant
problem in this country when vehicles end up under the custody of the
government.

So, be very glad to have a car and a chauffeur at your fingertips beck and
call, but please do not assume the driver is enjoying it as much as you do.

~~~
chairmanwow
While this is unfair of Uber, this is a pretty insane situation. They impound
your car for weeks for providing a service consensually? I think that's the
real issue here.

------
mars4rp
"The three managers who resigned were Pooja Ashok, chief of staff for
Sullivan;"

is it normal for a chief officer to has a chief of staff???

~~~
praneshp
I don't know if you accept it as normal, but I've seen that in each of the
four companies I've worked in. Sometimes the chief of staff at the VP level is
not an engineer, but the chief of staff to CxO I've seen are usually
engineers.

