
Uber’s Secret Tool for Keeping the Cops in the Dark - angpappas
https://www.bloomberg.com/news/articles/2018-01-11/uber-s-secret-tool-for-keeping-the-cops-in-the-dark
======
chollida1
I think the biggest issue here is that Uber actually has programmers on its
staff who think its ok to write a program whose sole purpose is to try and
break the law.

I mean, someone actually sat down and said, ok when, not if, law enforcement
comes to raid one of our offices, how can we do our best to block a lawful
search warrant.

~~~
bryanlarsen
And yet Apple regularly receives praise here for thwarting law enforcement.

The difference seems obvious to us, but it wouldn't be to someone outside of
tech, and similar justification will be used by used by people building the
Uber program.

I suspect the large majority of entities who are stymied by Apples extensive
encryption who wouldn't be stymied by trivial encryption are law enforcement
and other state entities.

I also suspect that Uber's protocol has been invoked against against intruders
and/or commercial visitors.

So while Apple good and Uber bad, the difference is gray, not black & white.

~~~
rm_-rf_slash
Apple protects its customers. Encryption that stops cops also stops criminals.

Uber is only protecting its profits. The customers are incidental to its
blatant lawbreaking.

~~~
letsgetphysITal
Apple protects its profits. Encryption that enables privacy protections for
consumers also stops cops investigating crime.

Apple is not your friend and does not have your best interest at heart. It is
a company like Facebook, Microsoft, Ford, Boeing... They all just want the
money. If making hard to break encryption sells more units, then that is the
_only_ motivation.

~~~
IBM
There's no evidence that Apple's ideas about privacy or encryption have any
positive effect on sales. The only people who might even be aware of it are
tech people, and that doesn't move the needle at all. See the tech people
gripes about the Macbook Pro, which went on to sell well anyway.

------
hitgeek
most of this sounds like good practice for any company that stores large
amounts of sensitive data.

perhaps the features were used inappropriately, but I would hope Uber can
remote wipe a laptop, log users out of company systems, or centrally enforce
encryption policies.

this line is just silly.

\--"Later versions of Ripley gave Uber the ability to selectively provide
information to government agencies that searched the company’s foreign
offices. At the direction of company lawyers, security engineers could select
which information to share with officials who had warrants to access Uber’s
systems, the people say"

What is the alternative? Giving law enforcement access to all data without any
discretion? Querying ride data for 1 person is technically "selectively
provide information", but that seems perfectly acceptable.

~~~
slivym
The headline of this is that it was implemented in response to a legal police
search that resulted in uber getting banned in a country because it was
breaking the law. It was then repeatedly used to obstruct justice.

This wouldn't be news if I told you that Intel makes its engineers encrypt
their hard disks and require passwords on wake and insist no one leave their
computer unlocked.

The news here is that they're using this technology specifically for
obstruction of justice.

~~~
mcguire
Right!

It's not the technology in question, it's the decision to use it for this
specific purpose.

------
meri_dian
A certain segment of the population - disproportionately represented on HN -
strongly dislikes both Uber and cops. It's always interesting to see how
people react to stories in which two groups they dislike are pitted against
one another.

~~~
MIKarlsen
I don't think I belong to any of those groups, but Uber seems like a company
that operates on the edge of the law, which I don't find all too attractive.

~~~
logfromblammo
As one of those people, it makes me happy that an obviously sleazy company
like Uber is giving the cops something useful to do, so they aren't harassing
more ethical businesses.

It's like when the small-time drug dealer and the top bully at your high
school get into a fistfight. The ideal outcome is that they both get a savage
beating, and then get expelled.

------
crankylinuxuser
Yeah, this sounds like a great tool. Of course it can be used for good and
bad. Hell even "cp" is a potent copyright violating tool, if used in that
purpose.

I can easily see a toolkit that makes sure everything is FDE with a
distributed key network, and revocation from anywhere if needed. I also see
remote distributed shutdown requests, sealed storage locking, remote device
nuking, and plenty of other features if a device falls into the wrong
hands.... even if that is local law enforcement.

Part of this also feels like the Neuromancer universe, where companies are the
state actors, and the real states have only limited jurisdiction.

(And yes, I would help build a set of tools like this. They have multiple
purposes, legal and illegal. Not my fault if someone uses them illegally in a
jurisdiction. )

------
mnm1
They should have deployed this just once for a US case. I assume some of their
communications travel across state lines and that would make their obstruction
of justice and evidence tampering a federal crime. With our beyond vague
definitions of such crimes, every Uber executive could have been in jail for
decades by this point.

------
msumpter
So prior to the next warrant served to Uber authorities will sever all
communication lines ran into the suite right?

~~~
EGreg
That itself would trigger the shutdown. No heartbeat signal - shut it all
down.

------
pbhjpbhj
Sounds like a fun system to make, context aside.

It's there an OSS version of this somewhere: contact a server, server
initiates clients on all devices to perform lockout with pre-arranged
credentials. Client can clean caches, wipe partitions, etc., as required.

~~~
crankylinuxuser
Nahhh, I wouldn't rely on a server. I'd rely on a distributed network or a TOR
gateway to a onionsite that is HA'ed with onionbalance. Even better if you can
put in a 3g sim and have it talk using that as a backup.

Most of the time, your adversary is a thief with low/mild tech intelligence
who'd let it talk to the net. Then game over, data's gone and you have a
portable spy rig if you play your cards right.

------
gaius
_Like managers at Uber’s hundreds of offices abroad, they’d been trained to
page a number that alerted specially trained staff at company headquarters in
San Francisco_

Isn’t this “tipping off”? Which is a crime in itself.

~~~
bouncing
In what respect is "tipping off" a crime? Is it a crime if, after seeing a
speed trap, I flash my brights at the next motorist?

I'm not a lawyer, but unless there's a gag order, I don't think it's a crime
to tell someone you're being raided by police, especially if that someone is
your security or legal staff.

~~~
burger_moon
>Is it a crime if, after seeing a speed trap, I flash my brights at the next
motorist?

Where I grew up, yes that is a crime, at least in the sense it's something to
be ticketed for, they're not going to haul you to jail.

~~~
mikestew
Where _I_ grew up, they could ticket you but it wouldn't stick because I might
flash my lights for any number of reasons. The fact that there was a cop
nearby was mere coincidence.

------
NelsonMinar
It never fucking ends with this company, does it?

------
alex_young
> Ripley, after Sigourney Weaver’s flamethrower-wielding hero in the Alien
> movies.

Sounds more like Ripley's believe it or not

------
mcguire
What the heck does that illustration even mean?

------
brndnmtthws
What's interesting to me is that governments are becoming less and less
important in society. With Google, Facebook, Uber, and Bitcoin, we're moving
closer and closer to a world where human-based systems (government) are being
supplanted by computer based systems (technology).

I for one believe this can be a good thing, since humans corrupt but computers
are strictly deterministic.

~~~
kbart
I'd argue that government gets more and more power with technological advance.
Just few decades ago regimes could only dream about total surveillance, now
Chinese government are putting this in practice and I'm sure many will follow.

~~~
brndnmtthws
That's more of an example of human corruption, IMO. Counterpoint: people use
various technologies (VPN) to bypass the great wall.

~~~
EGreg
I don't see how your description of the China situation restores your point
that governments are becoming irrelevant. China is deploying facial
recognition and AI to figure out who you know and who's helping you and in a
cashless society they can penalize you by cutting off your cards and those of
people who try to still help you.

~~~
brndnmtthws
I didn't make that claim with regard to China, but I see your point. I've also
never been to mainland China, so I don't really know how things are there.

