Hacker News new | past | comments | ask | show | jobs | submit login
How Uber Used Secret “Greyball” Tool to Deceive Authorities Worldwide (nytimes.com)
1144 points by coloneltcb on March 3, 2017 | hide | past | favorite | 764 comments

It took me about 8 paragraphs in to figure out what Greyball is, so to save you the time: Uber used various data sources to identify which people are likely government officials who are trying to collect incriminating data on them, and then blocks them from the service so they can't be caught in sting operations.

But there's a lot in the article that doesn't make sense:

>Other techniques included looking at the user’s credit card information and whether that card was tied directly to an institution like a police credit union.

I couldn't find a good source, but it doesn't seem like that's something a CC merchant would have access to. Do they really get to see that?[2]

Also, how were they able to do it so accurately without disrupting their service? Most city employees and police aren't going to be involved in sting operations against car services, so their customer support will have to deal with a torrent of very confused government employees [1] who keep getting mysterious rejections when they try to use they app, and which support can't give a truthful answer on.

Plus, this seemed to require significant on-the-ground intel and human intervention:

>If those clues were not enough to confirm a user’s identity, Uber employees would search social media profiles and other available information online. Once a user was identified as law enforcement, Uber Greyballed him or her, tagging the user with a small piece of code that read Greyball followed by a string of numbers.

So, I'm surprised it worked at all.

[1] identified by the fact of that person having more-than-usual activity inside something recognized as a government building

[2] EDIT: Okay, I get it -- you can look up banks from the CC number. Can we not have further comments just to point this out?

Maybe not a popular opinion but I find this entire thing pure genius.

>I couldn't find a good source, but it doesn't seem like that's something a CC merchant would have access to. Do they really get to see that?

The first 6 digits of a credit card can identify the issuing bank (BIN number - https://en.wikipedia.org/wiki/Payment_card_number). If you ask your merchant they can readily provide you and up to date list.

This plus public payroll records (such as http://transparentcalifornia.com/) probably took them quite far.

I agree. It's genius in a Lex Luthor kind of way. If I understood the full scope of the application, I like to think i'd decline to work on that. It's easy to imagine engineers working on small parts of the system, and never really connecting the dots that the whole point is to evade law enforcement.

There's a big difference between keeping secrets for market advantage and to evade the law. In the first case, I want to tell people because i'm building cool stuff, but i can't, at least not until the product is ready. In the latter case, i'd be at least embarrassed, if not ashamed of the tools.

But I agree, it's slick. It's easy to be an armchair quarterback when it's not my career at stake. With millions or billions of dollars on the line, my ethics might erode much faster than i want to admit. In that case, I'd hope evil jfoutz (or ethically devoid jfoutz) would build such a sophisticated tool.

>If I understood the full scope of the application, I like to think i'd decline to work on that. It's easy to imagine engineers working on small parts of the system, and never really connecting the dots that the whole point is to evade law enforcement.

It reminds me of the VW emissions cheating case:

"Hey, have it detect whether the test cycle is running and emit a signal if true."

'Um... why would the system need to know that?'

"Uh, because we don't want the car to freak out when the wheels are turning but it's not moving."

'Oh ... seems legit.'

"And you -- have it minimize NO2 when it gets this signal. But don't talk to him."

In the Uber case, employees might have been told, "oh we want to offer a special discount to law enforcement" ... though even that seems seedy.

But (per my original comment) I don't see how they can keep the circle small. What do they tell support employees to say when someone reports not being able to get a ride despite all the fake cars around?

The system has extremely obvious use cases in abuse mitigation - it's basically HN shadow banning for car service. Only a few needed to know about the spot-the-officials aspect, and the rest is legitimate. And support don't need to know anything - if someone is reporting fake cars, they're an undesirable customer anyway so from Uber's standpoint, it's fine if support get confused and do a bad job.

From my read of the article, abuse mitigation seems to have been an early motivation for some components of this feature - in markets where, for example, competitors would threaten Uber drivers with damage against person or vehicle. And then someone got the bright idea of who else they could shadowban...

A Philadelphia agency was caught teaming up with taxi companies to fight Uber http://www.vox.com/2016/1/30/10873372/uber-lyft-taxi-philade...

caught is a bit hyperbolic. Government agencies have every right to work with industry partners to promote, understand, and enforce regulation. This happens all day everyday in industries around the world. Uber isn't somehow exempt from that.

It may be that asking questions like that is simply not encouraged at Uber.

Uber's support is pretty worthless - every interaction is with a different person, and none of them read the conversation history. I'd expect the person would get a runaround and just wind up going in circles.

Agreed, and also the article states that multiple current and former employees reported this information.

But NYTimes might be mistaken in its reporing?

I doubt it. Reputable news sources require at least two independent sources before they'll print a story. If NYT didn't have multiple current or former employees telling them about this then you wouldn't be reading this story.


It's concerning to see this narrative already working, considering a Carlos Slim "billion dollar investment" in the NYT is, itself, a lie. The good news for you is that a transaction that large would be public record, so I look forward to being proven wrong with a citation. (I suggest you look up the market capitalization of The New York Times Company.)

On the order of 1bn, but my memory of exact figures from a decade ago needed refreshing. In fact only $350 million of corrupt foreign monopolist cash is enough to buy the editorial position of America's premier source of fake news.

Good luck defending the NY Times on that basis.

He increased his investment by $100ish million in 2015, which more than doubled his stake. This is easily found via Google, and is on the order of an order of magnitude below a billion dollars. You can't just make things up while decrying fake news. The trend line on these goalposts moving will eventually lead to an investment I can afford.

This is even beyond my position on the paper. You're just typing complete falsehoods and expecting to get away with it now, which is sad.

I would imagine there are people who don't view it as a breach of ethics. And those types are probably more inclined to be working at Uber on the first place.

I mean if you really believe the various transportations administrations are corrupt and that the way to solve it is to temporarily disregard the law, then Uber is probably the place to be

I seem to be the minority here, but I don't see how any entity (including Uber) has an obligation to make it easy for the law to ticket them.

Anyone who uses e.g. the Waze app to evade speedtraps is similarly guilty of "systematically avoiding the law."

Lastly, let me just disclaim that I think Uber is run by assholes and so is the police.

Obstruction of justice is a crime. So are lying to an FBI agent, destroying evidence, resisting arrest, evading arrest, falsifying business records, destruction of documents with intent to impede an investigation, and of course perjury.

I don't know that any of these apply here, but yes, actively avoiding accountability is often a crime on its own. And correctly so, I'd say. Creating fake accounting records as a hobby would be odd but not immoral. But keeping two sets of books in a real business has no purpose beyond enabling illegal activity.

Oh, and if you're wondering about the moral case, I think it's pretty clear. When we the people set out to do something together, deciding to evade our joint decisions and mechanisms for self-regulation is an antisocial, antidemocratic act.

The government hasn't represented "we, the people" since forever, so all your arguments are void. It cannot be morally unlawful to resist a government that doesn't represent you.

You are welcome to your own opinions, but I disagree. I imagine most Americans would.

Regardless, if you have decided that the government doesn't represent the people, it makes your task harder. Unless you're just saying that you can do what you want (which doesn't strike me as much of a moral position) then you have to work to divine what the collective will of your fellow citizens is and honor that.

When big money monopolists corrupt our local governments to obtain taxi monopolies at the expense of working families, the environment, and vulnerable racial minorities that can't hail taxis but can get an Uber, then it's the system that's antisocial and antidemocratic.

Uber is a social reform movement organized as a profit-seeking business. Of course the forces of corruption and reaction are going to try to stop it under cover of law.

So you claim.

But if they're a social reform movement, they'd very well disguised. They threaten journalists, exploit workers, engage in a variety of skulduggery, and create such a toxic working environment that they need a former Attorney General to investigate.

I think the more likely case is that they are what they appear to be: greedy, amoral people disguising an attempt to gain a monopoly using the guise of social reform.

Would you say that using an app to avoid speed traps is obstruction of justice? What about radar detectors?

Certainly it depends on which one of many jurisdictions Uber operates in.

For a start, in the U.K. it's illegal to use radar detectors [Edit: this first is apparently false; they publically stated that they were going to, but never changed the law. Other countries apparently do ban them, according to wikipedia.], and people have been given criminal convictions for "Flashing their lights" in order to warn incoming motorists of a speed trap.

Is it illegal to use either radar detectors or gps camera locators in England? What law is it?

I'd be interested in a link to the "flashing lights" case too.

Apologies - apparently I'm mistaken with the first - apparently several years ago there were public discussions about it and they claimed they were going to, but never followed through. Probably some more secondary sources confirmed it for me that I never double checked. (Also, wikipedia claims that although the UK doesn't ban, plenty of other countries do - and in the US it seems only Virginia explicitly bans them)

RE: Headlight flashing, I can only find sources from a few years ago - http://www.bbc.co.uk/news/uk-england-humber-12823922 was the one I remember hearing about, but several other instances seem to have taken place; i.e. http://www.telegraph.co.uk/news/uknews/law-and-order/9324722...

I'm not a lawyer, so I'd suggest you either ask one or form your own opinion: https://en.wikipedia.org/wiki/Obstruction_of_justice

True, but there's a big difference between turning away anyone who looks like a cop (as biker bars might do, and is on firm legal ground), versus lying specifically to those people you believe to be cops.

So, saying the bar's closed would be ethically unacceptable but just saying you're not allowed in isn't? I'm afraid I don't agree with this being a clear ethical distinction.

> I don't see how any entity (including Uber) has an obligation to make it easy for the law to ticket them.

Corporate citizens have an obligation to obey the laws of the jurisdictions in which they operate. If they find the laws unacceptable, they should lobby to have them changed.

You'll find that the same argument gets thrown entirely out the window conveniently depending on a person's specific beliefs on any given issue. It's barely even built on sand as a premise.

See: racism and discrimination broadly, segregation, refugees, illegal immigration, unions / union strikes, marijuana, political corruption, cartels, government protected monopolies and so on. There are a vast number of topics that cause people at businesses to be willing to disregard the laws of a given jurisdiction at various points in time (regardless of whether one views the position as being on the moral side or not). It'd be hard to claim that it never makes sense to disobey the law for a business, given just the last century of history in just the developed world, with the plentiful display of wildly irrational or immoral laws that have existed.

Herein lies the source of the disagreement.

We are all better off because uber willfully disregarded these laws and regulations. These laws once had a good reason, but are now still on the books only because incumbents have regulators in their pockets.

As for lobbying to have the laws changed, if you expect startups to be able to lobby in every jurisdiction to get the law changed against incumbents when the regulators often come from the industry the startup is disrupting, then I got a bridge to sell you.

> We are all better off because uber willfully disregarded these laws and regulations.

The thing is, we're not. What we've got is a cab company that can offer better and cheaper service than everyone else because it's breaking the law, and it's good at throwing VC money at lawyers to avoid the consequences. What we've got is further damage to the respect for the rule of law and thus to the fabric of civilization, as people see how Uber gets away with illegal activities. Hell, there are many people who are inspired by their antisocial behaviour, and see Uber as an example to follow.

Consider a hypothetical business in a historical era that provides great service by employing colored people to serve white customers. Imagine said business becomes successful, and even pushes some jurisdictions to change their laws against this practice.

I'd argue that this business is great - it's helping consumers and fixing the world.

One might argue that we are not better off because of this:

The thing is, we're not. What we've got is a business that can offer better and cheaper service than everyone else because it's breaking the law, and it's good at throwing money at lawyers to avoid the consequences. What we've got is further damage to the respect for the rule of law and thus to the fabric of civilization, as people see how this company gets away with illegal activities. Hell, there are many people who are inspired by their antisocial behaviour, and see Uber as an example to follow.

Your argument seems to apply equally well to this case - after all, your argument is not dependent on the law being just or unjust. It completely ignores that point.

Are you willing to follow your argument where it leads? Or do you recognize the flaw in it?

It's about the defaults. I believe laws should be obeyed by default, and only opposed in special circumstances. The burden of proving that the circumstances warrant disobedience should be on the disobedient party. And most importantly, breaking the law should be expensive, so that it never becomes a viable business strategy.

I'd even cut Uber some slack if they weren't so smug about what they're doing. This is just as much about breaking arbitrary laws as it is about how they keep showing that they don't give a shit about society.

> your argument is not dependent on the law being just or unjust. It completely ignores that point.

It does, because in real world, regulations are not uniformly distributed throughout the possibility space. In any working society you can - and should - assume that most laws are there for a reason, and that this reason is just. When that assumption doesn't hold, your country pretty much disintegrates. Hence, going against the law is a special case.

The way I see it, none of Uber's "innovations" actually required illegal actions. They simply don't care, because this way is faster and brings in more money.

As a proof of that I want to point out that many places in Europe managed to implement all those Uber "innovations" some time ago, and it didn't require breaking laws in the way Uber does. Sure, old cab companies were pissed, but things got settled in courts and regulations were updated - just like it should happen in any civilized society.

Ultimately, if Americans want to run their society this way, it's none of my business. I would be happy though, if they stopped exporting their "innovative" methods to countries with working regulatory frameworks.

I think Uber has proven that their disobedience is beneficial. In the US and India they have made the transit sector vastly better than it was before. Even ignoring the benefits of the app over hailing a cab, the drastic reduction in racial discrimination is an amazing improvement.

Note that India also had apps/SMS driven taxi hails - autowale.in started in Pune (my city). But Uber fixed transport and the political situation, whereas autowale.in is just a footnote in history.

In any working society you can - and should - assume that most laws are there for a reason, and that this reason is just. When that assumption doesn't hold, your country pretty much disintegrates. Hence, going against the law is a special case.

Then by your standard, the US and India are not working societies.

Then again, by your standard, it's pretty clear that not all of Europe is working. For example, witness how often French unions and others engage in violent and illegal actions (both assaulting Uber drivers/passengers and others) on a regular basis.

In any case, you seem to be backing away from your original claim and accepting that some laws are unjust and breaking them is ok. Do you argue that American or Indian taxi protectionism laws are just?

The fix would have been to create better mass transit.

You are arbitrarily assigning Uber's disruption a positive social outcome, which appears to be the lynchpin of your argument. Your argument could be applied to many outcomes that would appear on the surface to be negative. A few (admittedly exaggerated) examples:

"ArmzDealR is providing a great service by eliminating government bureaucracy and providing access to arms that citizens should have. It's good that they help people avoid those onerous registration requirements."

"TraffiKR makes it easy to find cheap labor. There's no paperwork and the workers never complain!"

Are you willing to follow your argument where it leads? Should businesses be allowed to push against any rule at all? Are all laws 'unjust' or are there some laws that are in place to protect public good?

I'm simply pointing out that Temporal's argument that breaking the law is always wrong is simply incorrect.

I'm not saying all laws should be broken. I'm saying one must decide whether or not the law is just, and support those who break unjust laws. I see no one even attempting to make the argument that taxi protectionism laws are just. Do you have an argument that they are?

I haven't researched the rationales behind taxi protectionism laws, so I can only offer conjecture. Two two reasons I can imagine we have such laws are traffic congestion control and accident liability.

On the surface congestion control seems far easier to implement (especially in a pre-mobile phone context) via restriction of medallions. I don't have arguments one way or the other as to the necessity of congestion control because I've only rarely experienced large cities (NYC, Chicago, London). I believe they are popular for various reasons, but I am not familiar with the arguments for or against.

Determination of liability seems like another obvious reason for a medallion monopoly. Presumably taxis are a higher risk pool for insurance claims, due to the presence of multiple parties. It's unclear to me where the liability falls if an Uber driver is in an accident that mortally wounds a passenger; will their standard insurance (that presumes a certain risk profile) cover the claim? I'm simply not familiar enough to definitely comment, unfortunately.

The latter argument holds more weight with me, but I'm sympathetic to arguments against it.

You do see the problem with encouraging the erosion of mutual social trust? If "following the law" collapses as a percieved social expectation it would impoverish everyone.

That being said, it is clear that abusive and overwraught law and regulation invites this impovrishment.

Breaking the law always erodes the fabric of society. Normalizing it is worse.

Certainly, there can be laws that are worth breaking. You should be extremely careful before assuming that's the case in any given scenario, and I don't think taxi rules are it, no matter how dysfunctional the USA might be.

"taxi protection" laws are really just outdated "people protection" laws. They were just at the time and worked for many years after.

Regardless, all laws should be followed. Thats the whole point of society. We agree to follow the laws collectively.

Really though we are. Even if Uber goes out of business, taxi companies are going to get wise that customers want the Uber experience and all of a sudden they'll all have to get apps to compete.

Uber broke a status quo in the state of the transportation industry and we should all be grateful for that. They also became a champion for a certain type of activism that I think a lot of us would like to see more of.

Think carefully before you deny Uber the activist label. Using ethically shady methods to push through social agendas is precisely what activism is. Not everyone falls on the same side of the line, but you can't not call it activism. Labor strikes were considered extremely problematic to many.

I have a perspective of an European. Here on the Old Continent, we've already had that "Uber experience", and it didn't require companies to blatantly ignore the law and burn money to keep regulators at bay (not to say there weren't regulatory tensions, but they quickly got resolved in courts and regulations were updated; that's how a civilized society is supposed to work). So excuse me if I don't see Uber as innovative.

As for their activism, this is the flavour we know from dystopian movies about evil corporations disregarding the laws to eke out some profits. In a way, I can't wait for an Uber in biotech sector - maybe a small engineered pandemic is what people need to understand that regulations should not be ignored on a whim by companies seeking profits.

We're all better off? That's an incredibly broad statement.

The laws on the books still exist for a good reason. Even if you feel that Uber is somehow exempt/makes good choices with the people it chooses to employ via the platform, does that apply to any other "uber-esque" groups with more lax enforcement?

"The laws on the books still exist for a good reason."

That's... optimistic. Many laws were put in place to benefit other (incumbent) businesses, or in reaction to conditions that no longer hold, or due to ideas proven false or at least no longer fashionable.

That's not necessarily good reason to break the law (though sometimes it is), but anyone shold feel free to lobby for removal or change of a law.

Let's also acknowledge that it's not just Uber the company skirting the law, it's also the millions of people who use their service. The people have spoken with their dollars instead of their votes.

lets also acknowledge that there are billions of people who are using their dollars to vote against uber by taking taxis, use lyft, take public transportation, purchae cars, walk, or ride their bike.

in other words, thats a terrible argument in support of uber.

> Corporate citizens have an obligation to obey the laws of the jurisdictions in which they operate.

To some extent. If the fine is $50 for each infraction, and you have $10bn in the bank, you really don't have to obey the law.

You can lobby to have the law changed and not obey the law (if you are willing to pay any and all fines, while you are lobbying). Uber's use case didn't exist 10+ years ago, and as such, most laws weren't made for that not set up to account for that.

I personally find that to be a valid example of where it's acceptable not to follow the law.

> To some extent.


no, you have always have an obligation to. Being obliged doesn't mean you're going to, but you do have an obligation.

> I personally find that to be a valid example of where it's applicable not to follow the law

oh great, now we all get to decide what laws we will or won't follow. is that really the precedent you are arguing for?

You've never jaywalked in your life then, right?

The law is generally something that evolves, because the world evolves.

Do regular citizens, such as Rosa Parks, not have the same obligation?

Personally I consider civil disobedience of unjust laws to be acceptable, for either a single person or for an organized group of people (such as Uber).

Civil disobedience implies actions in the open and being willing to suffer the consequences of your actions. If Uber had made a public statement that they were instituting a policy to refuse service to city and law enforcement officials and were willing to take their lumps, you might have a point.

And uber does things in the open. They openly violate the law and reveal to citizens how much corrupt politicians are hurting them by taking away their transportation choices.

This works only if it happens on a massive scale. If Uber didn't use this program, it's likely that their civil disobedience would end before it's large enough to get their message out.

It appears that other ridesharing apps have managed to "get the message out" without devising nefarious plots to confuse law enforcement. And for that matter despite various covert Uber-run attempts to sabotage their business and take away the public's transportation choices.

The idea that Uber is some civil liberties campaign for improved transportation options rather than a corporation with an unusually aggressive disregard for anyone that gets in their way is rather exploded by the most cursory examination of their actions.

Which other ridesharing apps have fixed broken political systems? From what I can see, most of them wait for Uber to fix politics and then just swoop in after the fact to make money.

I don't think any ridesharing apps have "fixed broken political systems", least of all Uber. But there are many ridesharing apps which operated in local territories before Uber, and many of them managed to do it without writing software to deceive law enforcement, coordinating personal attacks on journalists who criticised them or trying to kill startup competitors with fake bookings.

Before Uber, SF, NYC and Mumbai and many other political systems prevented competitors from providing better service than yellow cabs. Uber's political activism has fixed this.

coordinating personal attacks on journalists who criticised them

This was an ethical hypothetical, not a thing that actually happened.


fake bookings.

Uber made real bookings and then gave the driver a sales pitch during the ride. All they did was pay their competitors for the right to offer drivers a better deal.

Kind of the opposite of Google/Apple/etc colluding NOT to offer each other's employees a better deal.

To be honest, the fact that an executive is prepared to publicly advocate harassment of journalists as an "ethical hypothetical" thing is a pretty good indication of what they actually are prepared to do in private. Sorry but the "I'm a good friend who overheard part of the conversation and don't think he said the things he's already apologised for saying" defence isn't the most convincing, especially given the company's well-publicised use of comparable tactics in other areas, including hiring private investigators to go after employees that had reported sexual harassment. Your insistence that Uber made real bookings (and just happened to cancel most of them) is a lie, period.

You don't have to think taxi medallion laws are particularly rational to find Uber's behaviour in many, many areas indefensible.

Yeah good point, Rosa Parks also made billions from her civil disobedience.

Yeah, Rosa Parks civil disobedience was a for profit operation! Please stop insulting her. Uber is the embodiment of corporate evil, these people think they are above the law.

I didn't say she made a profit. I said she broke a law she felt was unjust, same as Uber, and that according to ForHackernews' reasoning she should not have done this. My point is that his reasoning is wrong, and merely a post-hoc rationalization for general dislike of Uber.

I did not make the comparison you seem to be arguing against, namely that Rosa Parks and Uber are equivalent in all possible ways.

>comparing Rosa Parks, who fought for civil rights to Uber, who actively contributes to undermining worker's rights in over 20 countries.

only on HN

They're making the important point that what people really mean is "laws I agree or don't agree with" not "laws". Hopefully not only on HN do people have reflective capacity to see this.

Its worse on Reddit

I agree they have an obligation to obey the law.

I disagree that they should lobby to change it. I understand that realistically that is what they will do, but I don't think it's the ethically correct thing.

Laws are in place to benefit all of society, they shouldn't be changed on behalf of specific corporations, regardless of how much money the "donate".

Laws are in place to benefit those in power not "all of society," as anyone who does not benefit from them can attest to. And I agree, corporations cannot be allowed to change the laws to suit them.

well, corporations can't change laws. They can only lobby. And laws are passed by the majority to benefit a majority, that's how a democracy works.

Laws are passed by a tiny percentage of the population, alleged (not necessarily de facto) representatives of the interests of majority. So not confuse republic with a direct democracy.

If only we lived in an actual democracy https://www.youtube.com/watch?v=5tu32CCA_Ig

In a democracy, the voters are the ones in power

So you oppose Apple and other tech companies lobbying for gay and transgender rights? Or Google lobbying for net neutrality?

That powers are sometimes used for good does not imply the existence of those powers is a net positive.

No but I am for Google and Apple investors holding the management to their fiduciary duty to turn a profit. Lobbying for gay rights seems very loosely connected to that goal.

Edit: There is not a fiduciary duty to turn a profit, but there is a fiduciary duty to put the corporation's interests above your personal interests.

There is no fiduciary duty to turn a profit

You are right - thanks for the correction. However, there is certainly a fiduciary duty to put the interests of the corporation above your personal interests as a high-level manager.

Yes, I'm against corporate lobbying in all cases, even when they're lobbying for causes that I believe in like LGBT rights and net neutrality. I would be quite a hypocrite if I only supported corporate lobbying when it was for causes that I agreed with. Ideally corporations would have no place in politics.

And please don't conflate "doesn't support lobbying for XXX" with "doesn't support XXX". They're really orthogonal concepts.

Greyball makes it easier for Uber to continue breaking the law.

It's like drug dealers using police scanners to determine if the police are nearby.

Or like non-Jews hiding Jews from the Nazi police.

Obviously that's a dramatic example, but so is the drug dealer example.

If Uber believes that the taxi industry is wrongfully colluding with the government to try to stop Uber from operating, then it's not necessarily wrong for Uber to do whatever it can to continue operating.

If Uber believes the taxi industry and the government are wrongfully colluding, it has the means to legally make that case as well as in the court of public opinion.

That is obviously not true for the extreme example you cited of genocide under fascism, so, I don't think it makes sense to compare the two.


Uber didn't have to have Greyball in the first place. Every driver that got intimidated/assaulted should go to the police. Every time a competitor pulled some shenanigans against Uber, they should sue. And so on and so forth.

This is just smokescreen. It's obvious what the intent was.

No, sorry, Uber doesn't get to resort to some kind of corporate vigilantism and "do whatever it can to continue operating".

Uber can go through the proper legal channels to address the concerns it has.

Laws take years, even decades to change. We'd never have any progress if every technological advancement had to wait for the law to catch up and regulate it.

We do have quite a lot of advancement which comes without violating the law. Also breaking the social canvas to correct something you feel is unfairly repressed/enforced is not something to do lightly.

Let me give you an example here. I think Uber is a bad thing, but there's nothing I can do to oppose them, legally, that is. Should I carry out my own justice, illegally ? You can see that this pattern of thought quickly falls down, because making compromises is actually an important part of living in society.

It sounds like this happened in some places - uber cars getting vandalized in France, for example.

Once you say "we're not going to follow the law", do you have the moral right to demand it be enforced on other people?

God, I wish HN had a downvote button.

It does - you just need a certain amount of karma (500?) to get it. That's why some answers are grayed out; get enough downvotes, and your writing will blend in more and more with the background.

Why, exactly ?

I know. HIPAA and SEC regulations are the reason why tech can't quite seem to disrupt the medical and financial industry. I wish a company like Uber will just go in and break every rule until enforcement finally realizes medical and financial regulation is a silly idea.

Tax avoidance and laundering of criminal money is a genuine value-add to many an individual's portfolio I don't know why governments around the world want to prevent banks from doing it.

Arthur Andersen did nothing wrong.

how dare you utter such impure thoughts on a forum named "Hacker News". Regulations is always for the greater good!!! /s

Haha, not sure why this is being down voted. This is meant to be a funny, sarcastic comment :-)

If Uber thinks law is wrong why don't they start a campaign to change it? England or France are supposed to be democratic states, aren't they?

A less extreme example would be saying that you bought that weed for your glaucoma.


Life imitates art.

Actually, the art in this case imitated this: https://www.youtube.com/watch?v=PN-vUaawaF8

actually the drug dealer police scanner analogy is pretty appropriate even if its not 100% accurate.

Is it inherently illegal for a drug dealer to scan for police in the area and close shop if they believe officers are nearby?

I get what you're going for. Where's the line beyond which avoiding detection / policing is wrong. Like for example, if I'm a terrorist, then if I'm plotting an attack and avoiding surveillance and policing, would I still be wrong if I've not executed the plot yet?

Obstruction of justice and interfering with police duties are crimes in plenty of jurisdictions. I'm not sure Waze is a good comparison - your behavior around knowing where a police car was sighted is to comply better with the law, so it'd be hard to argue it's obstruction of justice.

> your behavior around knowing where a police car was sighted is to comply better with the law

It may be...it may also be to avoid the area, for illegitimate (I'm a criminal police are looking for) or legitimate (the local PD is notoriously racist against people of my race, and I want to avoid being hassled) reasons.

I think that Waze is a great comparison. There's an app which is explicitly used to find and avoid police in order to flaut the law.

The main difference in my view is that Waze is individual people doing this, which we approve of, conversely Uber is a corporation many dislike. In situations like this it's important to acknowledge bias and try to abstract to the general case and reason about that.

Waze users are following the law when they get near Police officers. Uber users are continuing illegal behavior but obstructing police visibility. Uber's behavior is more like radar jamming or putting up a barrier in front of police.

Exactly, if -for example- a police officer tries to pull me over for a traffic infraction, my speeding off and attempts to make it more difficult to ticket me is only a natural and decent personal impulse!

You have a legal obligation not to flee an officer. However, even if you sell drugs or sex, you have no obligation to approach a known police officer and offer to sell them drugs/sex.

You make a distinction between staying passive and not helping an investigation (the drugs example) - and actively deterring the investigation (the flight example).

That's a valid distinction to make, however given how much development effort companies like Uber and VW invested in their tools, I think those are clear cases of active deferring.

I'm not a lawyer, but I think you are making the wrong distinction. Fleeing a police officer is explicitly illegal, I believe the crime is resisting arrest or something equivalent.

Actively telling all your hooker friends to stay home because the cops are out is not illegal. Nor is it illegal to say "oh hi there officer" before your hooker friend propositions a cop. That's basically what Uber did.

Don't be too sure! Check out this amazing survey article on "Crime-facilitating speech" by Eugene Volokh: http://www2.law.ucla.edu/volokh/facilitating.pdf

Not only will you find examples of things like courts finding liability if "a newspaper publishes the name of a witness to a crime, thus making it easier for the criminal to intimidate or kill the witness" (with no intent on the part of the newspaper) [18] or "a Web site or a newspaper article names a Web site that contains copyright-infringing material, or describes it in enough detail that readers could quickly find it using a search engine" [26], there are also examples more directly relevant to this situation. I think references [19, 37, 38, 39, 40] are most relevant.

[19]: "publish[ing] . . .the residence address or telephone number" of various law enforcement employees "with the intent to obstruct justice" is illegal in many states, including California.

[37] My reading of United States v. Lane, 514 F.2d 22 (9th Cir. 1975) is that advising people not to sell drugs to a person because you heard something interesting on a police scanner is aiding and abetting a conspiracy. The court said the defendant "could not seriously contend that he was discouraging, rather than aiding and abetting, the commission of the crime" in response to his assertion that "he actually advised against it".

[38]: My reading of United States v. Bucher, 375 F.3d 929 (9th Cir. 2004) is that it is walking down a trail to warn a person whom park rangers intend to arrest is interfering with both the rangers and their official duties (and thus illegal).

Uber isn't looking after its hooker "friends" though, it's attempting to thwart investigations into its own business model which is profiting from contractors operating in a legally grey area in many jurisdictions.

Seems more akin to developing a system to screen guests at your hotel - which you insist isn't an illegal brothel and is making good faith attempts to uphold the law - to ensure you're only earning "enhanced room service" commissions from people that aren't investigating whether they might be illegal.

Even if that isn't an offence in itself, it still looks like hard evidence against any claims they might make of intent to comply with the law in various other cases being brought against them.

It's closer to them saying, "Yes, sure...I'm happy to take money for sex...wait right here for a while", and then hiding.

Which could be obstruction.

If the app told them they were banned, it would be closer to your analogy. But, it shows fake cars circling about that never pick you up. It's actively deceiving law enforcement

Ah, but is it deceiving law enforcement with the knowledge that that person is right now trying to arrest you, or is it just refusing service to law enforcement because they don't like them? The latter is covered by the TOS where it says they can refuse service to anyone for whatever reason.

there are a number of holes in your thought process.

first, and most important to this discussion, is that it is definitely deceptive especially when you are going to such extremes as documenting burner mobile phones and preventing their use on the pretense of hiding from regulators.

second, and less important for this discussion, but a business has he right to refuse service to any ONE person for whatever legal reason they choose (whether they specify hat reason or not is a different topic). this should not be confused with deniying service to a GROUP of people for whatever reason they want which is discrimination, and is illegal, whether outline in a TOS or not.

Fake cars circling around is pretty deliberate deception. I assume they have a more straightforward way to refuse service.

> Nor is it illegal to say "oh hi there officer" before your hooker friend propositions a cop. That's basically what Uber did.

Uber built an infrastructure to be able to systematically detect and obstruct officers in all locations they are operating.

Comparing this with saying "hi officer" is a slight understatement.

The difference is with the scale then? At what point on this scale (number of instances of the act) does the illegality start?

I don't know how this is handled in US law, but in many law systems there is the question of intent. If you say "hi officer" with the intent of warning your partner that might in theory already be illegal. (obstruction of justice)

While in that case, intent would be be very difficult to prove, it's rather obvious if you spend planning time and resources building a software tool with the express purpose to warn you of officers.


1. They have no obligation to law enforcement to make it easy to catch them. They're making it so that it's harder for LE to use their own service against them. Good investigators wouldn't investigate under their real name, or with their police-union-linked credit card, so it only seems fair.

2. Taxi and municipal transport are easy pandering-demographics for local government, creating monopolies. This isn't Uber vs. competitors, or vs. average citizens, this is Uber vs. the cartels. Everyone, in the long-run, benefits.

> temporarily

It's easy to imagine engineers working on small parts of the system, and never really connecting the dots that the whole point is to evade law enforcement.

I would volunteer to work on that project because its whole point is to evade law enforcement. A lot of us (hackers/technologists) take a pretty dim view of arbitrary State regulations and "laws" and are quite happy to work to evade them. Most people who fit the techno-libertarian or cypherpunk mentality would probably feel the same way.

And here I thought that's just teenagers "who fit the techno-libertarian or cypherpunk mentality", and only until they finally grow up.

The mindset you're describing is pretty self-centered and ignorant of how societies work. The law is there to reconcile conflicting interest so that people don't start using violence to pursue their goals. Techno-libertarian teenagers should imagine what would happen if some people they disagree with contracted that libertarian spirit.


Announcing two new startups - Uber Biotech and Uber Medicare. Because what could possibly go wrong from arbitrarily avoiding regulations for the sake of profits.

How dare Rosa Parks defiantly take a seat at the front of the bus..

How could she be so self-centered and... adolescent?

She was not, as far as I understand, opposed to laws just because they are laws. She had very specific moral objections to very specific laws.

Anti-racism != anarchism.

Uber is... Anarchy? Like in the movie Thunderdome? Sure.

Their opposition wasn't arbitrary; they knew they could provide a better service outside the monopolistic constraints that were already in place. So they fought those battles and because of those battles, everyone gets to experience a much better ride service than the antiquated taxi system.

Come on. They didn't fought for your better taxi experience. They fought for your money!

While your point could stand in theory, could work with a different company, it's Uber we're talking about! Those guys who keep showing, since day one, that they don't give a flying fuck about people beyond the money they get for them! The company painted itself a pretty consistent image over the years, and it's the image of a smart asshole with too much money to spend.

Not uber in particular; the anarchism is in the mentality that "you want me to circumvent the law and avoid law enforcement? in principle, I'm in!" Which seemed to be the position mindcrime was taking.

Everyone gets to experience fancy VC subsidized rides, in any case. I don't see any clear argument that uber is actually more economically efficient than a standard cab...

My time is worth something; standing on a corner at 3pm, checking the time, calling the main office - "oh yeah, he's five minutes away", 45 minutes still waiting, call again..

With Uber/Lyft, I can see when they'll arrive. I can plan to do something with that time if the wait is long enough. I can quickly redirect them to where I am if there's a misunderstanding.

Yes, it's more efficient.

There are plenty taxi of companies worldwide that utilize mobile applications without also showing a disregard for law. The two things don't have to go together. From outside-US perspective, Uber is much less innovative than you'd think. They look simply like assholes with lot of VC money to burn on lawyers.

While you're congratulating the world, I'm in Lincoln, NE still waiting on a cab at 4pm.

I'm an adult; if I want to enter into an agreement to pay someone else to give me a ride and I'm not harming anyone else, then I will. Fuck their stupid arbitrary laws.

While subjective, there is a difference between breaking laws / fighting authority for moral reasons, and breaking laws for financial gain. Yeah, maybe you as an engineer would feel morally righteous for "fighting the man", but Uber doesn't care about that -- it just wants $$$.

Uber is fighting the man, in effort to capture $$$/market. That's their market. A business makes money?

As much as you wouldn't like to admit, they've broken through a market that was once monopolized and the cities had zero interest in doing anything about it.

You now have superior car ride services in part for the work they've done in the market. They have raised the bar.

But their competitors who comply with the law are losing now.

Exactly the point: the law has ceased to serve the people and has become irrelevant. It's on the government to change it in order for society to progress, not hold us back.

Remember, people are using Uber. Citizens. Voters. They are voting with their dollar for the superior product. The government's role has become obsolete in the transaction.

And who paid for the law to be created.

Yeah, Rosa Parks civil disobedience was a for profit operation! Please stop insulting her. Uber is the embodiment of corporate evil, these people think they are above the law.

It's strange how I need to copy and paste my arguments on this thread, like you know Uber was itself astro-turfing HN right now.

You need to grow up from calling people you disagree with teenagers.

Are you also going to take the same generous view towards people evading State regulations and laws that you don't like? Because if you are only okay with people evading laws that you don't like, but they should obey the ones you do like, then you are setting yourself above the law. That way lies authoritarianism.

Not sure how civil disobedience leads to authoritarianism rather than the opposite. Also, by your reasoning, civil disobedience is never justified. And does Trump being President change your reasoning at all?

Civil disobedience works precisely by accepting the consequences of the law. This is the literal opposite of Uber's behavior.

Civil disobedience is breaking the law one perceives as unjust (or refusing to follow it) to make a point about the legal system. It includes accepting the consequences of one's actions. What Uber does is garden variety illegal business practice. No societal benefit in mind, just money to be made.

Disobedience would be refusing to take part in such scummy schemes, and making a huge stink over it.

> Civil disobedience is the active, professed refusal to obey certain laws

PROFESSED. To twist that on this on its head, and use another sociopath to excuse it is hilarious. But since you ask: no, that's even MORE reason to not accept this bullshit.

So then is the country clerk that refused to sign marriage certificates for gays a hero too? She was just practicing civil disobedience.

Or perhaps she should just move very slowly when it comes to same sex couples, just never can get the work done. She isn't refusing it just never gets done.

I think this is best exemplified by the 20th centuries most famous authoritarian, Martin Luther King Jnr

Again, civil disobedience accepts the legal consequences of its actions and is part of a vocal, public effort to change the laws the person or group deems unjust. The entire premise is to create better laws for everyone to abide by.

Uber uses deception to shield itself from the consequences of its criminal actions and consolidate wealth for itself. I'm assuming you're not trolling, so think long and hard about your own understanding of society the next time you want to compare MLK to an anarcho-capitalist megacorp.

In cities where Uber is legal and regulated, they are not breaking any laws and have no requirement to track city investigations against them.

Uber were also being disobedient in order to get better laws for they and everybody else to abide by.

Better yet - their technique pretty much won. There aren't many cities remaining that still attempt to ban ride sharing.

My reply to aianus applies equally to this.

Consider further; how did the narrative of Uber needing to break the law to disrupt (read: try to overthrow) the existing taxi industry morph into excusing their practices as affecting positive social change? Remember, the context of the boycotts during the American civil rights movement was never to "disrupt" southern businesses.

Again, there are plenty of cities where Uber have been successful where they didn't break any laws. Likewise there are many cities that have banned Uber where they don't operate. The number of cities where they operate in a grey area of regulation are often few and often for short periods of time.

Uber are more interested in operating in a regulated environment, hence all their lobbying and hence why their first hires in new cities are usually government liaison people.

Uber is equally successful in cities where it was initially thought illegal, in cities where it was always legal and in cities where it became legal.

Many other companies have ridden the coattails of the regulatory work that Uber has done.

If they were an "anarcho-capitalistic" business then they simply wouldn't care for the laws anywhere. They'd be operating in Nevada, Austin and in all of these other cities that have since banned them. They would be signing up drivers with no license or background checks. They wouldn't need any government liaison people. They'd do no lobbying, etc. and as bad as they are - they aren't that company (although many want them to be)

"Ridden the coattails of the regulatory work that Uber has done"? I think the problem is that you have a very poor grasp of how the branches of US government (legislative in particular) interact with businesses, and thus don't really know how to distinguish among any agent that effects legislative change.

First learn about, and then read some commentaries on the functions and history of the three branches of US government. Then learn about how lobbying works, then read about the various rights movements that've occurred in the US.

I don't see how they aren't "creating better laws for everyone to abide by".

They're not a monopoly on ridesharing and because of their efforts converting the hearts and minds of consumers and politicians others can do it too like Juno, Tesla, Lyft, etc.

Assertion: medallion regulations are currently onerous and against the financial interests of cities and citizens. Uber's public and explicit proposal to change the medallion system: " "

Your statement applies to literally every company that has lobbyists. You need way more than that to present evidence for your claim.

Again, civil disobedience's core mechanism for gaining the support needed to enact the change it publicly and explicitly advocates for is to accept the consequences of breaking the unjust laws.

How far does your scofflaw streak go? Is this different from adding law enforcement blocking controls to any illegal tech product? Should everyone get to decide what laws to follow?

I think you are describing anarcho-capitalism, not libertarianism.

But here's the thing: What we have now is anarchy. It's just that the powerful make the laws, and con the masses. Some places it looks like capitalism, other places more like kleptocracy. But just about everywhere, the game is rigged.

I think you are describing anarcho-capitalism, not libertarianism

FWIW, I consider those terms, along with "voluntaryist" and/or "market anarchist" to be approximately synonymous for all practical purposes.

Should everyone get to decide what laws to follow?

You act as if they don't already. Society works pretty well anyways.

Tell that to the millions of Americans in prison. How did that work out for them?

That example is supposed to inspire us to respect the law more? You need more practice at this rhetoric thing...

I didn't say you had to respect it. Unjust laws should be changed. There is a process for that.

It is fundamentally unfair to have one segment of society (tech workers) have a different set of rules than the rest. Do you disagree?

The process doesn't work as well as you think it does: https://www.youtube.com/watch?v=5tu32CCA_Ig

Society > USA.

Yes, everyone should decide what laws to follow. Ask rosa parks or any poor soul unfortunate enough to be a citizen of nazi Germany.

The civil rights movement was in no way about the abolition of the rule of law. Hitler's promise of greatness actually did seduce a ton of the economically and socially devastated German population. Hitler was a known outlaw. Even if you can't yet think your premise through to the end, at least consider the consistency and truth of your own words.

So Travis Kalanick is a modern day Rosa Parks? Really?

But wouldn't it bother those same people to think they're working for a Megacorp instead? Maybe I have a dim view of law enforcement, but wouldn't I also not want to work for Ares Macrotechnology?

Some of them, yes. Depends on the Megacorp, I think. I mean, I work for a Megacorp now, while working on bootstrapping a startup on the side. But I don't think I'd work for Uber (not because of this though).

But you know that upfront. You can take appropriate precautions up front. If this is actually illegal, the poor engineers could be looking at conspiracy charges at least.

You know the danger and you're doing it with your eyes open. They probably didn't know, and i'd bet Uber sacrifices a few engineers just like VW did.

> arbitrary State regulations

They're way less arbitrary than Uber's action, so that's just projection. You want out of the social contract, be my guest.

Assuming you're against -arbitrary- people and entities operating above the law, how do you square that with the opinion in your comment?

A broader point is that its 2017; we have a decent grasp of chaos theory. We know that self regulation in chaotic systems takes the form of hard to predict cycles of extreme variation. We know that stabilizing these systems requires external adjustments to parameters; some dampening here, a little increase there, etc. Personally, I've grown to quite enjoy being a part of an economy that has some measure of stability introduced to it.

The problem is once your professional ethics makes this ok, you start to slip further into the rabbit hole.

That's how it becomes OK for a company to facilitate engineering managers to exert pressure where women either agree to have sex with them or suffer career consequences, using corporate institutions to do so.

Hopefully most people around you don't feel that way -- your immaturity will ultimate catch up to you.

Grow up. You're defending destroying society so you can get what YOU think is right (based on how much it increases your net worth?). Did you similarly fight for the end of copyright? Did you join the pirate party? What about racial equality or gender equality ? Did you fight for those with the same fervor you propose to fight tor Ubers profits? For a company to replace a million others? that's all that's happening btw - one million small businesses are being replaced by one huge one, with a price advantage only because it erodes or destroyers worker protections.

Get a grip. Under any reasonable government Uber would be destroyed tomorrow under the same argument as pirate bay or a torrent tracker - it's conductive to illegality.

What are your thoughts on food safety law? The 40-hour work week? Net neutrality (such as it is)?

Also it's disingenuous to call laws "arbitray". Like them or not, many, if not most laws, are the opposite of arbitrary.

> It's easy to imagine engineers working on small parts of the system, and never really connecting the dots that the whole point is to evade law enforcement.

If you worked at Uber, would you work on a feature meant to prevent lyft employee from using the app to poach data about car locations and hailing rides to recruit new lyft drivers? That was supposedly the original reason for this.

Plenty of people do work to keep corporate secrets safe.

It's definitely highly intelligent but just as definitely something that implies a sort of double-or-nothing attitude.

IE, Anything is on the table here, it seems (an attitude that can foster creativity certainly). For example, in the end game would Uber's enemies fair badly if they caught a ride in Uber's automatic cars? Indeed, the cars might even be seeking out people for "accidents".

There's reason even the most innovative Mafiosos often don't make it to old age.

Note also:

"Perverting the course of justice is an offence committed when a person prevents justice from being served on him/herself or on another party. In England and Wales it is a common law offence, carrying a maximum sentence of life imprisonment."


"Whoever knowingly alters, destroys, mutilates, conceals, covers up, falsified, or makes a false entry in any record, document, or tangible object with the intent to impede, obstruct, or influence the investigation or proper administration of any matter within the jurisdiction of any department or agency of the United States or any case filed under Title 11, or in relation to or contemplation of any such matter or case, shall be fined under this title, imprisoned not more than 20 years, or both"


And we're talk systematically evading regulators world-wide. ianola but my legal-fantasy mind could compose for people facing a millennium in prison. I assume the reality would be a slap on wrist if they company's influence falls.

I'm not sure of what my opinion of the morality is, but I (as a non-lawyer) don't see this as obstruction of justice.

If I am a prostitute working the streets, and a police officer approaches me to offer me money for sex. But I notice he has police officer boots on, and suspect he is a cop. I then tell him I am not looking to offer any services for money. Is that obstruction of justice?

Perhaps the credit card lookups (or other methods) violated privacy laws, but I don't see how refusing service should count as obstruction of justice.

IANAL either, but there's a difference between not falling into a trap and deceiving the authorities. To continue the analogy, it would be more akin to telling the officer that you're willing to offer services if he meets you at a different street corner with the intention of fleeing later.

>It's easy to imagine engineers working on small parts of the system, and never really connecting the dots that the whole point is to evade law enforcement.

Actually I find this harder to believe than the engineers knowing full well what the system does and doing it anyway. Personally I would never want to work on a system without knowing the value it provides and how it fits into the larger picture.

> I like to think i'd decline to work on that

Does it say something bad about me that I'd be the one jumping up and down to work on this?

It seems really interesting from an analytical perspective and the malicious side of it would leave me very satisfied if it worked. Morality be damned it'd be satisfying.

Well, it is deviously clever.

But using it at scale with drivers and investors at risk? That's crazy.

Given the examples of transit authority collusion and cartel competitors wielding bats, accosting drivers and making customers feel like Baghdad is safer by comparison; I was thinking genius like Ragnar Danneskjöld.

In Atlas Shrugged, Ragnar typifies law enforcement as it ought to be (in Rand's view)--engaging those who claim authority but resort to violence instead of productivity as a means of controlling wealth.

What does it say about me that I'd relish the thought of working on building this out for production?

I'd rather go homeless than work on that.


Yeah... I guess I am too picky. My uncle was even better at engineering school than me and he also ended up as a derelict / janitor so maybe it is genetic. We both seem to be content with a rather low standard of living + powerful imaginations so that we can enjoy that almost as much as we would a much higher standard of living although we wouldn't really enjoy either all that much due to depression or whatever.

But imagine how interesting the system is. Tying together so many data sources, and creating any output you want.

I guees it just makes a list of suspicious people and later managers look through them and ban them manually.

How do we feel about agreeing to do it and then quieting reporting everything I do?

if they are doing that to people they don't want to ride, doesn't it make sense they are doing this with riders?

I agree. The article seems to point to Greyball as proof that Uber is being shady.

Greyball is just the tool they used to keep from getting caught.

The shady part is that they operate in cities were they aren't welcome (by city officials at least, customers and drivers seemed to welcome them with open arms). If Uber operating in Portland is a night burglar, Greyball is his dark clothes and mask.

> Greyball is just the tool they used to keep from getting caught

Using a tool to avoid getting caught is, itself, evidence that one is aware of the impropriety of the action thereby protected.

Many view this kind of awareness as increasing the shadiness of the underlying action.

Isn't this a "nothing to hide, nothing to fear" argument?

No, because it's not the tool alone it's the shady act without the tool vs. the shady act with the tool.

(And it mostly only applies to acts that, while perceived as shady, wouldn't be perceived as outright evil on their own -- no one thinks that something that is unquestionably murder on its own is more evil because you tried to conceal it [0], but if you are taking your co-workers' food out of the fridge, the idea that it wasn't intentional wrongdoing is harder to maintain when you're also caught stashing the wrappers in someone else's trash.)

[0] "No one" is a dramatic exaggeration, of course, and this assumes that the acts done in concealment aren't evil on their own, etc., etc.

First, there's a huge difference to blocking access to everyone, and perhaps just allowing access to selected few vs allowing access for everyone and blocking access to few that could penalize you for doing it.

Second, privacy has nothing to do with it, this is not an information we talking about, but a service. A bit like dealing weed/prostitution/etc and actively looking if there isn't any cop around.

No, a bit closer to 'mens rea' with regards to conspiracy.

I think developing infrastructure with the express goal of evading law enforcement* _is_ very shady, and then proof that they did just that is indeed proof that Uber is shady. I agree that there are other reasons beyond their dedicated law-avoidance infrastructure to consider Uber a shady company, but this leak alone is certainly enough _proof_ to label them as shady.

* even if it is simply by adapting pre existing infrastructure created for a benign purpose

Dark clothes and a mask have other purposes. And they're passive. This is more like active radar jamming: it sends deliberately false information to government officials, on purpose. Radar jamming is illegal in most states.

Evading the government ability to regulator you through deception is illegal - generally more illegal than whatever it is you're covering up.

Government have to work that way. If lying to and evading regulation wasn't illegal, no regulation at all would be possible.

I think it's pretty noble, let's not forget that while people seem to detest Uber, the gov't has a much more terrible track record

Maybe not a popular opinion but I find this entire thing pure genius.


Wouldn't be surprised if this concept spurs its own line of copycat startups i.e. "Uber Greyball for X"

Correct, First siz digits are the BIN. This is how you identify a CC and how carders can guess your limits. e.g. some cards are only allowed to customers with certain credit card profiles.

> [credit card BIN numbers] plus public payroll records

Do California public records really make available where specific public employees bank?

Anyone who has a California State and Federal Employees Credit Union debit card is probably a good indicator.

I saw an Illinois State Police Federal Credit Union branch recently and really thought to myself... that might be giving away a little more information than I'd be comfortable with if I were a cop. I mean, anyone going to that credit union is pretty likely to be, you know, a police officer. So if a criminal was trying to track down a police officer they had beef with, where would they look? Seems pretty obvious. Seems pretty dangerous.

Police buildings (stations, offices, etc.) where they work every day would probably be more useful than a bank.

I think they meant that they could use public payroll records to get the names of city officials.

My aunt's boyfriend works for California govt and his home address is on display. You'd be surprised at how incompetent and irresponsible govt can be.

"Back to the Future" posited flying cars for 2015, Uber had Ghost Cars.

I do as well. Uber is a fantastic company and really exemplary in terms of innovation. This is no exception.

Are you saying innovation denotes positive social change?

"blocks them from the service" doesn't quite capture it right. It doesn't tell them they are blocked. It displays fake cars circling that never show up.

Good point. They would be on firmer ground if they just said "you're banned from our service because [vague reason]", even if the real (unstated) reason was "we don't want cops on this".

But presenting deliberately fake information to hinder law enforcement sounds like it's going to be illegal somehow.

I'm reminded of the Reddit shadow ban, myself.

You mean hacker news' shadow ban?

My accounts at home keep getting shadow-banned... was wondering why suddenly everyone stopped responding. Tried registering a new one but it didn't let me.

Wonder if this one will show up after I log in from home...

Yes, it shows up :)

Or the HN shadow ban

Well they actually weren't able to do this so accurately without disrupting service it seems.

At least I think in my case, and it's part of the reason why I don't use Uber today: I had an Uber account for a couple months prior to this incident but never used it. One night, it was about 3a.m. and I had a bit to drink. A friend gave me a promo code to use, so I could get a discount on my ride home. I put in the code a couple times, but it kept getting rejected. I think I tried this about 3 times, and finally got a message saying my account was blocked or disabled. I gave up and called a cab. I tried to get my account re-instated the next morning, by sending an email from the address I used to create the account in the first place, but got a response from an Uber rep. asking for a copy of my ID! I didn't feel comfortable sending over my ID, especially since it was not required to create the account in the first place and informed the rep as such. The response was: "I completely understand why you are concerned about providing this information. To reactivate your account I do need to verify your identity. If you can cover all but your name, the last four digits and expiration date on your new card, as well as any sensitive information on your ID, that should minimize any security issues".

I'm not sure why it was such a big deal to have that information, but I'm guessing that they wanted to ascertain if I was a hostile or not, but I had a car and wasn't dependent on Uber for survival so... no thanks.

That could also be a CC fraud detection algorithm

Highly probable. Uber has probably lots of problems with credit card fraud, as do many marketplace services.

> I couldn't find a good source, but it doesn't seem like that's something a CC merchant would have access to. Do they really get to see that?

The first six digits identify the issuing institution. Here's a free service for looking up a bank based on that information: https://binbase.com

Interesting! But don't the CC agreements require them to only use CC numbers for the absolute minimum purposes necessary to process the transaction? (They can't store the numbers themselves except the last four digits IIRC.)

So (based on the site) they could presumably use that number as part of fraud prevention but not to "identify possible narcs" -- I imagine the CC companies will be livid at this usage.

> They can't store the numbers themselves except the last four digits IIRC

Companies can store the whole number. That's how on-file payments and automatic subscription renewal payments work.

What you are probably recalling is a PCI rule that requires keeping the credit card number protected, such as storing it encrypted and only letting things that are sending transactions to the credit card network have access to the plaintext. That rule has an exception for the last 4 digits and the first 6 digits.

For example, when your customer support people look up the history of a customer they are helping, if your account info viewing tool shows a list of prior transaction details, it could not show the credit card number used for each transaction, but it could show the first 6 and the last 4 digits.

CC processing agreements don't normally have any such restriction - the only information that absolutely can't be stored is the CVV/CVC number.

If you handle CC information, you are subject to security standards auditing (called PCI compliance - like encryption at rest, etc.), but the BIN number and last 4 digits are not considered privileged information.

I'm also not aware of any restrictions on how you want to use the BIN information - for example, merchants often use the BIN number to block prepaid card usage.

Another good use for BIN information is justifying tax decisions. A little while back the VAT rules in the EU changed for online merchants. Before, you collected VAT based on your location. After, you collected VAT based on the buyer's location.

Each country implemented a thing called VAT MOSS, and you can register with a country's tax authority to use their VAT MOSS system. You only have to do this in one country. Once a quarter you submit a VAT MOSS form that lists your sales in each EU country and how much VAT you collected. You pay that to the tax authority of the country whose VAT MOSS system you use, and they distribute the appropriate amount to each country.

They don't want it to be trivial for online buyers in high VAT counties to claim they are in some low VAT country, so merchants are not allowed to simply collect the VAT for whatever country the customer picks on the "country" drop down during check out. The merchant is required to have two pieces of non-contradictory evidence to justify their choice of which country's VAT to collect. One can be the country selected by the customer.

What we normally use where I work is the customer's selected country and the country that MaxMind's ip to country database says they are ordering from. If those two agree that's two pieces of non-contradictory evidence and we're done.

That's good enough most of the time but sometimes it fails. In that case I'll lookup the bank that issued their credit card from the BIN. Almost every time that bank turns out to be a bank from the country that the customer claimed to be from, giving two pieces of non-contradictory evidence for that country. Maybe once or twice the bank from the BIN did not match the claimed country but did match the IP country, so I went with that instead.

There have only been a handful of times when that was not good enough, and I had to dive into their past orders, support tickets, and logs of their software contacting our update servers to play detective and try to get enough evidence to justify picking a country.

I wonder how this will work for the UK post-Brexit. Do you have any educated guesses?

These are my guesses. Not sure how educated they are.

I'd expect it to depend on the nature of the post-Brexit relationship between the UK and the EU. They will have some sort of treaty or agreement on trade, and that will probably include something about handling taxes.

In the best case they cooperate fully and keep the VAT MOSS system working like it does now. That will result in no change from a VAT reporting and collection point of view.

In the worst case they do not cooperate. The consequences of that depend on where the seller is located.

If the seller is not in the UK and not in the EU, then the result is to approximately double the quarterly paperwork. Instead of reporting to the VAT MOSS system of one country and having it distribute the tax to all the others, they will have to report to one EU country VAT MOSS to deal with all of the EU, and to the UK tax authorities to deal with VAT for UK customers. My guess is that those currently using UK VAT MOSS will most likely switch to Ireland VAT MOSS for their EU VAT, to stick with an English speaking country.

If the seller is in the UK, and not in the EU, then the "do not cooperate" case is not as big an impact. That's because the UK VAT MOSS system cannot be used by UK merchants to report UK VAT. They can only use it to report non-UK VAT. They have to file separate paperwork with the UK tax authorities for UK VAT. So worst case for these sellers is that UK VAT MOSS goes away and they have to register with some EU country's VAT MOSS to deal with EU VAT. After that, they are essentially in the same position they are now: they are still reporting to both the UK tax authority and to a VAT MOSS. All that changes is that they might have to use a different VAT MOSS.

Thank you for the interesting reply.

One question:

> UK VAT MOSS system cannot be used by UK merchants to report UK VAT. They can only use it to report non-UK VAT

Why is that? Was it a deliberate choice by the UK tax authorities?

I don't know for sure why it works that way.

My guess would be that it is because each country has its own rules about how VAT works for for things sold to buyers in their country. Each country would like to fully apply its rules to all purchases by its residents, but they recognize that it would be unwieldy and expensive for sellers to have to deal with minutia of the VAT rules of a couple dozen different countries.

VAT MOSS is a compromise that simplifies the rules, so that a seller selling into several foreign EU countries only has to deal with one unified set of rules through the VAT system. Instead of having to know details of the tax law of several countries, the seller only need to know the VAT rate for each. That's much easier to deal with.

I'd guess that they don't apply VAT MOSS to sales by domestic sellers to domestic buyers because they consider their own tax rules superior to the rules under VAT MOSS.

>> They can't store the numbers themselves except the last four digits IIRC.)

That's not actually true. Vendors usually have to store the entire number (but not the CVV/CVN). Most of them show you the last 4 numbers to prevent shoulder surfing and accidentally disclosing the number to someone who's taken over your accounts.

They also record the last 4 digits. I guess they could use some sort of algorithm to determine the probability it is an official, especially if they combine it with other data.

You can see the "greyball" tag fields in Exhibit A in this lawsuit filing. It looks like they did some rudimentary device and payment method correlation as well as whitelisting at the database level:


The first part of a credit card number is called the BIN, which stands for Bank Identification Number. With that, you can tell which bank issued the card (aka the issuer).

Additional to what you don't need further comments about: you can ask for billing address at payment time and then validate it with a fraud checking company like ReD to prevent them just making it up, so that a card registered to an organization will have to out itself. Or if it's registered to a "front" that's designed to look residential, flag that address as dirty after having been caught in a sting and then propagate the dirty flag to other cards that also point there.

I'd like to see them subpoenaed to explain what they were doing. They were deliberately violating the law, and trying to avoid detection just makes things much, much worse.

This has got to be illegal.

The article says Uber's legal team approved it:

>At least 50 to 60 people inside Uber knew about Greyball, and some had qualms about whether it was ethical or legal. Greyball was approved by Uber’s legal team, headed by Salle Yoo, the general counsel.

I (though not a lawyer) assume their reasoning was: "It's legal to use public sources to identify possible law enforcement agents, it's legal to deny services to them. Seems legit."

Seems to imply that they knew they were breaking the law, which would also seem to constitute mens rea. IANAL.

Just because the legal team approved it doesn't mean it is legal. Legal teams make mistakes all the time

Well, that's a bold legal strategy if true -- I wonder why Microsoft simply didn't put it in the Windows license agreement that government users couldn't sue them for antitrust violations!

(Uber's real argument seems to be "it violates our terms of service for a government official to try to figure out if we're following the law")

That wouldn't work:

a) exempting themselves from specific laws by EULA generally doesn't work,

b) you can block specific people from a service and even police have to leave when told (barring further e.g. probable cause), but police are under no obligation to honor a general "no police" policy.

It's legal, though, to kick someone off a service because you think they're a cop. (e.g. biker bars that kick people out on that basis)

> This has got to be illegal

It doesn't seem that different from Cloudflare et al throwing up CAPTCHAs and blocks when I browse through Tor. Uber was trying to prevent abuse. Until someone identifies themselves as a city official or Uber is put on notice that it is under investigation, I think they are well within their rights to do this.

I don't get the analogy... Cloudflare is trying to protect websites from hacking attempts and similar, most of which is illegal. Their treatment of Tor also wasn't a deliberate decision but the result of empirical data they collected.

A government official (or anyone, actually) trying to check for compliance with the law isn't doing anything illegal.

Uber may be within their rights because companies usually have wide latitude to refuse doing business with someone, although that will ultimately depend on what kind of violations they were trying to hide, how invasive their stalking of customers was etc.

Morally, though, this is just more of the shady shit that's been coming out day after day. How any investor would be willing to trust them with their money is beyond me. Considering how intransparent their financials are, I wouldn't be surprised if this ends in an Enron-style meltdown.

> Cloudflare is trying to protect websites from hacking attempts and similar, most of which is illegal

I don't think we can say "most" Tor traffic "is illegal" [1]. At the very least, we agree that some of it is legal. That means Cloudflare, a private company, is treating users differently based on its interests and its interpretation of the law.

> A government official (or anyone, actually) trying to check for compliance with the law isn't doing anything illegal

They probably aren't. Neither is Uber. They're just treating their users differently based on their interests and interpretation of the law.

Law enforcement has tough-as-nails methods at its disposal. It could subpoena, audit, intercept, sue, et cetera. The downside is those methods come with oversight and transparency requirements.

[1] https://www.torproject.org/about/torusers.html.en

You are in Libertarian La-La Land to call what Uber did "treating users differently based on its interests and its interpretation of the law".

As Volkswagen discovered, in the United States this is called "criminal conspiracy" and "obstruction of justice."

> As Volkswagen discovered

Night and day. Volkswagen was falsifying data provided to the government at an identified testing facility. Uber is fuzzing data and refusing to provide services to certain customers who have not identified themselves as police, though may be*.

A city official cannot demand entry to private property without a warrant. Furthermore, one can eject someone from your place of business--again, provided they don't have a warrant. To get a warrant, investigators need probable cause. There are good reasons we limit the power of those seeking probable cause.

You're confusing the crime with the cover-up. Nobody knows what Uber was trying to hide. The point was simply that such attempts to hide corporate wrongdoing are aggravating factors or can even have legal consequences on their own.

They also presumably did this not just in the US. Other countries have different interpretations of the extend of sovereignty over property, and maybe if an Uber is considered "private". I know, for example, that the police in Germany can demand entry to night clubs during public events without cause or warrant.

> such attempts to hide corporate wrongdoing are aggravating factors

Usually. But I don't believe that is the case here. Uber was public about the fact that they were breaking Portland's taxi rules--they blogged to that extent. Prosecutors had enough evidence to get a subpoena and demand what they wanted. But the cops didn't do that. They chose to collect $5,000 fines from the drivers. That's their prerogative, but that upside comes with a cost.

> Other countries have different interpretations

That might be the case. I am only commenting with reference to American laws and customs.

There's a legal requirement to comply to emissions laws.

Is there a legal requirement to make it easy for cops to use your service? Are they a protected class?

If I didn't want to sell donuts to the cops, I sure wouldn't tell them it's because they are cops. I would just be mysteriously out of donuts every time they come in.

There is a legal requirement to not operate an illegal taxi service.

I think you misinterpreted what matt4077 said. Most "hacking attempts and similar" are illegal. Tor is often (nobody said always) used in attacks, so the IPs of most exit nodes show up during attacks, which requires future users coming from those same exit nodes to solve the captcha. Cloudflare makes these decisions based on data, not on interpreting the law.

> Cloudflare makes these decisions based on data, not on interpreting the law

As they are entitled to do. Uber saw damaging activity coming from burner phones. They blocked and/or modified the related services.

If the investigators had identified themselves to Uber and then Uber did this, that might be different (though law enforcement is not, for good reasons, a protected class). The investigators chose a quieter path and Uber reacted accordingly.

To be fair, some people at Cloudflare were working on reducing these CAPTCHAs for Tor users, though not sure what the current status is.



Entrapment is also illegal.

Sure, but is not entrapment. Firstly, Uber was definitely offering the service, so it's not like they tricked them into committing a crime. And the government hailing an Uber ride doesn't meet the objective test that forces a normal, law-abiding citizen to commit a crime.

Perhaps this is the reason they want to collect your location when you're not using the app. Need to be sure that city employees are going to city hall, after all.

That could be true, it could also be to help predict demand/needs for the service.

It could.

But when a company profiles people and refuses service based on inconvenient occupations or employers, how can you be sure?

All credit cards have a BIN number (first 6 digits) that typically are associated with one bank. Checkout this list[1]

[1] https://www.bindb.com/bin-list.html

Drivers can and should prefer passengers with a higher probability of being "good" customers.

Greyball seems to be a clever tool which attempts to predict the good-ness of potential passengers.

The unethical piece comes in to play with the heuristics injected in to greyball. (kinda makes you wonder if "grey" moniker refers to the ambiguity which comes with the territory of rating people)

To add to the confusion, it's not uncommon in cities to have a government office within a building shared with other private tenants.

Whoever came up with this scheme at Uber earned their bread.

>>Other techniques included looking at the user’s credit card information and whether that card was tied directly to an institution like a police credit union.

>I couldn't find a good source, but it doesn't seem like that's something a CC merchant would have access to. Do they really get to see that?

First 6 digits of any CC# is the Issuer/Bank Identification Number (BIN/IIN), and anyone can get access to that information.

Here is an online search tool: https://www.bincodes.com

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact