Hacker News new | past | comments | ask | show | jobs | submit login
Senator Al Franken's Letter to Uber [pdf] (senate.gov)
353 points by kyledrake on Nov 20, 2014 | hide | past | web | favorite | 134 comments

I note that many of the questions are around the processes, training, rules, etc. that govern the use of technology developed by Uber. This is important.

Systems Engineering teaches the concept of POSTED: People, Organisation, Support, Training, Equipment and Doctrine. When a system is developed, it must give consideration to all of these aspects. Failing to do so means you design an incomplete system.

In this case, Uber has developed a piece of Equipment, their God Mode view. Franken's asking about the other pieces of the system, such as the training, support and doctrine and people. These are equally as important to design, document and implement. Failing to give due consideration to these aspects of the system is no different to having an incomplete equipment solution developed. I'm interested to see whether Uber gave due consideration to these aspects of the system.

There's something to be said about startups moving fast to develop technology but not necessarily the other aspects of a complete system. Mature systems engineering / software development firms do this day in and day out. Yes, it can lead to slower iteration on the core technology and capabilities, but it is critically important to consider. I suspect it's often a pinch point when start-ups try to scale, for example when a piece of technology then needs to consider user access rights, etc.


I don't think the condescending tone is necessary—there are actually about ten million links if you spell organization correctly.


EDIT: Removed quotes.

He did spell organisation correctly, just used British rather than of American English.

While the condescending tone is unnecessary, logicallee is right. There are actually zero links, Google just removes the quotes and shows results for that. None of them seem to have all the words together or the acronym. Just random occurrences of words on the page, and it's predominantly military documents.

That's because the military are actually really good at doing systems engineering, because it's all about writing requirements specifications, managing acquisitions and testing for delivery against requirements which is the military's bread and butter. Most of my experience in this area has been workign for ex-military people. NASA are also really good at it, and they publish a handbook on it which is very good:

(warning: 8.1MB PDF) http://foiaelibrary.gsfc.nasa.gov/_assets/doclibBidder/tech_...

They may not refer to the acronym "POSTED" exactly, but said acronym is what I learned and I thought highlighted the scope of what a system covers, specifically that it is not just the equipment i.e.: software. In the NASA SE Handbook, page 3 says the following, which essentially maps across to what I described:

"A “system” is a construct or collection of different elements that together produce results not obtainable by the elements alone. The elements, or parts, can include people, hardware, software, facilities, policies, and documents; that is, all things required to produce system-level results."

The problem is that the equivalent (US) military acronym is "DOTMLPF" - Doctrine, Organization, Training, Materiel, Leadership, Personnel, Facilities. http://en.wikipedia.org/wiki/DOTMLPF I'm a systems engineer that works for the military and I've never heard of "POSTED", it may be a NASA thing since they kinda have their own flavor of SE.

I'm AU and the guys I deal with are ex-ADF so I don't know. I'm glad that there's a wiki link for that one though, that helps when I next have to reference it :)

Same idea either way - the system is far more than just the equipment/technology.

Oh sure, definitely. I should have said the "US" equivalent is DOTMLPF. I edited my post to reflect that. The idea is definitely the same though.

Actually, I'm seeing this comment page for the top link on Google for the search terms:

"People Organization Support Training Equipment Doctrine POSTED"

We DID IT! We made it a THING!

I'm seeing one [relevant] link, an Australian senate hearing regarding the "Defence Legislation Amendment (Aid to Civilian Authorities) Bill 2006". This confirms my initial suspicion that it probably originated from some sort of military handbook - you can the pretty much tell by usage of the word "doctrine" alone.

EDIT: To be precise, I see [1], plus two mirrors of it, plus two links back here, but only from my phone. On my desktop I get zero results.

[1] http://parlinfo.aph.gov.au/parlInfo/search/display/display.w...

s/correctly/in the corrupted American form/


I favour (!) British spelling too but 'organization' is more correct in the etymological sense as it derives from the latin 'organizo'. The British form is in a way a corruption itself because it favours 'ise' as it is easier than learning the etymology. 'Oxford Spelling' is an etymologically correct variant of British spelling.


Senators also have dozens of staff members who support them, especially on issues they're passionate about or committees they're involved in. And the committees themselves have their own staffs. Most likely one of these staff members is both deeply familiar with these specific issues and contributed heavily to this letter.


This letter is high level, and does not go into extensive detail. Why are you so defensive? The story may have been invented, and it may be accurate.

You are making it clear that you have an emotional interest in the story, and the people responding to you are just readers of this website.

He's saying that with that many aids and resources, these letters can be produced extremely quickly if the Senator asks for it.

The letter was obviously written by one of his 30+ staff; probably the staffer referenced by name at the end. It's mostly a summary of news reports...not rocket science.

So, I completely agree with this letter, but I felt a sense of unease reading it. I realized why. Other companies are as bad or worse about privacy, where are all those letters? I wish there were a lot more of these and wonder if the only reason this one exists is because the blowup with Uber was so visible and so it can be used for political posturing.

These types of letters do get sent to other companies. Here's one from Franken to some obscure app company from February:


Here's one to Google from Markey:


Here's one to the FTC about Facebook from Warner:


Here's one from Schumer to Zuckerberg:


Here's one from Blumenthal and Franken to Social Intelligence (never heard of them before):


I found all these by Googling something like "senator letter [company name] privacy". Most don't get covered here because they are typically routine pandering by politicians that doesn't change anything. (As is this letter IMO.)

This was my reaction as well. Yes, Uber's behavior here is reprehensible. But it's also kid stuff compared to what other entities (including the Federal Government itself, whose behavior we never agreed to in a TOS agreement) are engaged in, and I have to wonder what, if any, authority the government could exert in these circumstances (disregarding the appropriateness of the use of said authority, or any potential legislative action). Assuming nothing about Uber's user terms and agreements aren't unlawful, it's almost certainly the case that, as alluded to by Franken's letter, users of Uber have agreed to provide Uber with this sort of access to their usage of the app.

So while I agree with the spirit of what Frankin is saying, I'm just left with distaste for what obvious posturing and pandering it is.

I see what you're saying, but there are two things that make this more egregious than other (assumed) offenses.

First, Uber did this brazenly and, one could argue, openly. Their hubris needs to be curbed this way.

Second, Uber explicitly wanted to go after a member of the press. The press is our shield against all the evil that is done against the public by governments and corporations.

We need our journalists to feel absolutely safe in their chosen profession. We may disagree with or even hate some of them, but we have to show people considering such an important career that it won't put them at risk.

As far as I know, Google and other companies are using/gathering our information equally legally. They might be doing something nefarious with it, but at least they claim to be responsible and honorable. With the exception of their press releases, Uber seems proud of their ruthlessness and lack of integrity.

First, Uber did this brazenly and, one could argue, openly

The reported quote was couched in the hypothetical; reported out of an 'off the record' private event; by a reporter that was the +1 of an invite.

Those are major caveats. While they don't excuse anything, they also (frankly) answer several of the senators questions.

I find it un-imaginable that Franken (or anyone) has never articulated views in the hypothetical, that may or may not have been in line with "corporate policy".

Imagine if the 405 freeway was mic'd during rush hour. We'd have prisons full of criminals charged with thought crimes.

All that being said, Uber needs to get its act together. Transportation is a heavily regulated industry for a variety of reasons. There are personal safety issues involved, interstate commerce, and all kinds of local issues.

Uber needs to get itself in a position where politicians and the public can trust the company to operate in a manner deserving of the public trust. And in that direction, it seems to me at least, that they are showing a pattern of behaviour that is more at issue than any single event.

It seems their general approach is open to question, on quite a few fronts. Wether or not rebellious, upstart brands are a problem, I don't think thats it. They seem to take on take on a air privledged 'bro's' who are untouchable and shady. And that is something that they don't want to be type-cast as, when ultimately their business relies on the public's trust.

> The reported quote was couched in the hypothetical; reported out of an 'off the record' private event; by a reporter that was the +1 of an invite.

The man laid out a detailed plan to harm reporters while talking to reporters. That it's hypothetical doesn't matter. If a mob boss told journalists about how easy it would be to make journalists disappear, that it was hypothetical and off the record wouldn't matter.

Senior executives of zillion-dollar companies do not accidentally talk to journalists. It could be that the guy is just a total idiot. But when otherwise smart people do something apparently stupid that just happens to serve their interests, it's reasonable to think that it was entirely intentional.

The man laid out a detailed plan to investigate and anonymously report facts about reporters while talking to reporters.


If we want to make hyperbolic analogies, the closest one might be a mob boss suggesting hiring hit men to kill other hit men while talking to a hit man.

> The reported quote was couched in the hypothetical; reported out of an 'off the record' private event; by a reporter that was the +1 of an invite.

"Off the record" isn't some magic phrase you can use to stop a journalist from reporting what you say.

It's a carefully constructed agreement between a source and a journalist. That agreement will cover what material is divulged and how it is sourced.

It is wrong to suggest that this meeting was "off the record".

This is dis-engenuous. One of the guests invited a tabloid reporter, did not appear to disclose the terms of the invitation to this person, and the result is predictable.

The ethical nuances here are lost because you have a sketchy company and an ethically challenged publication.

But in the same vein as the Mozilla incident, freedom of the press, nor freedom of speech...does not protect a citizen from another citizen.

If a muck-raking journalist wants to hide behind ethics to keep citizens from muck-rakin them, that's simply not protected by law or frankly by any real ethical consideration, other than the sense of moral proportionality that reflects their own behaviour.

It is a bizzarre point, but unfortunately its fundamentally correct.

The only "new" ethical consideration in this flap has to do with using specific information (presumably confidential company information) to bolster an attack. From what i've read, nobody suggested that this type of attack was only possible using a certain set of information.

Notwithstanding the distastefullness here, this is simply nothing that is not done in every major national election. So in that regard, the senator could equally send such a complaint to the DNCC.

What is actually the legitimate issue here is something much narrower: whether or not a malicious person would have the potential to abuse information that is not publicly available to do this.

That is very much a legit issue, but I'd be interested to see if the actual discussion would have been so bizaerre as to require this formulation. That would bring the company and its policies into the actual discussion in a way which simply articulating that low ethical standards swing both ways does not.

For example, a malicious threat would be something along the lines of "I know where you were last weekend at xx:xx" where this information would be used to extort or blackmail someone (eg, an affair etc). This type of threat would specifically hinge on the abuse of private information. Whether or not this was somehow allowed under any user agreement or employee policy is beside the point--its blatantly an abuse of implicit trust.

That is an entirely different type of situation that saying if "reporter X" is unethica, someone might very well do the equivalent of a classified-security clearance review of "reporter X" and articulate the findings in public. [1]

Needless to say, most people that look at this cannot distinguish the two cases, or if they can they are happy to disregard the reality of how the world works already.

The second issue is the idea of proportionality. In that when faced with some level or argument or counter argument, you dis-repscet the process of discourse and engage in ad-hominem. That is to say, in this case, retaliation with character assasination.

Again, I think this cuts both ways here. Being tone deaf and lacking in porportionality is a problem for ethically challenged startups--not doubt--but its also a problem with tabloids (see: uk phone hacking) and social media lynch mobs.

[1] If it meets the test of being legal and proportionate, its not really unethical by default.

> This is dis-engenuous. One of the guests invited a tabloid reporter, did not appear to disclose the terms of the invitation to this person, and the result is predictable.

People need to realise that journalists will report everything. They will report as much as they possibly can. Unless you have a written agreement with a specific journalist that covers what is or isn't allowed to be printed you must assume that they will print everything.

The meeting was not private.

You keep saying things like "ethically challenged". That's wrong -- this is standard journalistic ethics.

That's wrong -- this is standard journalistic ethics.

That's a gutter dwelling argument that is bullshit on both-sides. Because it supports the idea that private citizens should also be free to trash journalists. After all, if they have no ethics, they have no moral high ground to use as a defense against their own tactics.

So you are arguing the point of the Uber-douche.

Nice one.

The meeting was not off the record. Don't invite journalists to a meeting and expect them to not report what you say at that meeting. If you need to go off the record you need an agreement with the journalist.

You've twisted that to suggest that journalists are the same as an Uber executive digging dirt. The difference is that the journalist publishes under their name, via an editor and publisher, and is prepared to go to jail to protect their source.


Where is your source for this? Buzzfeed guy was not an invited guest. His excuse was that, since he was not invited, he was not bound to the terms of the invitation.

As someone else has written, if you think you need a (written) contract to enforce ethics, you don't understand the concept of 'ethics'. Contracts are useful because they create legal -- not simply ethical -- obligations.

In any event, if you don't appreaciate any of this, we can agree to disagree.

"The press is our shield against all the evil that is done against the public by governments and corporations."

This seems incredibly naive to me. It's certainly idealistic, and it's extremely difficult to believe that the media, at least the American media, isn't heavily biased by capitalism. Sensationalism does more harm than good, and it's trivial to "buy" press coverage. The New York Times may very well have enough integrity to refuse to be bought, but it's a common practice to solicit journalists to write articles about new products and such. If you have an agenda, there are journalists ready to be paid to support it. Not only is the press sometimes not our shield, sometimes they're actually a sword against us.

While Travis' comments were certainly regrettable, there's an important distinction between talking about doing something and actually doing it. Almost anytime someone is called out for something they've said, the comments are taken out of context. It's easy for me to imagine that what was said was a reaction to a journalist behaving badly, writing an article with an agenda. It seems likely that the suggestion to use trip data was a suggestion to stoop to the same level, rather than simply to be evil towards someone who was noble and with unquestionable integrity. Uber gets a lot of press, and while some fair points are made, the press I've seen tends to be overly aggressive, misinformed, and usually displaying a clear agenda. What Uber is doing is revolutionary, disrupting well entrenched business models. When you disrupt an industry, you make enemies of the people who were lazily profiting from it. That doesn't mean Uber is good and their opponents are evil. But make no mistake that there is a battle going on, and ugly things are being said on both sides. We're all a bunch of idiots if we waste time letting ourselves be drawn in by someone else's agenda rather than assessing the merits of each side independently and voting with our wallets.

It doesn't matter if the press functions with 100% altruism or 100% efficiency. No body comprised of humans ever will. Of course there are capitalistic motives, and making money does often run counter to the public benefit of the press.

But there are many idealistic journalists (look at ProPublica, for many examples) who are doing important work, exposing things that aren't always sexy, but are definitely in the public's interest.

The press isn't a special case where we have to make sure they can operate without being held accountable for their actions. Everyone should be held accountable and everyone should be able to defend themselves. If anything, journalists are already granted a greater shield than the rest of us.

Again, we're talking about journalists who have _acted_ with agenda against a company, and we're up in arms over off-hand _comments_ about retaliation. Neither party is altruistic and both are financially motivated. If the press acts with agenda and now reports on the retaliatory comments that were made, they can no longer be regarded as unbiased and fair. I'm not going to take their side, and I'm certainly not going to defend them when they appear to be the real bully. Nor am I going to support Al Franken as he attempts to exploit the situation for his own benefit. We've got bigger problems to deal with than who's more butt-hurt about what someone else said.

> So while I agree with the spirit of what Frankin is saying, I'm just left with distaste for what obvious posturing and pandering it is.

At least someone is speaking up. You criticize Al Franken for not going after everyone else as well, but why not criticize the other 99 senators who haven't done anything. I apologize in advance if I'm missing another senator that has done anything like this about privacy.

Rand Paul has done something far more important that weighing in on a private business policy.. He (along with a few others) have been extremely outspoken against the Patriot Act and warrantless NSA spying. Where's Franken's letter to Obama demanding "executive action" to suspend warrantless information gathering by the government. If Uner wants to be a shit, we don't have to use Uber. If I don't want my personal information harvested by my government, I have no recourse. I even live in France, yet my French bank records are required by FATCA to be disclosed to an American government entity simply because I happen to have an American passport. That's far more intrusive than anything a ride-sharing app can do to me. How about reports that the government has monitored journalists? Where's Franken's letter about that?

This is nearly meaningless political grandstanding because Uber happens to be both well-known as well as currently in the headlines.


And here's Rand Paul proposing a bill to end warrantless NSA wiretaps. http://abcnews.go.com/Politics/rand-paul-bill-would-curb-nsa...

100x this.

>But it's also kid stuff compared to what other entities (including the Federal Government itself, whose behavior we never agreed to in a TOS agreement) are engaged in,

Complaining about gov't behaviour compared to private enterprise is like complaining about how kernel-level processes can do so much more than userland processes.

No, it would be like complaining that a bug found in an userland program is publicly scrutinized but not when the same one is found on a kernel program.

One man's bug is another man's misunderstood feature. Cf. Shellshock.

agreed. my first thought in reading this:

"Dear Mr. Kalanick - how dare you allow your staff to announce an idea to spy on the American people and use the information you learn against them? Didn't you know that privilege is exclusively for the US government?

You know we will partner with you to abuse the vast information available on the habits of Americans through your service when the time is right - no need to get people riled up more than they already are.

Best Regards, Uncle Sam."

The biggest thing that will disenfranchise your political weight is dismissing the government as a homogenous mass, moving in lock-step, that "they're all as bad as each other".

Uncle Sam is _people_. Good people, bad people, influential people, less influential people.

That said, I do think it is valuable to point out that while Al Franken is admonishing Uber with one hand for tracking people without permission, he's giving the NSA pats on the back with the other for doing the very same thing [1]. If anything, the NSA tracking is worse. Uber can't send me to Gitmo, but the federal government sure can.

[1]: http://www.huffingtonpost.com/2013/06/11/al-franken-nsa_n_34...

My feeling also. If this isn't a case of the pot calling the kettle black I don't know what is. The Federal government is one of the worst offenders at being careless with personal data and of using it for political purposes when it suits them. I'm not defending Uber here, but this is just grandstanding by Frankin.

> My feeling also. If this isn't a case of the pot calling the kettle black I don't know what is. The Federal government is one of the worst offenders at being careless with personal data

So all federal government is responsible for all other arms of federal government, Al Franken is a member of the federal government, therefore guilt by association?

Just a question, but are you ok with your movements being tracked by Uber? Are you ok with any corporation spying on your movements and potentially using that information against you? So because the NSA spies on you, it's not ok for Al Franken to stand up to corporate privacy issues? Just saying ...

Yes, I would like to see anyone stand up for privacy issues, corporate or federal. As has been pointed out in other threads on this post, Al Franken actually does stand against both.

So let's agree that "the pot calling the kettle black" is a bad analogy because not all federal government necessarily agrees with other arms of the federal governments' actions. Yeah?

OTOH, Frankenstein is the chair of the committee whose job is to oversee these matters. Perhaps the Senate Intelligence committee would be the analogous thing for government surveillance: http://www.intelligence.senate.gov/memberscurrent.html

Worst auto correct ever, btw. "Franken"

> including the Federal Government itself, whose behavior we never agreed to in a TOS agreement

You voted for them, which is their way of saying "see, it's in the fine print, hahaha"

Not everybody who lives in a country has the right to vote.

At the same time, we run into a problem with your unease, namely that we have to catalogue and rank by severity every privacy breach before addressing any individual one. Which is the same as saying we'll never address any.

I'm not offering a solution, and I agree that ranking is bad. The biggest problem in all of this in my opinion is that the real criteria for this getting attention from Congress was "can I make political hay out of this." That's the worst possible metric short of active malice (although Congress does that too.)

In my opinion, this is simply a distraction.

Where is the outrage over Target, Home Depot, et al carelessly storing and allowing credit card information for hundreds of millions of customers to be compromised?

Where is the outrage over my landloard losing my sensitive information and having no liability if/when my identity is stolen?

Use/abuse of data by companies is nothing compared to the damage that is done when data is stored improperly. How are we allowing companies to hold so much information that is so potentially damaging to us yet not able to hold them legally/financially accountable when our data is compromised because of their negligence?

I'm not sure what it would look like, but regulation and penalties should be focused on sensitive data storage not use.

If you're a company with a lot of user data along these lines, this letter serves as notice that you'd better be able to answer these questions for your own company. Who knows when The Eye will glare your way?

>Who knows when The Eye will glare your way?

It seems like arbitrary application of political power in this way is more likely to increase political lobbying dollars than anything (make The Eye glare a different way or get your competitor).

> Who knows when The Eye will glare your way?

It never will - Franken loses his chairmanship of the committee come January when the Republicans take power, which only serves to highlight that this "investigation" is merely him pandering to his constituency on his way out.

Franken has been consistent in his support of privacy. Last year, he wrote to Tim Cook requesting clarification of Touch ID's details of implementation:


"... that this "investigation" is merely him pandering to his constituency on his way out."

An alternative, and more likely, explanation is that he is just being consistent in representing his constituency throughout his career.

The subcommittee, which is specifically tasked with looking at tech privacy issues, isn't going away.

No, but it will certainly be rendered useless by a majority party which believes government should have no meaningful say in any decisions made by businesses.

Because Uber isn't part of the SV crowd that works with the US government in it's push against privacy, unlike for instance Google and Facebook, who regularly work together with the US government to pressure entire nations into removing their privacy related civil rights protection.

Uber is not (yet) on the inside, and its brazen, undiplomatic and downright stupid behavior is an embarrassment and a liability for those who work to destroy privacy quietly.

A backlash against Uber might escalate into a broader backlash, and that makes a lot of people very nervous.

> if the only reason this one exists is because the blowup with Uber was so visible

If you're a U.S. senator, you're probably not all that plugged-in to what various companies are doing with privacy. Heck, I'm constantly learning new things: https://news.ycombinator.com/item?id=8634687.

> and so it can be used for political posturing.

So? You're unlikely to be able to build-up the mindshare to tackle an industry-wide problem without meaningful high-profile examples. Uber happens to make a particularly good one: they have a "God Mode" where they can see everyone's physical location! Quite a bit more visceral than uploading your e-mail address to Facebook and following you around with 1x1 pixel images.

An effective free press is part of the foundation of democracy. From my perspective, this is as bad as Uber going after politicians, regulators, or activists. Other companies may be as bad, but I don't think their badness is as dangerous.

Uber has more public exposure, and perhaps as Apple learned before them as did Google, you need members of Congress. Sometimes they remind you of that subtlety, other times not so much; legislation.

Letters like this appear all the time but only when the issue is sensationalized. It's inconsistent and doesn't actually solve any root problems between technology and society.

Uber management was successfully trolled by the media, so now the political class is interested. Had they kept their nose down and remained silent there would be little to no outcry.

Note that Franken wrote this as the Chairman of the Senate Judiciary Subcommittee on Privacy, Technology, and the Law. The committee's mandate / scope:

    Jurisdiction: (1) Oversight of laws and policies governing
    the collection, protection, use and dissemination of 
    commercial information by the private sector, including 
    online behavioral advertising, privacy within social 
    networking websites and other online privacy issues; 
    (2) Enforcement and implementation of commercial
    information privacy laws and policies; (3) Use of 
    technology by the private sector to protect privacy, 
    enhance transparency and encourage innovation; 
    (4) Privacy standards for the collection, retention, use 
    and dissemination of personally identifiable commercial 
    information; and (5) Privacy implications of new or 
    emerging technologies.

Franken supported the NSA as the surveillance scandal broke: "I can assure you, this is not about spying on the American people." [http://www.nationaljournal.com/congress/the-nsa-has-at-least...]. I thought it was relevant.

Franken also co-sponsored the original (much better) version of the bill that was voted down yesterday to prevent NSA dragnet surveillance:



Politics aren't always black and white..

Even Better, yesterday was just a dog and pony show.

The 2009 dissent, led by a senior NSA official and embraced by others at the agency, prompted the Obama administration to consider, but ultimately abandon, a plan to stop gathering the records.

The secret internal debate has not been previously reported. The Senate on Tuesday rejected an administration proposal that would have curbed the program and left the records in the hands of telephone companies rather than the government. That would be an arrangement similar to the one the administration quietly rejected in 2009.

Here's a relevant op-ed he wrote for CNN near the same time, where he called for more transparency on domestic surveillance.


> Since I came to the Senate, I've been working to fix this. I've supported amendments to the Patriot Act and the Foreign Intelligence Surveillance Act that would have required greater public reporting on the use of surveillance authorities and greater disclosures about the legal opinions and safeguards that support them. When those amendments failed, I voted against renewing both of these laws.

From the article you posted, you left out a few relevant quotes.

> In an early 2006 AlterNet interview before he was officially running for Senate, Franken disparaged the Bush administration's NSA warrantless-surveillance program

> At a September 2009 Senate Judiciary Committee hearing on the reauthorization of expiring components of the USA Patriot Act, Franken read the Fourth Amendment to the assistant attorney general for national security as a means of questioning the act's "roving wiretap" provision. Franken would also eventually vote against a 2012 reauthorization of the FISA amendments that give the government wide surveillance authority.

> Before voting against reauthorizing the FISA amendments last year, Sen. Franken also cosponsored and voted for three amendments that his office says would have "improved the bill on transparency and privacy."

I actually agree with the letter for the most part. Yes, Uber are not the only company out there with troves of data that is most likely being abused without anyone noticing, but it is just unfortunate that the spotlight is currently on Uber because of the silly words from a man in a position who should know better than to say such stupid things in public (on or off the record, it doesn't matter). He worked as an advisor to the White House, he should know the importance of holding your tongue.

Not to mention all of the lobbyist pressure Uber is experiencing on the business side of things, this is the kind of stuff taxi driver unions and companies/entities threatened by Uber's business model can only dream of getting. They are not doing themselves any favours here.

It seems that Uber have well and truly put their foot in it this time over any of the other controversies and scandals that have involved the company. And yet, after all of this, Emil Michael gets to keep his job? Seems to me the only way Uber can start to make amends and repair their broken image here is to make some effort and fire Emil.

> He worked as an advisor to the White House, he should know the importance of holding your tongue.

You'd be surprised . . .

It seems like a lot of things are coming home to roost right now for Uber. As with many things, I think that Uber is the first player in an arena where the second player tends to survive (because they learn from all the first player's mistakes for free, the groundwork is laid, etc).

The barrier to entry for an Uber competitor is quite low and trust is the only thing that keeps Uber afloat. If they don't realize that and act accordingly, they could die relatively quickly.

The "low barrier to entry" is repeated on every Uber story and I don't get it.

It's a business with a very strong network effects: you need both sides of the market because without drivers, users are not interested and without users drivers are not interested.

Uber seems to have a big lead over competition here, is growing like crazy and they raised insane amounts of capital so that they can grow faster than competition.

But even without network effects, I don't see that as an easy to replicate business: * you need a great iOS app * you need a great Android app * you need a backed that is both fast and has rock solid 24/7 reliability. it can't be like Twitter in early days * you need to become a payment processor that interjects itself between users and drivers, which I'm sure comes with its own set of legal and logistic challenges * and you need to do it internationally * and you need a massive operation team whose job is to onboard new drivers (recruit, train, supervise) * you need a legal team because every state can have different rules * and you need them also internationally

I really don't see any of the above as easy to pull off and to do it all well, that requires both technical and operational excellence that few have.

> you need a great iOS app

> you need a great Android app

Neither of these is rocket surgery. Good devs can create an app very quickly, especially if your directions are "clone this other app."

> you need a backed that is both fast and has rock solid 24/7 reliability. it can't be like Twitter in early days

So you need something that isn't node + redis + mongo + riak running heroku through cloudflare. This is also quite easy.

> you need to become a payment processor that interjects itself between users and drivers, which I'm sure comes with its own set of legal and logistic challenges * and you need to do it internationally

> and you need a massive operation team whose job is to onboard new drivers (recruit, train, supervise)

> you need a legal team because every state can have different rules

> and you need them also internationally

The beauty of all of these things is that Uber has already done many of them for you. Unless they have all of their drivers under NDA (possible, but unlikely) and haven't published any of that informaton on their website, you're going to profit from hundreds of thoussands if not millions of dollars of legal work that Uber has already done for you. It's not as simple as a sed script on a legal document, but it's way (way way) easier than starting from scratch.

The best part is that your drivers can also be Uber drivers, so you don't need the volume that Uber has today - you can slowly build up both sides of your market as long as the friction for drivers is minimal and the ease for users is equal or better.

Is it easy? Fuck no. Is it about 1000% easier for you now that Uber has done all of the hard work? Hell yes.

And you could start in your small college town, work out the bugs in your process and then go national, then international. @debacle I agree. Micro-Ubers could pop up all over.

Nice theory you have there but Uber uses Node.js.

Drivers often list themselves on both Uber and e.g. Lyft in the same way riders use both apps. So there are no network effects in play. All the drivers need to do is switch the signs on their windows.

It's the reason Uber is taking such extreme measures to scare "it's" drivers into not simultaneously listing themselves on competing apps. See: http://money.cnn.com/2014/08/04/technology/uber-lyft/

Note this is not an example of "no network effects". This is the opposite. Both services benefit from the shared network effects. The real question is whether the future market for ridesharing is zero-sum, which seems unlikely looking at analogous markets.

Building a few pretty apps is hardly a barrier to entry. It might be beyond the reach of a single founder bootstrapping but it's quite reasonable to build with a small VC investment.

Note that autowale.in (an Uber competitor, currently profitable) was started on an investment of about 30 lac - roughly speaking 1 year runway for 3-5 engineers. Various tricks: start in 1 city, do the onboarding manually, and ignore the legalities until you are big enough to be noticed.

Autowale.in dealt with the bootstrap issue directly buying inventory from drivers. I.e. autowale.in pays the driver for 20km each day, and then tries to find customers to use that inventory.

The major barrier to entry here is the fact that Uber is really good. But if Uber decides to exploit their market condition and rip people off, that will change.

I keep hearing this argument that the barrier to entry is so low for an Uber competitor, but I think people massively underestimate the difficulty of successfully running a system like Uber. Here in Boston where Uber has wide adoption, I just watched a competitor with an impressive team (Hailo) fold up shop as they struggled to gain traction and compete. Where are all these other competitors that are going to come along and easily compete with Uber. Not to mention, there's huge advantages that network affects have in the vertical.

The hailo model seems very different from the Uber/Lyft model. More upscale, so I'm guessing a higher barrier to entry for drivers (and it looks like a smaller driver pool).

I find this ironic. When I used Hailo in Boston, it actually only integrated with taxis then moved to private drives. Uber on the other hand, contrary to what you're saying, started with only black cars then shifted to include taxis, and eventually UberX.

I dislike Al Franken's politics greatly, but I think it's every bit his right to use the bully pulpit this way (I mean this sincerely). If Uber did track a journalist it is reprehensible.

But how Uber could benefit from answering this fishing expedition? If I were Uber I'd simply stonewall. They are under no legal compunction to answer, and virtually no answer would help them.

I imagine this is just a courtesy; if they decline to answer, then the committee can issue a subpoena and compel them to.

Here's a nice white paper on Congress's subpoena power: http://www.mayerbrown.com/files/Publication/ec1203b2-a787-44...

That was really interesting, thanks. In particular,

"The Enforcement Process. Congressional investigations often begin informally, with the interested committee or subcommittee first seeking information on a voluntary basis (i.e., by sending a letter request or asking for an informal interview), rather than by issuing compulsory subpoenas. Although there is no legal obligation that a party comply with such a request, it is typically in the responding party’s best interest to do so"

Franken will no longer be Chairman of this committee in January when the Democrats are no longer in control of the US Senate.

Even if this is a Democratic-only concern (which I don't think it is), this would be an easy one for a Senator in the minority to sell to the Chairman as a personal favor. It would just be a subpoena to answer some questions; the Chairman wouldn't be signing up to actually do anything like sponsoring legislation.

Fascinating! So the letter is probably a veiled threat. I hope the Senate has better things to do with its time, though a debate of much stronger privacy laws would be a healthy outcome of this mess.

> If I were Uber I'd simply stonewall.

The federal government can make your life extremely difficult, fully funded startup or not.

This is an irrelevant point, but it's a stretch to call a 5-year-old company with $2B in revenue a "startup".

You're an experiment/startup until you're profitable, at which point you become a real business.

That's absurd. By that definition, Amazon, a 20-year-old company with $74 billion in revenue, is a startup.

Profitability has a lot to do with how you spend your money. "Startup" is commonly used to connote a small, new business. The dictionary says it is a "fledgling" business.

If Uber's revenue were the GDP of a nation, it would have 40 countries ranked below it. That's not a "fledgling" business, even if it isn't profitable.

Loads of real businesses are not profitable (and will eventually fall over).

"But how Uber could benefit from answering this fishing expedition?"

It's an opportunity to establish publicly that your company won't be engaging in any of the kind of shenanigans that can cost you customers in a competitive industry.

Wow. I'm interested in seeing how Uber responds to this. I had no idea that Al Franken was now the chairman of the privacy subcommittee. For those not in the United States, Al Franken used to be a popular comedian on the show Saturday Night Live. His biggest hit was this character Stuart Smalley: https://www.youtube.com/watch?v=uYPc-dPVbow

Outgoing chairman. Democrats lost control of the senate.

This story was on top of HN a few moments ago and then seemed to drop like a stone while gaining points: currently at 22nd position with 325 points and 10 hours old, whereas these stories are above it (all as old or older and with less points):

pos id points hours

6 8632209 292 15

9 8633707 129 10

12 8633683 204 14

13 8632405 139 14

17 8632363 140 15

18 8633286 58 12

20 8632043 161 16

21 8632018 141 16

What's happening?

You can't derive story rank from displayed points and times alone. That's on purpose, to make it harder to game HN.

The phenomenon you're describing happens routinely, for multiple reasons. One is that we've been experimenting with flushing the front page of older stories periodically when there is a crop of newer ones that, if not for the older ones' inertia, would make the front page. This is related to the work we've been doing to improve the odds for good stories that would otherwise fall through the cracks. We might eventually change the main ranking algorithm to accommodate this, but our approach tends to be to do manual experiments first, software experiments second, and modify the core HN system last.

Many thanks for answering. However, this doesn't seem to explain it

> when there is a crop of newer ones that, if not for the older ones' inertia

since the stories that were above this one were older stories, some much older (16 hours vs 10): it seems the story wasn't pushed down to make room for newer ones, but to make room for older ones.

It isn't that straightforward; I'm afraid that without going into details the explanation is bound to be less than fully satisfying.

Also, there are other reasons why stories fall suddenly. My main point is that it's routine. Sample bias comes into play here in that one mostly notices it with stories one was paying attention to.

best part of the letter - two words I thought I'd never hear together: "BuzzFeed reported"

In a letter from the head of a senate subcommittee no less.

What are the rules here for Uber? Are they compelled to respond or can they just ignore this letter and move on?

They can ignore the letter. The committee could then issue a subpoena to force them to answer questions.

Uber could refuse the subpoena. If they did, Uber could be held in contempt of congress. But, that would require a full vote -- which seems very unlikely.

Hilariously, the last person to refuse to testify before congress was an IRS director (Lois Lerner). She was held in contempt... and then nothing happened whatsoever.

Congress's real power is to pass laws. Franken won't be doing much of that with the Republicans in control of the Senate.

I wouldn't be shaking in my boots if I was Uber...

They could ignore it, but then they could be subpoenaed, which they cannot ignore.

Completely ignoring it would likely bring quite unpleasant results. Even with the subcommittee chairmanship changing party hands, Senators aren't going to look kindly on a company ignoring a request for information.

They're not compelled to respond but they will, because it's good politics to do so, and it's potentially a good chance to carefully craft a message to defend themselves.

There's an element of pissing in the wind to the majority of "actions" regarding online privacy. People are worried. No one knows what to do.

The best example is the EU/UK "cookie law." It was impractical to begin with, mostly serving to allow legislatures the opportunity to be morally outraged and incensed. Then it devolved into "all sites must have a nagging popup."

Realistically, the only way to achieve any of the law's goals was in the browser, not laws dictating what websites can do.

This letter is mostly is mostly a criticism of Uber's bureaucracy. Privacy policies, training, etc. Again, not really the place to tackle any of these issues especially if the intent isn't there. Maybe, phones could do a better job of letting users control the data they leak. We don't really know how to deal with data in which the quanta is not sensitive, but aggregation makes it scary.

An interesting point here is that the "statement" really sounded like tipsy macho bullshitting, not an actual threat or indication of intent. What the statement does indicate is a violation of the "don't be evil" maxim. Hey, Uber have assholes in high places. They have a lot of power. How many assholes are out there with dangerous access to data?

This is officially the most blown-out-of-proportion story in the history of the Internet. When was the last time the US Senate got involved after you went on a rant at a party? I'm certain that Sarah Lacy is enjoying both the attention and the money from pageviews, but this is getting ridiculous.

Overstatements are hilarious no matter where they come from.

For example: "When was the last time the US Senate got involved after you went on a rant at a party?"

I am not a SVP of a company valued in the billions working in a highly regulated industry. I also didn't do the rant at a private "party" designed to improve relations with prominent members of the media that covers my particular industry.

Also, the Senate sends letters on all sorts of mundane matters. That is not the issue of proportion here. The issue is the media giving undue emphasis to stories involving the media.

I get that people sometimes say stupid things after two or three glasses of wine. And I get that blabbing about something is different from actually doing it. But this was egregiously beyond the boundaries of basic ethics and societal values, and a company executive should know better.

So you may think it's overblown, but I'd like Uber to feel that this is not OK, so it got me to finally install the Lyft app which I'll be giving a try.

So you may think it's overblown

I think it's the most absurd thing I've ever heard. I don't know if you read Sarah's actual article, but it reads as if this guy called her up and told her that he was going to murder her children. It is that sentiment, not facts about what actually happened, that has carried this "story" so far. She is exploiting others' fears about stalking and sexism for her own personal gain. IMO, that makes her far more evil than anything Uber could or would do.

The tone of Sarah Lacy's article is irrelevant to me. It is the suggestion that a company executive would consider lashing out at a journalist this way that I find disturbing.

How about looking at it this way: even if everyone has had a moment of wanting to "wring someone's neck" as you say down-thread, I don't expect company executives to actually suggest that they might hire some goons to go rough up someone who negatively reviewed their product. An executive who says something like that in public is an idiot, and I personally would seriously reconsider whether I want that person to be in charge of anything at my company, or represent my company in public ever again.

It's not "exploiting others' fears" when there is actual evidence that Uber has tracked journalists and other high profile figures, and top execs have brashly threatened to spend millions investigating journalists' personal lives. This is disgusting.

top execs have brashly threatened to spend millions investigating journalists' personal lives

Nope. ONE exec went on a rant at a party about what HE would hypothetically like to do to a self-declared enemy of the company. Have you ever been really frustrated with someone and said "Ugh sometimes I'd like to ring his/her neck" or similar? Now imagine someone overheard you, took it literally, and called the person you were frustrated with. Sensing an opportunity to exploit the situation, they call the police, contact Senators about you, and write a blog post about how you threatened to eradicate him/her and everyone they've ever spoken to from the planet in the most violent possible way - all in an effort to get clicks on ads on your blog. That is basically what happened here.

You're right about one thing, it is disgusting.

Maybe you missed this post regarding Uber employees tracking customers for fun, in realtime, on a monitor at a public event.


As soon as someone jokes at about the potential of putting someones family in harms way, it is no longer a joke.

I couldn't stand SL at TC but I'm 100% behind on her this one.

Where were the allegations of putting someone's family in harms way? The initial reports read like it was a hypothetical solution to show bias in tech journalism. SL happens to work at a blog who was funded by a competitor of Uber.

Real journalists give full notice about potential conflicts of interest (especially when they write flimsy attack articles). Exposing that unacknowledged conflict of interest doesn't seem like it puts someone's family in harms way. All it would do is show clear bias in a clearly biased attack article.

The scale of the story is not relevant; the moral issue is.

There should be no sliding scale for things like this. Period.

Not that it isn't overblown, but you must have missed out on a lot of history if you think this is the most overblown story on the internet.

Uber has graduated into Big League - got attention of a Senate committee, even if of such a minor, "public feel good, no real money/power" one, yet still...

As the bumper sticker says "Government doesn't like competition" and the Uber exec clearly voiced intention to venture into typical government territory - illegal usage of private info against the ones whom you don't like.

Lesson learned: Don't spy on American citizens, the government hates competition.

So it's ok for the NSA to snoop on people out of curiosity, but not Uber employees. Some citizens are more equal than others. Gotcha

Oh, this bread is so tasty and the clowns are so funny! Thanks Al Franken!

That's...not what circus means in that context.

Publicity stunt. When has he ever been worried about privacy in relation to his stance for the NSA?


I replied elsewhere as well, but Franken was a co-sponsor for Sen. Leahy's NSA reform bill that was killed yesterday. Even the AEI gives Franken credit for this;


Thanks, I'm a little behind on what he has been up to.

Why is everyone so surprised that Uber is tracking information about their users, or that employees have access to that information.

I just think it's incredibly naive to think that they wouldn't use it in any way possible.

"I'm shocked you're shocked" is just fancy-grade despair.

Not at all. I just think that what I've heard they've done with their data so far falls into acceptable levels.

As soon as they publicise this data (identifiable) to people other than employees that have access to it anyway, or the person concerned, that's where it becomes an issue. But I haven't heard of any instances of that yet.


I'm actually more surprised if I find a company who is actively supporting users privacy. In this day and age, you just have to assume a company is tracking everything they can to find out more about you and your preferences.

Also, if you don't like being tracked using Uber, make a statement with your wallet and don't use the service - problem solved.

Yes--the Boober made some asinine statements. Let him dig his way out of his utter foolishness. Now to Uber. I was shocked what they expect you to buy and drive in order to become a Uber Driver. Nothing less than a 2008 vechicle? And the list of acceptabe cars? After insurance it just dosen't add up--unless your sleeping in you car, or your in a brand spanking new market.

In all reality, maybe he said these things just to get the free advertising? It's too bad it's come to this? That said, is there any freeware uber/Lyft type code floating around? Just curious?

Do you have a link to the original 'boober' transcript? Haven't been able to find one, context is everything so I'd rather have the full backstory before making any assumptions.

It took about 30 seconds of Googling to turn up a link to the GQ interview where this was originally reported.


"Not to make assumptions, but Kalanick probably wasn't the first kid in his class to lose his virginity. But the way he talks now—which is large—he's surely making up for lost time. When I tease him about his skyrocketing desirability, he deflects with a wisecrack about women on demand: “Yeah, we call that Boob-er.”"

Yeah seems more like an insult than a transcript to a conversation.

These dudes are uber drunk and blinded by their success.

Hopefully, such lack of humility doesn't make them end up dead in a bath tub like Whitney Houston. Success went to her head and as she noted in an interview the high she felt after her hit, "I Will Always Love You," could never be matched. Thus she snorted everything up her nose and then some to try and match that high. Eventually, leading her to a downward spiral and dead at 48.

Uber to become Whitney Houston possibly...

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact