Hacker News new | comments | show | ask | jobs | submit login
Uber Tries to Remotely Encrypt Corporate Data During Government Raid [ENGLISH]
28 points by nstoddar on May 28, 2015 | hide | past | web | favorite | 12 comments
Uber Engineers in San Francisco would have tried to remotely encrypt the data in the Uber Canada computers during the search conducted by Revenu Québec in Montreal last week.

This is what is alleged by Revenu Québec in the information that was filed before Judge Jean-Pierre Braun last week, and that La Presse has obtained. Uber sought to challenge this statement before the judge, but has not had the opportunity, we learn in the injunction Uber also presented in court last week.

Search for Uber Canada offices

On May 14, fifteen Revenu Québec investigators conducted searches of computer data to administrative offices Uber Canada Notre Dame. Investigators are looking for evidence to demonstrate qu'Uber Canada is violating the tax law by not collecting GST and QST on behalf of its drivers to UberX.

Around 10:40, one of the investigators found that "mobile devices such as laptops, smart phones and tablets have been restarted remotely" during the seizure. Another investigator, who performed a second term in another office, found exactly the same phenomenon, also at 10:40. "IT systems were handled remotely, we performed an IT asset takeover by putting off considering the urgency and high risk remote data change," reads the information presented to Judge Jean-Pierre Braun.

Also according to the denunciation, the CEO of Uber Montreal, Jean-Nicolas Guillemette said later at one of the investigators "that he discussed with the engineers Technology Uber San Francisco and that they had encrypted the Remote data ".


See also the discussion of the original French version:


It was pretty inventive to use English-language as a reason to kill the post (it's not actually part of the guidelines, of course, it's just that almost no non-English posts get upvoted to the front page).

Clearly, it would have been straightforward to replace the link with an automated translation and allow the discussion to continue.

The thing is automatated translations are often awful to read. Hackernews is probably better off waiting for a native speaker to write up something about it because the article will maintain the interest of greater numbers of people

It's not inventive. It has been a rule here since the beginning. I know that because pg told me.

The guidelines don't pretend to be exhaustive.

Thanks for the great translation. One clarification for readers: The tense in the first sentence of the translation is a modal "would have", which is used to indicate indirect quotes in French. What it really means is that Uber engineers did try to remotely encrypt data, Revenu Quebec says.

Penultimate paragraph: "Another investigator, carrying out A RAID in another office..." "Un second mandat" hear means carrying out a second set of orders.

If indeed Uber personnel actively encrypted their data after it was seized, this brings up an interesting question!

If your property is stolen and taken without your permission, and you can control it - why aren't you entitled to destroy it?

I suppose it depends on the legality and force of the order to seize; but if it did not include an order to the owner, I posit they were within their natural rights to delete their data.

Property being seized under a legitimate search warrant is very different from property being stolen. Trying to hide property or documents from a legal seizure can result in criminal charges such as obstruction of justice.

And if it's not stolen and seized using a legal warrant and you're not permitted to control it?

The really clever way to encrypt your drives is to make the passphrase for the drive decrypt a very small (512-bit) header that contains the decryption key for the rest of the drive. Then wiping the drive consists of just erasing those critical bits quickly.

Except that erasure on modern drives rarely actually erases things...

Hence it is advisable to store the encryption key somewhere where erasure was properly accounted for during design, e.G. a TPM (trusted platform module).

Natural rights are fictional.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact