Uber’s public relations problems have been piling up over the past few months.
But the ride-hailing firm’s latest controversy may have crossed a line that could create headaches for the company in Washington.
A recent report that claims Uber was tracking customers even after users deleted the app is catching the eye of Congress and federal regulators because of the serious privacy implications.
Some lawmakers on Capitol Hill are now calling for hearings to more closely examine the data issues facing the technology industry at large. Others hope the Uber incident moves the needle on long-stalled efforts to enact privacy protections.
{mosads}“That’s an example of why we need to move a major privacy bill,” Rep. Joe Barton (R-Texas), founder of the Congressional Privacy Caucus, told The Hill.
The New York Times reported this week that Uber was secretly identifying and tagging iPhones even after the app was deleted and went to great lengths to hide the maneuver from Apple.
After Apple found out about the deception in 2015, the company’s CEO, Tim Cook, allegedly told Uber to stop the practice or else it would be kicked out of Apple’s App Store, according to the report.
A consumer watchdog group has filed a formal complaint with the Federal Trade Commission (FTC), claiming Uber was engaged in unfair and deceptive practices.
The group is urging the FTC to investigate whether the practice is still going on, if it also affects Android users and whether Uber’s privacy policy accurately reflects its practices.
“In the United States, we don’t have good privacy laws in place, but usually the thing that results in companies getting in trouble for privacy invasions are situations in which they are unfair and deceptive,” John M. Simpson, privacy project director of Consumer Watchdog, said in a telephone interview.
“If Uber had said we’re going to continue to track you even if you delete the Uber app, then presumably it would be less egregious, though still problematic.”
Uber says it used so-called fingerprinting in order to detect fraudulent behavior and has modified the practice to fully comply with Apple’s rules.
“We absolutely do not track individual users or their location if they’ve deleted the app. As the New York Times story notes towards the very end, this is a typical way to prevent fraudsters from loading Uber onto a stolen phone, putting in a stolen credit card, taking an expensive ride and then wiping the phone—over and over again,” an Uber spokesperson said.
“Similar techniques are also used for detecting and blocking suspicious logins to protect our users’ accounts. Being able to recognize known bad actors when they try to get back onto our network is an important security measure for both Uber and our users.”
The Times report is just the latest in a string of controversies for the embattled company.
Uber sparked intense backlash — and the “Delete Uber” campaign — earlier this year when it dropped surge pricing amid a New York City taxi strike in response to President Trump’s temporary travel ban executive order.
Since then, Uber has faced accusations of sexism and sexual harassment in the work place, a lawsuit from Google, a video of Uber CEO Travis Kalanick getting into a heated argument with an Uber driver, and reports that Uber was using a secret software tool to evade authorities in places where they didn’t have permission to operate.
“Uber has a track record of running fast and breaking things,” Simpson said. “They don’t pay attention to rules and regulations.”
It’s true that Uber has a long history of acting first and dealing with regulators later, especially in the company’s early days.
But none of these missteps has spurred major action at the federal level. Many lawmakers agree that there isn’t a role for Congress to play in most of the issues that have dogged Uber.
Uber has also worked hard to educate members of Congress about its business model through ramped up lobbying and outreach in recent years.
With technology privacy concerns at the center of the latest report, however, the company may find its practices under a microscope in Congress.
“There could be a very strong public reaction at some point, so that could create some new momentum,” said Rep. Gerry Connolly (D-Va.). “Unless you explicitly sign away your right to privacy, the presumption should always be that your data is yours.”
There has been growing concern among lawmakers about who owns the data that is collected through apps and other devices, what businesses are allowed to do with that information, and whether the industry is being transparent about its practices to consumers.
“We need to put into federal law some specific guarantees in terms of your information is yours, and you have to opt in to letting businesses use it,” Barton said.
The popular mapping app Waze, which culls user-generated data, has faced criticism for its privacy policy, which some fear would allow the company to share information such as speeding violations with law enforcement.
And social media sites have also come under fire for sharing user data with third parties.
“If I was a devil looking for souls, I would do it in a clickwrap agreement,” Rep. Blake Farenthold (R-Texas) told The Hill.
Farenthold believes the problem is not unique to Uber, though. He said it would be useful to hold a hearing on the broader issue, but that ultimately it should be on the industry to be more transparent.
As of right now, the House Oversight Committee said it has no plans to examine Uber’s practices.
“There’s an overall bigger issue about simplifying what rights you give up when you install an app,” he said. “It’s worth having a hearing to shine public light on it, but you got to be careful on regulating emerging technology so you don’t stifle innovation.”
Connolly lamented that Congress lacks the tools to protect the public’s privacy, especially in the wake of President Trump signing legislation to gut internet privacy protections approved by the Federal Communications Commission.
Barton said it might take something like the Uber incident to prod Congress into acting. But he also acknowledged the difficulty in getting substantive privacy measures over the finish line despite having some support from both parties.
“Everybody’s for privacy until it’s time to legislate,” Barton said. “Then the stakeholder groups that benefit from using your information without your permission mobilize, and for the last 10 or 15 years have been able to stop any major legislative effort.”