Ride with Uber? Drive with them? Your data may not have been secure or private, according to a settlement today with the Federal Trade Commission complaint over deceptive claims as announced in an agency conference call today.
Although the company faces no financial penalty because there was no financial loss to consumers, Uber agreed to have its data security and privacy mechanisms audited every two years by a third party.
But, according to the FTC complaint, there were stretches of many months where monitoring mechanisms and alerts were ignored. The data included geolocation information -- pickup and destination points available from its so-called "God View" tracking tool -- that can be paired with other information for a prying look into someone's activities.
In addition, in May 2014, a massive data breach of Uber's accounts on Amazon's cloud service -- made possible when an engineer posted an access key providing "full administrative privileges" -- affected 100,000 people registered as Uber drivers. Data taken included names and driver's license numbers as well as unencrypted information for 215 bank accounts and 84 unencrypted Social Security numbers.
Unencrypted storage of private data is the sort of action that makes experienced software engineers and security experts roll their eyes in disbelief. It's like living in a city and leaving your front door unlocked all the time.
Acting FTC chairman Maureen Ohlhausen made clear that, when it comes to privacy, "companies will be held accountable for their promises," whether fast-growing startups or large established businesses. She also noted that the FTC does not comment on ongoing investigations, so Uber could potentially be facing future actions on other issues.
This isn't the first time that Uber has come under fire from the FTC. In January 2017, Uber agreed to pay $20 million to settle charges that it made exaggerated earnings claims to recruit more drivers.
It's another brick in the foundation of Uber's troubled existence. Others include charges of using software to evade law enforcement sting operations, a culture that enabled sexual harassment and other problems, and even running billions in the red each year when a path to ultimate profitability, short of seeing all competitors disappear and then raising prices, is unclear.
Why would Kalanick's leadership suddenly be different? Why should Uber let him back?