Despite being one of the highest-valued private companies, the last few years have been rough for Uber’s public relations. Between revelations of sexual harassment in the workplace and the behavior of former CEO Travis Kalanick, the company hasn’t had many opportunities away from the spotlight. As if those problems weren’t bad enough, the company has also grappled with regulators in the many cities it operates in, particularly in Canada and Europe. Enter “Ripley,” a program that allows Uber employees to, at the push of a button, keep law enforcement locked out of their computer system.
Bloomberg’s Olivia Zaleski had the story on Ripley and the history of its use. She spoke with Marketplace host Kai Ryssdal about the program. The following is an edited transcript of their conversation.
Kai Ryssdal: All right, so do me a favor and tell me how this Ripley thing worked, would you?
Olivia Zaleski: Well, let’s imagine that you’re in an Uber office abroad, and you see the authorities, the tax authorities, coming, and they’re about to raid your office. You can see them through the window, or maybe security tips you off. As soon as you know that, say that you’re the general manager of the office there. You press a button on your phone and it routes to Uber’s headquarters in San Francisco. And there, a member of the security team initiates a program called Ripley that will shut down all the computers in your office abroad.
Ryssdal: So that when the tax authorities, or whoever it is, finally show up and they look at your computer, what do they see?
Zaleski: A blank screen. They can’t get in. And later iterations, they were able to get in, but they weren’t able to access the files that they wanted. So there were a few iterations of this program, but they were all designed to essentially keep files from being collected by authorities that usually had warrants.
Ryssdal: OK, so why then did Uber feel it was necessary to install this sort of remote shut-down thing.?
Zaleski: Well, from their perspective, they feel that they were targeted. They also feel that in certain countries that they operated in, there was a corrupt taxi authority that would influence labor oversight, and they felt that they were being unfairly targeted, and that they had a right to withhold information from these groups. And then, they also felt that it was their job to protect their customer data, which, you know, some of these warrants they felt were too broad, they were like fishing expeditions, and there was important customer data that they didn’t want to share, and they didn’t want it to get into the hands of the wrong people like their competitors.
Ryssdal: This goes back to an event in Brussels in 2015, right? explain that whole thing to us.
Zaleski: Yeah, the 2015 raid in Brussels was really when Uber realized, you know, that we have a problem on our hands. We’re getting targeted by authorities. They don’t like us, and we need to design something that will make it impossible for authorities to collect information on us when they come into our offices. So that’s what initiated the program, and after that they designed Ripley.
Ryssdal: Is this legal? Are they allowed to do this?
Zaleski: So it’s interesting. We’ve spoken to a lot of lawyers and we’ve gotten a lot of answers which end up being pretty much the same thing, which is no lawyer feels comfortable commenting on the legality of this program without seeing the actual words and really getting into the paperwork and nitty gritty. But overall,l every lawyer we spoke with said it doesn’t look good.
Ryssdal: Let me ask a clarifying question here. This, to me anyway, a layman on the outside, it looks more like they were working toward delaying law enforcement than they were in protecting user information. Does that make sense?
Zaleski: I think that’s accurate. That’s the understanding that we got from our sources, is that everything from this program to how they would position their security guards, or the way they would design their offices, was made in an effort to kind of hamper the investigation. To give them more time.
Ryssdal: Is this still active, are they still doing this?
Zaleski: They are not using Ripley any more. They’re using a different program now call uLocker, which is not that different from, say, your phone is lost, and you need to wipe your phone remotely. And that’s really designed for if, you know, an Uber laptop gets stolen by a competitor or somebody else, they can remotely disable it. But as far as I know, they’re not getting raided anymore. And they’re not using the sort of kill-switch button that they were using previously.
|New blow for Uber as top European Union court says it’s a taxi company|
|Uber reveals cover-up of hack affecting 57 million riders and drivers|
|For companies, bad reputations come at a cost|
If you’re a member of your local public radio station, we thank you — because your support helps those stations keep programs like Marketplace on the air. But for Marketplace to continue to grow, we need additional investment from those who care most about what we do: superfans like you.
Your donation — as little as $5 — helps us create more content that matters to you and your community, and to reach more people where they are – whether that’s radio, podcasts or online.
When you contribute directly to Marketplace, you become a partner in that mission: someone who understands that when we all get smarter, everybody wins.