Former Uber forensic investigator Ward Spangenberg is suing his ex-employer for age discrimination and for whistle-blower retaliation. He was fired from the ride-sharing company after less than a year in which he “frequently objected to what he believed were reckless and illegal practices,” according to a report today from Reveal at the Center for Investigative Reporting. Among his objections, Spangenberg said, was the continued ease of access Uber staffers had to customer data and location information even after the company said two years ago it would “limit access.”
Back in 2014, Uber took flak after news broke of the company’s “God View,” a mapping system that let employees see every car currently out and about in a given city. That also included information about drivers and riders inside of them. In response, Uber issued a statement explaining that employees were banned from accessing rider and driver information except in the case of “legitimate business reasons.” A cryptic set of guidelines which Michael Sierchio, an Uber engineer who left the company in June 2016, told Reveal were rarely adhered to. “When I was at the company, you could stalk an ex or look up anyone’s ride with the flimsiest of justifications,” Sierchio explained. “It didn’t require anyone’s approval.” The “God View” system still exists; today it is known at Uber as “Heaven View,” according to Spangenberg.
Uber did make a few changes, Spangenberg said. The company began warning company employees they were being watched and anyone searching for a rider with an MVP designation was immediately flagged. But Spangenberg also told Reveal these gatekeeping measures did little to actually protect rider info. “If you knew what you were doing, you could get away with it forever.” (Uber said the total number of employees fired for wrongly accessing info was “fewer than 10.”) He also says part of his job involved remotely encrypting computers if they were seized by law enforcement, rendering them effectively useless.
In the suit between Spangenberg and Uber, the company has denied all of the claims levied by its former employee. Select All reached out to Uber and a representative provided the following statement:
Uber continues to increase our security investments and many of these efforts, like our multi-factor authentication checks and bug bounty program, have been widely reported. We have hundreds of security and privacy experts working around the clock to protect our data. This includes enforcing strict policies and technical controls to limit access to user data to authorized employees solely for purposes of their job responsibilities, and all potential violations are quickly and thoroughly investigated.
Spangenberg’s lawsuit is ongoing. You can read his court declaration in full here.