Uber doesn’t want to, and ― for the most part ― it has a pretty solid case, one it presented at a hearing Thursday, after inviting the public to lobby on its behalf Monday with a scary email sent to riders titled “The government wants to know where you’re headed … on every ride.”
Here’s the backstory: The New York City Taxi & Limo Commission, or TLC, collects a number of pieces of information on every taxi trip in the city. This includes “pick-up and drop-off dates/times, pick-up and drop-off locations, trip distances, itemized fares, rate types, payment types, and driver-reported passenger counts.” (Pick-up and drop-off locations don’t use exact addresses and are reported at the neighborhood level, e.g. “Upper East Side” or “Astoria.”)
Ostensibly, the city uses this information to audit drivers’ self-reported working hours, which are restricted on a daily and weekly basis to keep fatigued, accident-prone drivers off the road.
As the new kids on the block street, ride-hailing services like Uber and Lyft haven’t had to provide that data to the TLC. But now that the companies are an established part of NYC transit, the city wants access to riders’ destinations. (Uber currently only provides pick-up location and time.)
Uber says that since, in theory, this is primarily an argument about driving hours and fatigue, it offered to provide the city with detailed logs about its drivers’ hours, but was rebuffed. The TLC persisted, claiming it needs passenger drop-off information for other public benefits like traffic planning and analysis, and to identify drivers who break the law by running red lights, speeding and committing other infractions.
That’s not good enough for Uber, which says it’s eager to protect the privacy of its users and doesn’t trust the TLC to safeguard the information. (There’s a pretty good precedent for their concern.)
“We have an obligation to protect our riders’ data, especially in an age when information collected by government agencies like the TLC can be hacked, shared, misused or otherwise made public,” Uber told The Huffington Post in a statement.
That’s all well and good, but it’s worth noting Uber doesn’t exactly have a spotless record either when it comes to location data collection ― or properly securing that data.
After an update to its app in late November of last year, Uber began tracking riders’ specific locations for a full five minutes after their ride ends, even if the app is closed.
The company says the update helps “to improve pickups, drop-offs, customer service, and to enhance safety,” but it nevertheless caused sharp concern among privacy advocates. (You can halt the location tracking by manually disabling Uber’s permissions in your phone. Instructions here, courtesy of Uber).
And just over a week after Uber began its increased tracking, court documents surfaced in which the company’s former forensic investigator, Samuel “Ward” Spangenberg, testified Uber itself failed to adequately protect the sensitive data it collects every time a customer requests a ride.
That data includes much of the same information as that requested by the TLC, such as a customer’s name, location data, email address, payment amount and information about the device used to request the ride.
(In an email to HuffPost, Uber acknowledged it hasn’t “always gotten everything perfect,” but pledged it has drastically improved its security measures since Spangenberg left the company.)
“When I was at the company, you could stalk an ex or look up anyone’s ride with the flimsiest of justifications,” Michael Sierchio, one former Uber employee, said at the time. “It didn’t require anyone’s approval.”