News

Report: Uber Used Secret “Ripley” Program to Evade Law Enforcement

Not to be confused with Greyball

Not to be confused with Greyball

Late last year, news broke that Uber is officially under federal investigation for a program it called Greyball. Greyball allowed Uber to block law enforcement officers from using the app, preventing them from seeing which cars were available and enforcing any city-wide bans. As it turns out, that wasn’t the only program Uber was using to evade law enforcement. According to the latest report from Bloomberg, Uber used a second secret program it used to protect itself from government raids and investigations.

Called “Ripley” after Sigourney Weaver’s character in the film Aliens, the program was a real-life application of her character’s famous line, “Nuke the entire site from orbit. It’s the only way to be sure.” But instead of using a flamethrower, Ripley reportedly allowed Uber’s security team to remotely change passwords and lock down information on company-owned devices. In practice, it meant the company could effectively prevent law enforcement from gathering information relevant to an investigation.

For example, in May of 2015, when investigators from Quebec’s tax authority showed up at Uber’s Montreal office with a warrant to collect evidence, employees at the company’s headquarters in San Francisco were able to remotely log off every computer in the Montreal office. Because of this, the investigators were unable to access the company records they were there for. Uber did eventually comply with a second search warrant, but according to the judge overseeing the Quebec tax authority’s lawsuit against Uber, they believed “Uber wanted to shield evidence of its illegal activities” and its actions embodied “all the characteristics of an attempt to obstruct justice.”

According to Bloomberg‘s sources, Uber’s use of Ripley began in early 2015 and the program was used regularly as recently as late 2016 in cities like Amsterdam, Brussels, Hong Kong, and Paris. After Belgian authorities accused Uber of operating without the necessary licenses, they were able to obtain access to driver and customer information, as well as the company’s payments system and financial documents. After a second raid in Paris, the sources say Salle Yoo, Uber’s general counsel at the time, had the IT department begin working on a system that could hide internal records from investigators. Later versions of the program reportedly allowed Uber to pick and choose what information law enforcement could access.

When we asked Uber for comment, a spokesperson replied with the company’s official statement: “Like every company with offices around the world, we have security procedures in place to protect corporate and customer data. For instance, if an employee loses their laptop, we have the ability to remotely log them out of Uber’s systems to prevent someone else from accessing private user data through that laptop. When it comes to government investigations, it’s our policy to cooperate with all valid searches and requests for data.”

In that same vein, three sources told Bloomberg that Ripley had proved useful when foreign police officers showed up without warrants or with warrants that were far from specific. And it is true that law enforcement doesn’t necessarily have a right to every piece of company data simply because a warrant of some sort exists. Bloomberg also points out that other companies in the past have shut off computers ahead of raids so they could carefully read the warrant and learn exactly which materials were being requested. But if the accounts of selectively hiding information from authorities are accurate, at the very least, that’s extremely shady. Whether or not it amounts to obstruction of justice or triggers further investigations, however, remains to be seen.

Source: Bloomberg