Uber faces criminal investigation over 'Greyball' tool

The US Department of Justice has launched a criminal investigation into Uber's use of its so-called 'Greyball' software tool that allowed drivers to avoid government authorities trying to clamp down on its operation, according to Reuters.

The software, first revealed by the New York Times in March, is able to pool credit card information, social media profiles and geolocation data to identify government officials, and then force through a fake version of the app when they tried to book a ride.

'Greyballing' was extensively used in cities where Uber services were either restricted or banned outright, according to the report. Uber has since banned the use of the software, although it has stated its purpose was to prevent fraud and safeguard employees, rather than evade regulators.

The apparent criminal probe would be the latest in a string of legal challenges against the company, as it struggles to deal with allegations that it uses illegal monitoring practices against other firms, and claims of sexism and sexual harassment.

Although Uber declined to comment on the reports, however it did attach a copy of a letter sent from its lawyers to authorities in Portland. In the letter, dated 21 April, Uber lawyers argue that Greyballing was used "exceeding sparingly in the City of Portland", and that it the software has not been deployed since 2015.

The letter also states that Uber does not recognise the description of the software provided by the New York Times article, and that "the term and the technology are used in a host of ways that we do not believe trigger the concerns raised by the city".

The current nature and scope of the potential investigation remains unclear, and it is uncertain if any individual will be charged. However the ride-hailing firm has received a subpoena from a Northern California grand jury, seeking documents relating to the use of the software, according to Reuters. If true, this would confirm that a criminal investigation has started.

09/03/2017: Uber drops cop-stopping 'Greyball' tool

Uber has promised to stop using its 'Greyball' tool to dodge police, after it was revealed that the company was using Big Data to fool regulators with dummy vehicles.

The tool uses information such as credit card data, social media profiles and geolocation tags to identify law enforcement officials, who would then be presented with a fake version of the app. Bookings would be picked up by non-existent virtual cars and if a real driver picked one up by accident, the booking would be automatically cancelled.

The issue was exposed in a New York Times report, which also revealed that 'Greyballing' was used to avoid regulators and police in cities where Uber was restricted or outright banned.

According to the company, Greyballing has other applications. "It's been used for many purposes," Uber CSO Joe Sullivan wrote in a blog post; "for example: the testing of new features by employees; marketing promotions; fraud prevention; to protect our partners from physical harm; and to deter riders using the app in violation of our terms of service."

However, Sullivan also pledged to address concerns that Uber is using its technical tools to skirt the law. "We have started a review of the different ways this technology has been used to date," he said. "In addition, we are expressly prohibiting its use to target action by local regulators going forward."

These revelations are just the latest in what has proven to be a scandal-ridden year for the ride-sharing company. It was criticised heavily for its role in Trump's travel ban, has faced allegations of endemic sexism and discrimination, and is in the middle of fighting off a lawsuit from self-driving car firm Waymo.

Uber's CEO Travis Kalanick was also caught on film having an argument with one of the company's drivers, after which he was forced to issue a public apology. The firm is also currently on the hunt for a COO to help it "write the next chapter".

Contributor

Dale Walker is a contributor specializing in cybersecurity, data protection, and IT regulations. He was the former managing editor at ITPro, as well as its sibling sites CloudPro and ChannelPro. He spent a number of years reporting for ITPro from numerous domestic and international events, including IBM, Red Hat, Google, and has been a regular reporter for Microsoft's various yearly showcases, including Ignite.