Since the Snowden leaks in mid-2013, there has been a roiling debate about potential abuse from the surveillance state. This eventually sparked a bill to reform the National Security Agency, which was recently filibustered in the Senate by terror-baiting demagogues.
But we're missing a big part of the story. With the spread of technology, especially GPS-enabled, always-on smartphones, corporations have effectively gained access to many of the same surveillance tools used by the NSA, the Central Intelligence Agency, and the National Reconnaissance Office. And it's easy to imagine cases in which a corporation or a person within that corporation might want to discredit a pesky critic, gain some market advantage, or stalk an ex-girlfriend.
This worry was brought out of the land of the theoretical this week, when Uber executive Emil Michael suggested to BuzzFeed News's Ben Smith that he would consider hiring opposition researchers to discredit journalists who were critical of the company, mentioning Sarah Lacy of Pando Daily in particular.
Furthermore, Uber's general manager in New York, Josh Mohrer, is reportedly being investigated by that company for misuse of "God View," which, among other things, shows the location of all Uber vehicles and customers who have requested a car.
Early this November, one of the reporters of this story, Johana Bhuiyan, arrived to Uber’s New York headquarters in Long Island City for an interview with Josh Mohrer, the general manager of Uber New York. Stepping out of her vehicle — an Uber car — she found Mohrer waiting for her. "There you are," he said, holding his iPhone and gesturing at it. "I was tracking you." Mohrer never asked for permission to track her. [BuzzFeed News]
It's even worse than that. Patrick McGuire at Vice did some digging and found that only a few months ago Uber drivers had access to something called God View. It's not clear that it's the same tool exactly, but it still doesn't speak well of Uber's concern for the privacy of its users. And in yet another scoop obtained by BuzzFeed News, the company recently planned to hire an opposition researcher to "weaponize the facts" about taxi and limousine "incumbents."
The data Uber has in its possession goes beyond the NSA's metadata collection program. These user patterns are direct, human-confirmed intelligence about where you're going, whether you went with someone, how long you stayed, and so forth. The blackmail possibilities practically write themselves, and Uber users should be concerned.
"Consumers view security precautions as an afterthought or, worse, paranoia. Ladies: there is nothing paranoid about protecting yourself from an Uber employee, not because it's policy but because he wants to stalk you," Robert Caruso, a former special security officer at the Department of Defense, told The Week. "Likewise for all my guys out there. It's not paranoia if they know where you are."
Of course, Uber doesn't have any Hellfire-armed drones. But these new revelations put this Uber post from 2012 — an analytical investigation of Uber users on one-night-stands, or what the company called "Rides of Glory" — in a distinctly creepy light. Suppose Emil Michael hadn't spilled the beans right in front of some journalists. Would Lacy soon be the subject of an anonymous character assassination campaign?
It it isn't just Uber, either. Two major stories in the past month have detailed how PR firms representing the oil and gas industry have been openly plotting campaigns of dirty tricks against opponents of fracking and the Keystone XL pipeline. "You can either win ugly or lose pretty," consultant Richard Berman told a meeting of oil and gas executives.
Hacking someone's email account or tapping their phone is still illegal, even for corporations. But there are fewer protections on the use of data collected from private apps, where terms of service contracts are typically written with insanely broad stipulations. It suggests that, should NSA reform come up again, that corporate surveillance abuse ought to get a closer look.
And it suggests that we all should be scrutinizing those data agreements we all swipe past quickly when installing a new app.