Uber doesn't have a very good relationship with regulators, and by that I mean it seems to do everything it can to avoid letting them do any investigation into the company. The latest revelation to come to light is that the company had a tool called 'Ripley' which let the San Francisco-based company remotely lock computers in foreign offices should the police come knocking.
Uber's other known anti-regulator projects include Greyball, which was designed to identify regulators and law enforcement, in order serve up a fake version of the app where drivers would constantly cancel rides. There's also that time it geofenced Apple HQ to try and stop the company from realising Uber was still tracking phones that had deleted the Uber app. Now we've got Ripley, which came to light in a report from Bloomberg.
The report details an example back in 2015, when authorities raided Uber's Montreal office under the belief that the company had violated tax laws. They were armed with the appropriate warrants, but managers on site had already paged Uber's head office in San Francisco. Apparently paging that number goes straight to specially trained staff who can remotely lock computer systems in Uber's offices across the world. That way the police are unable to access the systems, and can not leave with any evidence.
According to three people worth knowledge of the system, Ripley was utilised between Spring 2015 and late 2016 to routinely prevent authorities across the world from obtaining evidence against the company. While the name has come up in court documents over the past couple of years, Bloomberg says the full scope of what Ripley was capable of wasn't known until now.
The team in charge of the system were able to remotely lock computer systems, including smartphones, shut down devices, and change passwords. The name itself was inspired by the words of Sigourney Weaver's Ellen Ripley in Aliens, specifically the line “nuke the entire site from orbit. It’s the only way to be sure.”
Reipley's implementation supposedly came after Belgian police raided Uber offices in March 2015, and were able to access the company’s payments system, as well as obtain financial documents and information about drivers and employees. Following another raid in Paris the same week, Uber's then general counsel Salle Yoo instructed employees to install encryption software that logged off computers after 60 seconds of inactivity. She then suggested some sort of app that could counter those raids, and thus Ripley was born.
Later versions of the system gave Uber the ability to offer selective access to authorities, presumably to stop anyone trying to snoop around places not covered by warrants and court orders.
Bloomberg notes that Uber isn't the only company to remotely lock up computer systems when the police turn up, but most companies will unlock them after reviewing the warrants and ensuring everything is in order. Ripley was used at least two dozen times, according to the report, which some consider to be an obstruction of justice. The three people with knowledge of the tool believe it was justified, however, since they claim authorities outside the US didn't always come with warrants and often relied on rather broad orders.
Uber released the following statement defending its use of Ripley, saying:
“Like every company with offices around the world, we have security procedures in place to protect corporate and customer data. When it comes to government investigations, it’s our policy to cooperate with all valid searches and requests for data.”