A data leak from ride-sharing app Uber revealed activities allegedly geared to avoid regulation and law enforcement – including a “kill switch” that would remotely cut computer access to servers at its headquarters in San Francisco in case of a raid – according to weekend media.
The leak was provided to The Guardian and shared with the nonprofit International Consortium of Investigative Journalists (ICIJ) which helped work though the 124,000 records, which include 83,000 emails, iMessages and WhatsApp exchanges.
The records detail internal conversations within Uber, plus interactions between Uber executives and government officials. The trove contains documents detailing interactions with 30 countries and cover the period 2013 to 2017, when Uber was on the rise and confronting pushback from both regulators and the taxi industry.
The 18.7GB cache reveals that the kill switch used to block authorities from probing Uber’s IT systems – which was already known to a lesser extent – was actually deployed at least 12 times in France, the Netherlands, Belgium, India, Hungary and Romania.
The first instances known of the kill switch being used were in late 2014 in France during two separate raids. A November raid took only 13 minutes between email instructing the action to an IT engineer in Denmark and access being cut.
Emails show the kill switch was used at the command of top-level executives, including none other than former CEO Travis Kalanick, as well as legal staff. Both execs and legal staff were often copied in to emails instructing access cuts.
The kill switch, known internally as Ripley, was used in conjunction with a remote-control program called Casper that cut network access after devices were confiscated by authorities. Because Uber was fond of these justice-obstructing programs and their code names, there was also of course Greyball, revealed in 2017, which blocked cops from booking cabs, lest they were interested in busting unregulated drivers.
Uber learned to predict and prepare for raids, and even issued a manual to employees containing 66 bullet points on how to respond. Titled “Dawn Raid Manual”, it instructed employees to stall by escorting regulators to meeting rooms without files and never to leave them alone.
Employees were also advised to “play dumb” as systems severed their connections to the company’s main IT systems whenever police searched their equipment, as documented in a text exchange between former EMEA head of public policy Mark McGann and current global head of sustainability Thibaud Simphal.
The trove of files goes beyond the technical systems in place to stymie investigations. It also details lobbying efforts, close relationships between execs and public officials including France’s then-economy minister Emmanuel Macron, use of Bermuda as a tax haven, public relations efforts to use violence against its drivers to garner public sympathy, and more.