Uber Looks Great When the Police Barge In

The company remotely locked down its offices during raids, shutting off computers storing sensitive information.

Nothing to see here.

Photographer: Justin Sullivan
This post originally appeared in Money Stuff.

Here's what happened when Canadian authorities raided Uber Technologies Inc.'s Montreal office looking for evidence of tax evasion:

Like managers at Uber’s hundreds of offices abroad, they’d been trained to page a number that alerted specially trained staff at company headquarters in San Francisco. When the call came in, staffers quickly remotely logged off every computer in the Montreal office, making it practically impossible for the authorities to retrieve the company records they’d obtained a warrant to collect. The investigators left without any evidence.

Most tech companies don’t expect police to regularly raid their offices, but Uber isn’t most companies. The ride-hailing startup’s reputation for flouting local labor laws and taxi rules has made it a favorite target for law enforcement agencies around the world. That’s where this remote system, called Ripley, comes in. From spring 2015 until late 2016, Uber routinely used Ripley to thwart police raids in foreign countries, say three people with knowledge of the system.

The name is an allusion to "Aliens," in which Sigourney Weaver's Ripley character says "Nuke the entire site from orbit."

We have talked before about this particularly Uber form of regulatory entrepreneurship. It's not just that Uber sometimes ignores the law and dares the authorities to do something about it; it's also that Uber takes ambiguously legal practices that are common elsewhere and dials them up to uncomfortable extremes. Here's how Ripley started: After Belgian and French police raids discovered sensitive information on open computers, Sally Yoo, "then Uber’s general counsel, directed her staff to install a standard encryption service and log off computers after 60 seconds of inactivity." That's pretty normal: Encrypting information and logging people out of their work computers quickly are security precautions that lots of companies take. They don't want random visitors to be able to access their sensitive files. If some of those random visitors are the police, well ... Uber might not be the first company to consider the benefits of keeping those sensitive files from police. If the cops show up and find all your computers locked, you can say "well that is just our normal security procedure," and everyone will understand. (They may ask you to unlock the computers, but they did that to Uber too.)

But Uber's addition is the remote-lockdown service: Rather than relying on timeouts and general encryption, Uber explicitly built a system to counter police raids. "The innovation at Uber," I wrote about some of its other regulatory evasions, "is to make explicit what traditional companies leave implicit. It turns fuzzy human intuitions into explicit algorithms." Everyone knows that if the police raid your offices it's best if they can't just look at all your sensitive documents. Other companies have crude haphazard innocent-looking procedures that happen to keep the cops from looking at those documents. Uber built a whole system and gave it a swaggering name. It takes the procedure just one step further, but what a step.

If you'd like to get Money Stuff in handy email form, right in your inbox, please subscribe at this link. Thanks! 

This column does not necessarily reflect the opinion of the editorial board or Bloomberg LP and its owners.

    To contact the author of this story:
    Matt Levine at mlevine51@bloomberg.net

    To contact the editor responsible for this story:
    James Greiff at jgreiff@bloomberg.net

    Before it's here, it's on the Bloomberg Terminal.