Il programma Greyball. Un eccesso di difesa di Uber

Il dibattito su Greyball: difende Uber dai presunti malintenzionati, ma, a quanto pare anche dai regolatori. Che fare? Il punto di vista del  Christian Monitor Science

Il programma Greyball, attivo anche in Italia, è utilizzato da Uber per nascondere le macchine ai malintenzionati. Lo fa raccogliendo e incrociando tutti i dati possibili (on line) sui potenziali clienti.
Il problema è che sembra che questo metodo sia utilizzato anche per nascondere le macchine alle forze dell’ordine e che lo faccia con metodologie piuttosto curiose.  Analizza i social, studia il modello di cellulare da cui è partita la telefonata (per capire se può essere il modello secondario, per esempio, di un agente di polizia), verifica le informazioni sulle carte di credito, per capire se ci siano legami con le forze dell’ordine e geolocalizza le aperture frequenti della sua app, in modo da verificare se questa sia stata utilizzata nei pressi di uffici amministrativi. Sostanzialmente Greyball, facendo parte del programma VTOS (violazione termini di servizio) di Uber serve a impedire l’utilizzo di Uber da parte di tutte le persone che utilizzano l’app per scopi differenti da quelli previsti, e cioè organizzare spostamenti da una parte all’altra della città.
E i Big Data, quindi tutti i dati a cui Uber è in grado di accedere, in questo caso, sono utilizzati per capire le intenzioni del presunto cliente.
In questo articolo apparso il 5 marzo sul Christian Monitor Science e su tutti i link che propone, è riepilogato quanto accaduto in questi giorni e il relativo dibattito.

Uber’s secret ‘Greyball’ program: a problem with the ride-hailer or with regulators?

Uber confirmed it used a secret tool to sidestep or dupe city regulators. But some argue the program’s existence is a response to regulatory overreach. 

MARCH 5, 2017 Uber confirmed it developed a secret program that it used to evade and dupe government investigators and other ride-hailers in cities where it faced regulations or was banned.
But a spokeswoman for the ride-hailing company said on Friday that only in the rarest of cases did it “greyball” those it suspected of trying to carry out sting operations, canceling their ride requests or displaying digital cars in a fake version of the Uber app that didn’t represent real vehicles. The spokeswoman told Reuters that in most cases, Uber used the Greyball program, first reported by The New York Times on Friday, to deny ride requests from competitors or to protect drivers from physical harm.
News of the program comes after a bumpy stretch for Uber. The ride-hailing company has suffered a series of embarrassments in the last few weeks that include high-profile allegations of sexual harassment, a #deleteUber campaign on Twitter in response to accusations it tried to take advantage of a pro-immigrant taxi strike in New York City, and a video of chief executive Travis Kalanick arguing with an Uber driver that led the CEO to issue a public apology and pledge to grow up.”
Some observers labeled news of the Greyball program as further evidence of Uber’s problems both internally and with regulators. But others argue the secret tool does the opposite. They say that while Uber tried to sneak around regulations, Greyball also manifests the problems with regulations imposed on Uber, stymieing opportunities for drivers and economic growth for cities.
“It’s a neat little example of how the regulation of the economy limits, puts a brake upon, economic growth,” writes Tim Worstall, a fellow at  the Adam Smith Institute, a neoliberal think tank based in London, in a contribution to Forbes.
“In order to operate Uber dodged public officials and regulations, entirely true. But given that Uber is also an increase in economic wealth that’s all the proof we need that regulation limits, slows down, economic growth.”
The Greyball program, which an Uber spokeswoman said is still in use today, uses customers’ geo-location data, credit-card information, and app-usage and social media habits to identify those working for city governments or driving for rival ride-hailing services, including taxi companies, according to the Times report.
The program was reportedly first developed to protect Uber drivers in cities where they faced threats of violence. Uber employees told the Times the practices and tools were developed, in part, as safety measures to protect drivers in some countries. In France, India and Kenya, for instance, taxi companies and workers targeted and attacked new Uber drivers.
But Uber soon realized it could expand Greyball, part of a program called “Violation of terms of service” (VTOS), to sidestep government officials and others in cities where it faced restrictions or was banned. According to the Times, when Uber moved into a new city, it appointed a general manager to oversee the expansion. This person, using a sort-of Greyball playbook, would try to spot and trick enforcement officers and other city officials.
When an account was greyballed, the user was shown either a set of ghost cars in a fake version of the app or no cars at all. If a driver accidentally picked up someone identified as an officer, Uber called the driver with instructions to cancel the ride.
In a statement Uber issued on Friday, it said the program was meant to prevent users from violating its terms of service.
“This program denies ride requests to fraudulent users who are violating our terms of service, whether that’s people aiming to physically harm drivers, competitors looking to disrupt our operations, or opponents who collude with officials on secret ‘stings’ meant to entrap drivers,” it said.
A spokeswoman for the company also told Reuters that Uber’s legal department had approved the practice in locations where Uber was not clearly banned, and that Uber’s terms of use required riders use the app for personal, not commercial, reasons and not to cause “nuisance” to drivers. But outside legal experts were unsure the program is, as Uber suggested, legal.
“With any type of systematic thwarting of the law, you’re flirting with disaster,” Peter Henning, a law professor at Wayne State University, told the Times. “We all take our foot off the gas when we see the police car at the intersection up ahead, and there’s nothing wrong with that. But this goes far beyond avoiding a speed trap.”

Mr. Henning wondered whether the program violated the federal Computer Fraud and Abuse Act or intentional obstruction of justice, depending on local laws and jurisdictions.

Paul Argenti, a professor of corporate communications at Dartmouth College’s Tuck School of Business, told the Post that news of the program only adds to Uber’s internal strife.

“This is a really bad month. The number and kind of problems they have is an unusual array of bad luck and bad behavior combined,” he said. But he added Uber could recover.

As Uber has grown in popularity since it was founded in 2009, officials in certain cities without a legal framework for ride services aimed to ticket, tow, and impound cars. In Uber’s case, these cars were often part of its lower-cost UberX service, private cars driven by noncommercial drivers who passed a background test and a vehicle inspection.

Federal regulators have often tried to grapple with how to deal with these cars and drivers and other similar ride-hailing models. In the United States, Congress debated the issue in hearings in 2015. The European Union also warned member states in June not to over-regulate companies such as Uber and Airbnb, according to The Wall Street Journal.

The EU published these guidelines in an effort to encourage the so-called sharing economy, which it sees as promoting entrepreneurship and startups, according to the Journal. And in China, ride-hailing company Didi condemned municipal regulations aimed against it, in a rare departure from Chinese business practices, according to the Journal.
But cybersecurity analysts say the Greyball program also shows the need for a different type of regulation related to the sharing economy.
”Greyballing is an acceptable business risk in the poorly-governed realm of cyberspace,” Kenneth Geers, a former analyst at the National Security Agency and a senior research scientist at Comodo, a global cybersecurity firm, told the Post.

In this article