Uber reports a sharp rise in government demands for user data

Uber says the number of legal demands for riders’ data made by U.S. and Canadian authorities has risen sharply in the past year.

The ride-hailing company said the number of law enforcement demands for user data during 2018 are up 27% on the year earlier, according to its annual transparency report published Wednesday. Uber said the rise in demands was partly due to its business growing in size, but also a “rising interest” from governments to access data on its customers.

Uber said it received 3,825 demands for 21,913 user accounts from the U.S. government, with the company turning over some data in 72% of cases, during 2018.

That’s up from 2,940 demands for 17,181 user accounts a year earlier, with a slightly higher compliance rate of 73%.

Canadian authorities submitted 161 demands for data on 593 user accounts during 2018.

Uber said that the rise in demands for customer data presents a challenge for the ride-hailing company, previously valued at $82 billion, which went public in May. “Our responsibility to preserve consumer privacy while meeting regulatory and public safety obligations will become increasingly complex and challenging as we field a growing number of government requests for data every year,” said Uttara Sivaram, global privacy and security public policy manager at Uber.

The company also said it disclosed ride information on 34 million users to U.S. regulators and 1.8 million users to Canadian regulators, such as local taxi and transport authorities. Uber said it is mandated to give over the information to regulators as part of the “bespoke legal and regulatory requirements to which we are subject,” which can include pickup and drop-off locations, fares, and other data that may “identify individual riders,” the company said.

Uber isn’t the only company fielding a record number of demands from governments. Apple, Amazon, Facebook, and Twitter have all reported a rise in government demands over the past year as their customer base continues to grow while governments become increasingly hungry for companies’ data.

But Uber’s figures only offer insight into only the largest portions of its businesses — its consumer and business ride-hailing services, food delivery, and electric scooters — and only covers the North America, despite operating in hundreds of cities around the world.

Despite the rise in overall law enforcement requests, Uber said it “has not received a national security request” to date.

Such disclosures are rare but not unheard of. Most national security demands, such as orders issued by the Foreign Intelligence Surveillance Court and FBI-issued subpoenas, are coupled with secrecy rules that prevent the companies from disclosing anything about the demand. By proactive posting these so-called “warrant canary” statements, companies can quietly reveal when they have received such orders by removing the statements from their websites.

Apple famously used a warrant canary in its first transparency report in the wake of the NSA surveillance scandal, as revealed by whistleblower Edward Snowden. In 2016, Reddit quietly removed its warrant canary suggesting it had received a classified order.

Although the First Amendment protects government-compelled speech, the legality of warrant canaries remain legally questionable.

An earlier version of this report incorrectly stated Sivaram’s title. This has been corrected.