If you’re worried about Uber and privacy, don’t forget Lyft and Sidecar

Privacy concerns are front and center when it comes to Uber’s messy week, and a personal experience with the cavalier use of user data really brought that home for me.

The Uber controversy is a perfect storm of conditions: Ethically questionable leadership, aggressive threats, and a company with powerful user data. Uber has your credit card details and information on where you travel at what times. That’s a scary thought, especially when you look up the lengths it has gone to thwart those who oppose it — like its competitor Lyft and existing taxi services.

In the fall out from Emil Michael’s threats to dig up dirt on journalists, Uber has gotten a lot of tough privacy questions thrown its way. Ten of them, in fact, from Senator Al Franken, ranging from “To whom is the so-called God View tool made available and why?” to “Why aren’t these [privacy] standards set out for customers?”

Uber has been rightfully targeted, because its “at-all-costs” business mentality is what makes the privacy issue scary, especially for those who might be on Uber’s blacklist. But these are questions we should be levying at all the new transportation connection companies, not just Uber. Lyft, Sidecar, Flywheel, Curb, Hailo, and their ilk have similar technology and nearly identical use cases to Uber.

Months ago I had an uncomfortable experience, similar to that of a Buzzfeed News reporter who showed up to an interview at Uber and found out the company was tracking her on its God View. But my situation was a little more personal than that.

An ex-boyfriend who worked at a transportation technology company I once critiqued texted me and said, “You still love us, I looked up your account and you took us yesterday!” Fortunately, this ex and I are on good terms and he has never threatened me.

But what if that hadn’t been the case? A former — or even current — romantic partner, friend, or professional acquaintance could see where and when I’m traveling. They could tell whether I spent the night at a different apartment, or where I prefer to dine. They could fact-check if I’m telling the truth when I say I’m out of town. It’s a stalker’s dream…or the perfect tool in the hands of someone looking to destroy your credibility.

We’re deep in the throes of the legislative and political data problems that Om discussed almost two years ago in a post. At the time he said:

The shift from a generation that started out un-connected to one that is growing up connected will result in conflicts, disruption and eventually the redrawing of our societal expectations. The human race has experienced these shifts before — just not at the speed and scale of this shift…I do think it is important for us to start talking about what the etiquette of a connected and a quantified society will be.

The rideshare tracking issue brings that front and center.

All the companies have trotted out a line about user data only being accessed “for legitimate business purposes.” But as others have pointed out, what defines “legitimate business purpose?” How clearly are employees trained on this? Because there’s a big difference between sticking it as a line in a training manual their first week on the job, and repeatedly communicating that they could be fired for taking this action.

In light of the recent Uber scandal, Lyft and Sidecar are reevaluating their procedures. Lyft told Re/Code it changed the way its employees can access transit data so that its limited to a subset of employees. Sidecar told The Wall Street Journal, “We’re also drawing on lessons from news events to reevaluate and restructure our own policies.” Taxi transportation apps like Flywheel, Curb, and Hailo haven’t said publicly whether they’re doing the same.

We should push these companies to implement some form of consent, where even at the higher level employees must reach out to users to access their travel logs. There’s remaining questions that haven’t been answered: Is information anonymized for when the data is analyzed to make the system more efficient? What employees need access to user data to do their job and why?

This issue isn’t Uber’s alone.