This petition response shows how much Uber has changed

Uber has just responded to a group of petitioners protesting Uber’s background check policies in India, following the alleged rape of a passenger by a driver with an assault record. After the petition reached more than 63,000 signatures, Uber India safety lead Deval Delivala wrote a 600-word apology, explaining the steps the company is taking to improve its driver vetting process in the country.

Thursday night, the company said it will start doing its own background checks on drivers, instead of relying on government certification programs to vet the drivers adequately.

600 words might not seem too long to the average person, but by Uber’s standards this is a humble pie manifesto. It far exceeds the length of apologies or safety explanations Uber has sent to media in the past. I realized when rereading my old stories on Uber that it’s a complete 180 from the company’s response to assault incidents in 2013.

In the apology, Delivala covered everything from Uber’s reaction to the alleged rape (it was a “deeply sobering reminder that we must always be vigilant”) to what it taught Uber about background checks in India. She explained how the company is trying to strengthen its system, through things like a document verification system and an incident response team. She finished up with a bold promise: “We will repay [your] support with action and live up to the trust that you have placed in us.”

It may just be lip service, but it’s a new, refreshing kind of lip service. As recently as September, Buzzfeed found that Uber sent media the same two sentence response to any situation involving passenger safety, whether a rape, assault, or pedestrian injury. During one of Uber’s biggest scandals when an executive threatened to dig up dirt on journalists, CEO Travis Kalanick famously issued a 13 part tweet apology with very little apology actually included. After the rape of an Indian passenger in December, he published a blog post that was only 100 words.

These may be inadequate responses to terrible incidents, but they’re still far better than Uber’s old way of dealing with safety issues. In 2013, Uber used to claim it wasn’t responsible for its passengers’ safety. It didn’t think it was culpable for the actions of drivers or passengers on its platform (much like Facebook wouldn’t be responsible if one user threatened another on the site). Uber’s then-spokesperson told me that point blank after an SF driver hit a passenger. He said, “We’re not law enforcement…If law enforcement pursues this, we would cooperate. But we’re a technology platform that connects riders and providers, so it’s not our job to investigate.”

The apology shows how far the company has come. It still has major ethical issues and PR tactics to iron out, but at least it has started accepting responsibility for the incidents that occur through its service.

Judge says cops can trick you into befriending them on Instagram

In what might be the slowest tech news week of the year, there’s a weird tidbit out of New Jersey. A U.S. District Judge has ruled that cops are allowed to create fake identities on Instagram to follow suspects. As we’ve seen in the past, criminals occasionally post evidence of their crimes on social media applications, and image-heavy Instagram is no different.

The ruling came about after police officers befriended a serial burglar — Daniel Gatson — on Instagram. The person had posted shots of certain wares, described in the opinion as “large amounts of cash and jewelry, which were quite possibly the proceeds from the specified federal offenses.” He protected his Instagram account, so you had to request to follow him to see the content, and the officers created a fake account to get that access.

They used the picture evidence to obtain a search warrant for Gatson’s home. In return, Gatson tried to get the evidence thrown out, saying it violated his Fourth Amendment Rights. The judge wasn’t buying it, because Gatson approved the agent’s friend request. “No search warrant is required for the consensual sharing of this type of information,” the Court said in its opinion.

This is, of course, not the first time that social media and the law have intersected. Agents, officers, and lawyers have used Facebook, Twitter, and other social sites to gather intel and evidence in cases, resulting in varying degrees of public outrage. The DEA was scolded by Facebook this past October after it came to light that the agency had taken an arrested woman’s photos from her phone and used them to create a fake profile in the hopes of gathering intel from her contacts. The case hasn’t gone to trial yet.

In August last year, Oakland prosecutors were able to up a man’s charge from vehicular manslaughter to murder using some of his morbid tweets. Some courts have even ruled that a plaintiff had to hand over his Facebook password to a defendant so content on the site could be used as evidence.

But a legal expert who spoke to Ars Technica about the case said they believe this might be the first incident involving Instagram.


Here’s the problem with the way Uber vets drivers

After Uber was sued by San Francisco and Los Angeles Tuesday, there was a fair amount of confusion over the nature of background checks, one of the key factors the district attorneys cited in filing the suit. The questions immediately flooded my Twitter feed, such as: What’s the problem? How do Uber’s checks differ from taxi companies? Why do the DAs care?

A year ago, I learned more than I ever wanted to about background checks, following a big investigation into Uber’s practices. So I drafted a primer to get you up to speed on one of the key issues in the dispute between Uber and local governments.

Why are San Francisco and Los Angeles unhappy with Uber’s background checks?

They’re not unhappy with Uber’s background checks themselves — they’re upset at the way Uber markets them to customers. Uber has said it has the “safest rides on the road” and charges a $1 Safe Rides fee to fund its checks. But in actuality, Uber’s background checks, conducted through a company called Hirease, are arguably not as thorough as the one taxis do in California.

Wait — what? Aren’t all background checks the same?

Background checks come in all shapes and sizes. You can pay a private investigator more than $1,000 to dig into every aspect of a person’s life. You could drop $15 on a dirt-cheap consumer agency that gathers their records from the internet. Or you could spend $60-$90 on Live Scans, which go through official Department of Justice and FBI databases.

This Live Scan thing sounds good. What’s that?

It’s the only way to comb official federal, state, and county records. Live Scans use candidates’ fingerprints and update after the fact, so if someone commits a crime in the months or years after they’ve been hired, their employer will be notified. Live Scans are the standard for teachers, medics, and other professionals who work with vulnerable populations.

In California’s major metropolitan cities, taxi companies are legally required to Live Scan all drivers. Transportation is regulated by different entities depending on the state, so taxis in other places have different background check standards. In some places, Uber does a more thorough background check than taxis, but not in California.

I’m confused. If taxi companies legally have to do Live Scans in California, why doesn’t Uber?

When ridesharing was legalized in California, it was put under the jurisdiction of the California Public Utilities Commission (CPUC), which regulates certain transportation options like limousine services and trains. In California different entities — the municipal transportation authorities, like the SFMTA — regulate taxis. The CPUC decided that ridesharing companies would be held to less strict standards for background checks than taxi companies.

What does Uber use instead?

Uber uses a private background check company called Hirease. Without fingerprints, Hirease runs drivers’ social security numbers through the type of records databases held by credit agencies. There are some big limitations to this. Sometimes they’re outdated or incomplete, since they aren’t accessing official government databases. The records can come from dubious sources, like Internet crawls. Such credit checks can legally only go back seven years in a person’s history (whereas Live Scans don’t have a time limit). And if a driver commits a crime after Hirease runs its initial background check, Uber won’t know.

Uber told me it does occasionally re-run its driver background checks to deal with this issue. Uber is on track to complete more than 2 million background checks in 2014, so that’s no small feat.

If Live Scans are best in class, why doesn’t Uber use them?

Uber argues, and rightly so, that the DOJ and FBI databases are flawed. Counties don’t always regularly report their records to the state, so information gets outdated. Hirease sends runners in person to pull court records of each Uber applicant in the counties they’ve lived in. That might be a better system, although it has some obvious weaknesses (what if someone commits a crime in a county they weren’t a resident of?).

Still, Live Scans are the industry standard for employees in sensitive job roles, and if Uber wants to be “industry leading,” it should be doing them. If it ran Live Scans in addition to working with Hirease, it really would be best in class.

Are there other reasons Uber doesn’t do Live Scans?

I have a few theories:

  1. Price — Live Scans are more expensive than run-of-the-mill checks. This is the most unlikely answer given Uber’s war chest of venture capital, but it’s possible the company has future expenditure concerns in mind.
  2. Growth — Live Scans would slow down Uber’s scaling process, because every potential driver would have to get fingerprinted in person.
  3. Driver pool — Uber doesn’t want to run the risk of shrinking its potential driver pool by doing a more thorough background check.
  4. Legality — It’s possible Uber isn’t allowed to do Live Scans. Because such official searches access privileged criminal information, companies must apply to Live Scan their employees. If Uber has applied and been rejected, however, they haven’t told me.

Is there anything that makes Uber “safer than a taxi?”

Yes. Uber has stricter standards for its drivers than some taxi companies. For example, in San Francisco taxi drivers with a DUI on their records are still allowed to work, whereas Uber doesn’t accept anyone with a DUI.

Secondly, since Uber tracks its passenger and driver interactions, it has a history that can be useful in prosecuting assaults or other issues. Since taxis don’t have that digital footprint, if your driver attacks you, you won’t necessarily have the information to track them down.

The Uber driver in India who allegedly raped a passenger had a record. How does Uber do background checks abroad?

It varies from country to country. Every place has different laws for background check procedures and different ways of storing records. Live Scans only apply to the US Department of Justice and FBI systems. In the case of India, as some have pointed out, clean records are easy to forge. That makes doing comprehensive background checks challenging for any company, not just Uber.

What background checks do Lyft and Sidecar do?

Uber’s competitors also don’t do Live Scans. They work with different private agencies  similar to Hirease. But the DAs didn’t have a problem with Lyft because Lyft said it would change the description of its background checks. The DAs are still in legal negotiations with Sidecar over the issue.

Will Uber have to change its background checks now that it’s being sued?

Nope. The DAs are respecting the CPUC’s authority over this issue. But the DAs want Uber to stop marketing its driver vetting processes as the holy grail.

Perhaps down the line Uber will use some of its recently raised $1 billion war chest to make sure its background checks really are the best around.

Here’s why Sidecar wasn’t named in the DAs’ ridesharing lawsuit

If you missed the news, the Los Angeles and San Francisco District Attorneys’ Offices are jointly suing Uber for misleading the public about its background checks, among other reasons. San Francisco DA George Gascón explained that they settled with Lyft for $500,000.

But missing from all the hubbub was one prominent name: Sidecar. The DAs didn’t mention the third company in the ridesharing trifecta, which left people wondering why. When the DAs threatened legal action back in September, Sidecar was one of the companies they named.

It turns out Sidecar wasn’t overlooked. The DAs didn’t name it because they’re still in legal negotiations. A Sidecar spokesperson told me, “We applaud the prosecutors for deciding to let the CPUC define regulations for this innovative new category of Shared Rides and we will continue to operate Sidecar Shared Rides in California. However, we disagree with The San Francisco and Los Angeles County District Attorneys’ Office on other issues and will continue to work with them until there is a resolution.”

In other words, Uber wouldn’t comply with the DAs’ requirements, Lyft agreed to, and Sidecar is still haggling. Gascón told Reuters Sidecar could still be sued if it doesn’t reach a peaceful settlement.

SFO legalizes Sidecar at the airport

Sidecar is now able to operate legally at SFO, the first of a long list of ridesharing companies that want to be granted that privilege. Sidecar says that this is the first time a California airport has given a permit to a ridesharing company. It’s joining the likes of car sharing service RelayRides, which struck a deal with SFO last November. SF mayor Ed Lee even released a statement on the news, “Companies like Sidecar are creating real jobs for San Franciscans and making easier to get around our City.”

Anticipating future laws for cloud storage

In his Weekly Update, David Linthicum, the Gigaom Research curator for cloud, explores ‘Why CSI does not  get cloud computing, and why there are no easy solutions’. In short, remote cloud data storage is relocating much eventually-sought evidence off-premises, if not offshore. Laws and regulations are yet to catch up to the technology, but there are some considerations that cloud companies and their customers can plan for now, in anticipation of future requirements.