Driver pondered opportunities to take advantage of a drunk female passenger

A San Jose passenger recorded an Uber driver’s remarks while driving:

My dream is to have some drunk chick by herself also going home at the end of my shift and she wants me to come in. That would be the perfect ending to my day. … Half the work is already done, man. She’s isolated and she’s drunk. … I will get really drunk too and then I can’t be held responsible.

Uber indicated that it banned the driver from further rides for Uber.

Raised prices during transit malfunctions

When trains were out of service Uber sometimes charged far higher prices.

For example, during an August 15, 2017 train service disruption in Chicago, Uber charged as much as five times its normal prices. A spokeswoman for Chicago’s Business Affairs and Consumer Protection department remarked: “It is unfortunate that at least two ride-share companies chose to take advantage of this morning’s difficult commuter situation.” Under pressure, Uber refunded passengers who paid a surge in this period.

Misrepresented its monitoring of employee access to data, steps taken to secure data

In a press release, the FTC summarized its privacy-related complaint against Uber.

For example, Uber told the public that the company “has a strict policy prohibiting all employees at every level from accessing a rider or driver’s data. The only exception to this policy is for a limited set of legitimate business purposes.” Uber claimed access was “closely monitored and audited by data security specialists on an ongoing basis.” Uber made strong claim in its privacy policy such as “We use the most up to date technology and services” to protect customer data, and “we’re extra vigilant in protecting” customer data” via “the highest security standards available.”

In contrast, the FTC found that Uber “has not always closely monitored and audited its employees’ access to Rider and Driver accounts” in that the security system “was not designed or staffed … effectively.” The FTC continued: “In approximately August 2015, Respondent ceased using the automated system it had developed in December 2014 and began to develop a new automated monitoring system. From approximately August 2015 until May 2016, Respondent did not timely follow up on automated alerts concerning the potential misuse of consumer personal information, and for approximately the first six months of this period, Respondent only monitored access to account information belonging to a set of internal high-profile users, such as Uber executives.”

The FTC also criticized Uber for letting engineers use shared access keys with full administrative privileges to all data in Uber’s Amazon Web Services database, rather than requiring that each program and each engineer use a separate key. Uber further failed to restrict access based on employees’ job functions, and failed to require multi-factor authentication to access data. Until March 2015, Uber stored sensitive personal information in AWS in clear text without encryption.

When Uber driver stole passenger’s bag, Uber falsely told police that the trip did not occur

Uber passenger Dane Wilcox reports the saga of a ride in an Uber in Boston. He told the driver he was leaving a bag in the passenger compartment as he unloaded luggage from the trunk — but then the driver drove off. When the driver didn’t return his calls or voicemails, he sought assistance from Uber and ended up filing a small claims lawsuit against Uber.

Meanwhile, in response to Wilcox’s police report, an officer tried to investigate, but Uber falsely told the investigating detective that the driver at issue had not worked for Uber for two years, and that the company had no record of the ride — both provably false. Based on these false statements which impeded the investigation, the small claims court awarded Wilcox the full $4000 he sought.

See also coverage by Ars Technica.

Litigation: driver assaulted passenger with a metal rod, yielding bleeding in brain

TMZ reported a lawsuit by a Chicago Uber passenger who says driver Munstr Abuseimi punched him repeatedly — then came back to his house with a metal rod which he used for further attacks. The passenger said he received a fractured left orbital, bleeding in his brain, concussion, and a dislocated jaw with nerve injury. Uber did not comment but said the driver no longer has access to the company’s app.

London police: Uber failed to report driver attacks

The Guardian reported a letter from the London Metropolitan Police’s taxi and private hire team, complaining that Uber failed to timely report drivers attacking passengers. “Had Uber notified police after the first offence, it would be right to assume that the second would have been prevented,” the letter explained. The letter said that Uber failed to report sexual assaults as well as an incident in which a driver “produced what was thought to be pepper spray during a road rage argument.”

Prohibited pricing practices in India

In an August 2017 decision, a New Delhi magistrate held that Uber, as well as local competitor Ola, had violated the Motor Vehicles Act by charging prices other than those specified by law. See Section 67(d).

The decision resulted from a complaint filed by a non-government organization, Nyayabhoomi, which also alleged other violations: vehicles with tourist permits providing services on point-to-point basis in violation of law; running on diesel fuel in violation of orders from the Supreme Court of India.

Knowingly leased recalled vehicles to drivers in Singapore

Uber knowingly leased recalled vehicles to its drivers in Singapore. A Wall Street Journal report (paid subscription required) describes a driver whose vehicle caught fire, due to the problem fixed by the recall, just after a passenger got out. WSJ explains:

News of the fire rippled through Uber’s Singapore office after its insurance provider said it wouldn’t cover the damage because of the known recall, emails show. Word reached Uber’s San Francisco executives two days later, emails show.

Uber’s lawyers in Singapore began assessing the legal liability, including possibly violating driver contracts for supplying faulty cars and failing to immediately inform the Land Transport Authority about the defective cars, emails show. “There is clearly a large safety/responsible actor/brand integrity/PR issue” for Uber, an internal report read.

Additional coverage from TechCrunch.