Top executives have been ordered to use a “lock switch” to prevent police and regulators from accessing sensitive data during raids on its offices in at least six countries, leaked files have revealed.
The instructions to prevent authorities from accessing its IT systems were part of a complex global operation by Silicon Valley to threaten law enforcement.
Uber files, a locker of confidential company data leaked to the Guardian, reveal how the company deployed its lock key at least 12 times in France, the Netherlands, Belgium, India, Hungary and Romania.
Uber has developed its key lock systems amid a series of raids by police and officials, which have gathered evidence that could be used to shut down unlicensed taxi services, impound vehicles or prosecute drivers.
During one of the raids in Paris, the leak showed Uber drivers pretending to be “confused” while officers walked around their offices and demanded to see the data. They discussed locking office access to the company’s key IT systems while at the same time watching police search computers for clues.
Legal experts said the actions documented in the statements raise questions about possible violations of laws against obstruction of justice in France, the Netherlands, India and Hungary.
Although Uber was known to use the key lock system in some countries, including Canada and Hong Kong, the leaked files show that its use was more extensive than previously known – and show how it was implemented with the involvement of top executives.
The emails show both Uvis CEO Travis Kalanick and his former legal director in Europe, Zac de Kievit, instructing IT staff to “kill” access to computer systems. Similar instructions were issued by Pierre Dimitri Jour Coty, who is still part of Uber’s 11-person executive team.
Uber said its software “should never have been used to stop legitimate regulatory action”. A spokesman for Kalanick, who stepped down as CEO in 2017, said the death switch was not used to impede justice in any country. She said Kalanick had never been charged in any jurisdiction with obstruction of justice or any related crime.
“The police will not be able to get much”
The first mention of the use of a keychain in Uber files relates to two raids in France at the end of 2014.
On November 17, after months of outrage over traditional taxi services, which felt Uber’s unlicensed ride model was unfair competition, officials from competition regulator, the DGCCRF, stormed Uber’s French headquarters in the 19th arrondissement business park in Paris. .
Already on alert after a raid in Lyon three days ago, the company almost acted.
In a message sent at 3:14 p.m., apparently after the raid began, de Kyiv sent an email to an Uber IT engineer in Denmark saying, “Please kill access now.”And the which managed Uber’s operations in Western Europe.
Thirteen minutes later, the technician wrote again, confirming that the procedure was “now done.”
That approach would develop for what employees called “unexpected visitors” the following year after a police raid in Brussels to investigate Uber’s use of regular drivers without a taxi license, a service then known as UberPop.
The documents showed that the Belgian authorities wanted to obtain the company’s data on the drivers, which were stored on servers in the United States. Eight armed officers in bulletproof vests stormed the Brussels office on March 12, 2015, accompanied by half a dozen IT experts.
Unlike in France, police took steps to ensure that local employees could not communicate with Uber’s San Francisco headquarters during the raid. Later that day, de Kyiv sent an email to managers, including Kalanick, “Our team has been arrested and has not had the opportunity to raise the death switch.”
However, it appears that Uber chiefs have agreed to an alternative method of trying to limit what the police may find. Lawyers for Kalanick, Gore Coty and Uber were copied in emails in which senior IT engineers discussed cutting off access to laptops that had already been confiscated.
In one message, a senior technician told Uber’s chief lobbyist Mark McGahn that he did so via a management system called Casper. He wrote: “The lock was activated on the machines seized.”
Later that year, a Belgian court order forced Uber to suspend its unlicensed Uberpop service in the country. Emails exchanged between drivers show that Uber drivers have learned a valuable lesson from the experience.