Good afternoon and welcome back to another post from ToBeSecured! Today is Juneteenth, a day that commemorates African American freedom and emphasizes education and achievement. Take the time out of your day to remember how far we’ve come and how further we must go.
As I draft up this post, it dawned on me that lately I have been researching and writing about topics that pertain to privacy via location services. This week I decided to re-route the conversation to identity theft. Identity theft is one of the leading topics and issues of today and I want to remind you all of how to be secured.
People all over the world, including myself, utilize Uber, Lyft, and other ridesharing services. What most users don’t look into is the privacy policies, the information that is gathered when downloading the app, and how our information is being used.
I‘m here to inform you all of what to look for before signing up for these services, how our information is used, and how it can be accessed via data breaches or mishandling of information.
The convenience of always-available cars and drivers paired with easy-to-use apps, plus a selection of ride and pricing options makes for a great blend of technology and transportation On the other hand, because these services require riders’ information, such as real-time location data and a form of payment, they could pose risks to riders’ information and privacy if that information is mishandled. Although these services comply with local driving regulations, it is within each company how they decide to conduct background checks for applicants. There is also a human “safety check” system that allows each rider to rate their driver and also the driver to rate their passenger. If the driver falls below a certain rating, they can no longer drive for the company.
What types of data do ridesharing companies collect?
Ridesharing services like Uber and Lyft rely on GPS-enabled smartphones, since their apps need to know the location of both drivers and ride requestors. However, if riders do not stop sharing their location after completing their ride, the app could potentially track and collect data on where the user is, where they go, and often times how long they stay there.
In addition, most of these services require users to link to a social networking account, in most cases Facebook, as a way of verifying their identity. By linking to that account, the user then grants the company access to the personal information in their account.
Once more, these services are cashless, requiring users to store a valid card in their account in order to use it.
What can be done with your information?
A ridesharing company once had a launch party in a new city where they displayed in real-time the full names and destinations of their riders. It raised the issue of how these ridesharing companies store, handle, and even safeguard riders’ privacy.
No matter what type of service or goods a company provides, when it comes to questions about user privacy, it’s always a good idea to review the company’s privacy policy. A good privacy policy should clearly spell out what data the company intends to access, save, and transmit to third parties. It’s not common knowledge that these companies can and do share this data with third parties. Sometimes it can be general usage statistics that are sold to advertisers, and sometimes data is sent to third parties in order to support the functionality of the app.
Data breaches are increasing as cybercriminals find company databases to be treasure houses of personal information. These breaches can happen during the transmission of this data or even through the third parties once they receive the data. In 2015, Uber suffered one such data breach that exposed the personal information of 50,000 drivers.
Before you install an app.....
No two companies are alike, and ridesharing services are no exception. Before you commit to choosing a company by installing their app, follow these suggestions:
1.) Research each company for any online reviews or news stories about them to get a better sense of the company culture, attitudes, and any worrisome issues that customers may be addressing and discussing.
2.) Once you’ve narrowed down your choices, examine the privacy policy of each app. Yes, doing so can be a cumbersome task as there is a lot of information to go through, but the information you find should be clear about the company’s intent to use your data. If there is anything you do not feel comfortable with, do some more research or look into other service providers.
Data and privacy should not be mutually exclusive. In today’s technology-driven world, data collection, privacy, and protection should be at the forefront of everyone’s minds, from consumer to developer. We now live in a world where the standard has shifted from bank robberies to data breaches, simply because all of our personal information can be easily accessed in one place from companies that store that data. Uber, for one, is beginning to address this issue.
On July 13, 2017, Uber released an open-source differential privacy tool nicknamed Elastic Sensitivity. Differential privacy means that the identity of individuals is stripped out of user data before it is analyzed, helping to anonymize and protect a person’s privacy. Uber’s new tool alerts their data analysts of the likely privacy implications of any queries they make on Uber data before it can be analyzed.
Until all companies, ridesharing or otherwise, are held accountable for how they collect, store, and protect our data, responsibility ultimately falls to consumers to be aware of the companies they conduct business with and to be diligent, educated, and aware of how their data is handled when using services and apps.
This is the sole purpose of ToBeSecured - to educate the users of the importance of technology via privacy and security. Both parties should be responsible, companies in clearly specifying what data they collect from us, how it is used, and how they will protect us and consumers in reading with a purpose and understanding what is written in companies’ privacy policies.
What are your thoughts?
If you would like to discuss further, please leave a comment or ask a question. I'd love to chat with my readers and hear your thoughts. Thank you for dropping in and remember ToBeSecured!
Definitely wasn’t aware of Uber’s effort but thanks Ms. Dunn!
No I do not think it’ll be simpler to revert back to an early 2000’s style because people have become accustomed to this new generation of living. The internet has given users the chance of more exposure and social media outlets has made it easier for users to expose their personal information to the world, but data is data and companies need it in order to succeed. The way they use the data is the issue; advertising purposes, third-party companies, databases that store information of users are all ways most security breaches happen or misuse of data. We can put our trust in Uber because they are one of the companies that are working to put an end to blaming…
I love the in depth content you’re providing for the readers. I’d be more than excited to discuss solutions further than Elastic Sensitivity. Do you feel as if it’ll be simpler to revert back to an early 2000’s style of living? How can we trust that Uber has our best interest? What reprimands did they put in place for the 50,000 citizens who were affected ?