Incident: Uber's Covert Use of "Kill Switch" to Thwart Authorities

Published Date: 2022-07-10

Postmortem Analysis
Timeline 1. The software failure incident involving Uber's use of a "kill switch" to thwart government raids occurred in April 2015 as mentioned in Article 130088.
System The software failure incident described in the article involved the failure of several systems and tools used by Uber to obstruct government investigations. The specific systems and tools that failed in this incident are: 1. Kill switch system, code-named Ripley, used by Uber to remotely cut computers' access to network files after they had been seized by authorities [130088]. 2. Greyball program, which falsely indicated to suspected authorities that no Uber rides were available near them, in an effort to thwart investigations and enforcement actions [130088]. 3. Geofencing technology used by Uber to block ordinary use of the app near police stations and other places where authorities might be working [130088]. 4. Casper, a comprehensive remote-control program tailored by Uber for its own use, which could cut network access even after devices were removed by authorities [130088].
Responsible Organization 1. Uber executives, including chief executive Travis Kalanick, were responsible for causing the software failure incident by ordering the use of a "kill switch" to block access to Uber's internal systems during government raids [130088].
Impacted Organization 1. Authorities conducting raids on Uber's offices [130088]
Software Causes 1. The software failure incident was caused by Uber's use of a "kill switch" technology to block office laptops and devices from accessing Uber's internal network during government raids, making data inaccessible to authorities [130088]. 2. Uber also employed technological tools such as Greyball, geofencing, and a program called Casper to prevent authorities from hailing cars, limit access to the app near police stations, and remotely cut computers' access to network files after they had been seized by authorities [130088].
Non-software Causes 1. Uber's aggressive business practices and disruption of the global taxi industry led to confrontations with authorities and regulatory bodies, contributing to the failure incident [130088]. 2. The corporate culture at Uber, characterized by a siege mentality and a lack of proper training, resulted in serious mistakes in judgment and decision-making during the failure incident [130088]. 3. The hostile attitude of Uber's CEO, Travis Kalanick, towards the taxi industry and regulators played a role in the confrontations and conflicts with authorities [130088]. 4. Uber's reliance on designating drivers as independent contractors rather than full-time employees, to avoid costly benefits and legal liabilities, created tensions with regulators and authorities [130088]. 5. The intense competition Uber faced from rival companies globally, such as Didi, Yandex, Ola, and Lyft, contributed to the company's aggressive tactics and responses to regulatory challenges [130088].
Impacts 1. The software failure incident involving Uber's use of a "kill switch" and other technological tools to prevent authorities from investigating the company's business practices had significant impacts on the company's operations and reputation [130088]. 2. The incident led to a corporate siege mentality within Uber, where employees engaged in tactics such as cutting off access to devices during raids, using programs like Greyball to deceive authorities, and employing geofencing to limit app access near police stations [130088]. 3. Uber's use of the "kill switch" and other tools to obstruct investigations raised legal and ethical concerns, with some employees facing consequences such as arrests and fines for their involvement in circumventing regulators [130088]. 4. The incident highlighted a culture within Uber that prioritized aggressive expansion and competition over compliance with regulations, leading to clashes with authorities in various countries and legal challenges for the company [130088]. 5. The software failure incident ultimately resulted in changes within Uber, with the company stating that it no longer uses tools like Greyball and Heaven, and now works cooperatively with authorities worldwide [130088].
Preventions 1. Implementing proper compliance controls and governance within the company to prevent cowboy culture and rookie mistakes in judgment [130088]. 2. Providing better training to employees to ensure they understand the legal and ethical implications of their actions during regulatory investigations [130088]. 3. Establishing clear policies and procedures for interacting with authorities during raids to ensure compliance with the law and prevent obstruction of justice [130088].
Fixes 1. Implementing proper governance and compliance controls to prevent unauthorized actions like cutting off access to devices during raids [130088]. 2. Ensuring proper training and education for employees to make ethical decisions and comply with the law [130088]. 3. Ceasing the use of controversial tools like the "kill switch" and Greyball, which were used to obstruct authorities and gain unfair advantages [130088]. 4. Collaborating transparently with regulators and authorities instead of employing covert tactics to evade investigations [130088].
References 1. Former top Uber lobbyist Mark MacGann 2. Uber's San Francisco-based chief executive, Travis Kalanick 3. Uber's spokeswoman Jill Hazelbaker 4. Spokeswoman for Kalanick, Devon Spurgeon 5. Former employees of Uber 6. Uber's general manager for Western Europe, Pierre-Dimitri Gore-Coty 7. European legal director for Uber, Zac de Kievit 8. Former campaign manager and adviser to President Barack Obama, David Plouffe 9. Munich official 10. Dutch government officials 11. Uber's operations manager, Cornelius Schmahl 12. Uber's Pierre-Dimitri Gore-Coty 13. Uber's former top lobbyist in Europe, Mark MacGann

Software Taxonomy of Faults

Category Option Rationale
Recurring one_organization, multiple_organization (a) The software failure incident having happened again at one_organization: The article reports on how Uber used a covert technology tool called the "kill switch" to prevent authorities from successfully investigating the company's business practices during government raids. This incident involved Uber's San Francisco-based chief executive, Travis Kalanick, ordering the computer systems in Amsterdam to be cut off from Uber's internal network, making data inaccessible to authorities during a raid on Uber's European headquarters [130088]. (b) The software failure incident having happened again at multiple_organization: The article mentions that Uber's tactics, such as using the "kill switch" and the Greyball program to thwart authorities, were employed in multiple countries over a two-year span. The use of these technological tools to gain an advantage over authorities occurred in countries like Denmark, Belgium, and Germany, showing that similar incidents happened at different locations where Uber operated [130088].
Phase (Design/Operation) design, operation The articles provide information related to software failure incidents occurring due to both design and operation factors: (a) Design: The incident involving the software failure due to contributing factors introduced by system development is evident in the case of Uber's use of technological tools like the "kill switch" and the program called Greyball to prevent authorities from successfully investigating the company's business practices. These tools were developed and employed by Uber to gain a covert edge over authorities, going beyond simply connecting drivers and customers seeking rides [130088]. (b) Operation: The incident involving the software failure due to contributing factors introduced by the operation or misuse of the system is illustrated by Uber's tactics during government raids. Uber employees used tools like Greyball to limit where people could access the app, including creating geofences around police stations to block ordinary use of the app near authorities. Additionally, the company used stall tactics and the kill switch to prevent authorities from gaining access to data during raids, showcasing operational factors contributing to software failure incidents [130088].
Boundary (Internal/External) within_system, outside_system The software failure incident reported in the articles can be categorized as both within_system and outside_system. (a) within_system: The failure within the system is evident from Uber's use of technological tools like the "kill switch" and programs such as Greyball and Casper to prevent authorities from successfully investigating the company's business practices. These tools were developed and employed internally by Uber to gain a covert edge over authorities [130088]. (b) outside_system: On the other hand, the failure can also be attributed to factors originating from outside the system, such as government raids and investigations conducted by authorities on Uber's business practices. The incidents of authorities raiding Uber's offices and attempting to collect evidence, leading to Uber's use of software tools to obstruct these investigations, indicate external factors contributing to the failure [130088].
Nature (Human/Non-human) non-human_actions, human_actions (a) The software failure incident occurring due to non-human actions: The software failure incident involving Uber's use of a "kill switch" was a result of technological tools employed by the company to prevent authorities from successfully investigating the company's business practices. The "kill switch" was used to cut off office laptops and devices from Uber's internal network, making data inaccessible to authorities during raids on Uber's offices [130088]. (b) The software failure incident occurring due to human actions: The failure was also attributed to human actions, specifically the decision-making and orders given by Uber's chief executive, Travis Kalanick, to implement the "kill switch" and other technological tools to obstruct official inquiries and investigations by authorities. Kalanick ordered the blocking of office laptops and devices from Uber's internal systems during government raids, demonstrating a deliberate human action to impede investigations [130088].
Dimension (Hardware/Software) software The software failure incident reported in the articles is related to software contributing factors rather than hardware. The incident involved Uber using technological tools like a "kill switch" and programs like Greyball and Casper to prevent authorities from successfully investigating the company's business practices. These tools were used to block access to devices, manipulate the Uber app to avoid detection by authorities, and remotely cut network access even after devices were seized by authorities. The incident showcases how Uber leveraged its technological capabilities to gain a covert edge over authorities, indicating a software-related failure [130088].
Objective (Malicious/Non-malicious) malicious, non-malicious The software failure incident reported in Article 130088 involved both malicious and non-malicious aspects: (a) Malicious: The incident involved malicious actions by Uber to thwart government investigations and obstruct justice. Uber used a "kill switch" referred to as code-named Ripley to block access to devices and prevent authorities from accessing data during raids. This was part of a broader strategy by Uber to confound official inquiries and gain an edge over authorities. The company also used tools like Greyball to mislead and evade authorities, such as by blocking access to the app near police stations and using geofencing to limit app functionality in certain areas to avoid detection by regulators ([130088]). (b) Non-malicious: On the other hand, Uber's actions could also be seen as non-malicious in the sense that they were aimed at protecting the company's operations and data rather than causing harm for the sake of harm. Uber's spokesperson mentioned that the software tools used, including the kill switch, were designed to protect intellectual property, customer privacy, and ensure due process rights were respected in case of extrajudicial raids. The company stated that decisions regarding the use of these tools were vetted by legal and regulatory departments and were not intended to obstruct justice ([130088]).
Intent (Poor/Accidental Decisions) poor_decisions The software failure incident described in the articles falls under the category of poor decisions. The incident involved intentional actions taken by Uber executives to employ technological tools such as the "kill switch" and programs like Greyball and Casper to prevent authorities from successfully investigating the company's business practices. These decisions were made to gain a covert edge over regulators and law enforcement agencies, showing a deliberate effort to obstruct justice and impede official inquiries [130088].
Capability (Incompetence/Accidental) development_incompetence, unknown (a) The software failure incident related to development incompetence is evident in the case of Uber's use of technological tools to prevent authorities from successfully investigating the company's business practices. Uber developed extensive systems, including a "kill switch" and a program called Greyball, to confound official inquiries and gain a covert edge over authorities. The company leveraged its technological capabilities to obstruct justice and impede regulatory investigations, showcasing a lack of professional competence in ethical and legal practices [130088]. (b) The software failure incident related to accidental factors is not explicitly mentioned in the articles.
Duration permanent, temporary The software failure incident described in the articles can be categorized as both permanent and temporary: (a) Permanent Failure: The software failure incident can be considered permanent as Uber developed extensive systems, including a "kill switch" code-named Ripley, to prevent authorities from successfully investigating the company's business practices. The kill switch was used more than a dozen times in at least six countries over a two-year span, indicating a persistent strategy to obstruct investigations [130088]. (b) Temporary Failure: On the other hand, the software failure incident can also be seen as temporary as Uber employees sometimes expressed concern about the use of technological tools amid multiplying government investigations. There were instances where authorities ultimately gained access to the data they were seeking, such as in at least one case where Uber turned over records not initially available to authorities after they produced a second search warrant [130088].
Behaviour omission, other (a) crash: The software failure incident described in the articles does not specifically mention a crash where the system loses state and does not perform any of its intended functions. (b) omission: The software failure incident involved the system omitting to perform its intended functions at instances. For example, during a raid in Paris, Uber employees faced a dilemma of whether to comply or obstruct authorities requesting access to computers. There were discussions about giving authorities access to computers while cutting access in the background, potentially omitting to fully comply with the request [130088]. (c) timing: The software failure incident does not involve a timing failure where the system performs its intended functions correctly but too late or too early. (d) value: The software failure incident does not involve a value failure where the system performs its intended functions incorrectly. (e) byzantine: The software failure incident does not specifically mention a byzantine failure where the system behaves erroneously with inconsistent responses and interactions. (f) other: The software failure incident involved the use of a "kill switch" by Uber to block office laptops and devices from accessing the internal network during government raids, which could be considered a form of deliberate obstruction or manipulation of system behavior [130088].

IoT System Layer

Layer Option Rationale
Perception None None
Communication None None
Application None None

Other Details

Category Option Rationale
Consequence property (d) property: People's material goods, money, or data was impacted due to the software failure The software failure incident involving Uber's use of a "kill switch" to block access to devices during government raids impacted people's property. The kill switch was used to lock devices out of Uber's internal systems, making data inaccessible to authorities during raids. This action prevented authorities from accessing information held on remote servers, rendering the devices unable to retrieve even email. Additionally, the software failure incident involved the use of a program called Casper, which could cut network access even after devices were removed by authorities, further impacting people's data and network access [130088].
Domain transportation (a) The failed system was related to the transportation industry, specifically the global taxi industry disrupted by Uber. The software failure incident involved Uber using technological tools like a "kill switch" to prevent authorities from successfully investigating the company's business practices as it disrupted the global taxi industry [130088].

Sources

Back to List