The business of using your data

Uber has recently been revealed to have used customer data to avoid government officers. Photo / File

For Uber, it's not a question of whether or not the company should infuriate the authorities as part of its business model, but how to deliberately irritate them even more each time.

The latest "Greyball" scandal involved surveillance of Uber riders via the company's technology to work out if they're government and local council enforcement officers.

Uber didn't want those people to catch a ride with them, and went to extraordinary lengths to prevent it with its violation of terms of service programme.

By collecting data from the Uber app such as where passengers would hail cars, as well as spying on people's credit card information and social media profiles, the company was able to identify enforcement officers.

When that happened, Uber served up fake cars in the app, ones that didn't exist and prevented the enforcement officers from being picked up. This happened worldwide, in the US, Australia, China and South Korea.

In other words, Uber used technology and large amounts of data to obstruct the enforcement of regulations as part of its business model.

News of Uber's "greyballing" of enforcement officers to evade detection is in stark contrast to its recent Movement programme.

This would offer town planners and city authorities free access to anonymised data from over two billion trips worldwide, so as to help them work out traffic flows and more to deal with congestion and pollution.

Movement seems useful, but the "greyballing" paints Uber as an company that uses the data it collects for dubious purposes. It's not like Uber told users the data they hand over would be used for "greyballing" and in that light, Movement seems like a PR exercise more than an attempt at doing good.

That's where the whole thing becomes a very 2016 issue: information is power, and has been abused as long as anyone cares to remember.

The difference nowadays is that we're encouraged to generate as much data as possible and hand it over to... well, we don't know who exactly, or what the huge amounts of data will be used for.

It's easy to collect vast amounts of data, and computing power is available to process it quickly and cheaply. The people who process it don't ever see who handed over the data.

Add it all up and you can see why the temptation to do evil with the information is there.
Some people don't even pretend, and do their level best to be evil with data. This week, news of a massive data leak surfaced, after a huge suspected spamming operation left lots of files and database backups exposed and unprotected to the internet.

It's almost certain that your email account, and my one, is among the almost 1.4 billion records that the one recent alleged group of spammers have amassed. Moreover, they've added full names to the email accounts, along with internet protocol and - sometimes - physical addresses.

This is a massive amount of data. Chris Vickery, the security researcher who found the US group, told me that it took him a few hours to look up three people he knows while verifying the yet to be indexed information.

The data has been collected in various ways, by asking people to provide it for sometimes legitimate purposes, sometimes not. By hooking up with third parties and affiliates, the spammers were then able to match email accounts with people's full names, creating a premium product for them to sell.

The alleged spammers exposed not just sensitive personal information but also their entire operation with financials, connections and business model; now that we know that this kind of abuse, and "greyballing", happens, it's time step in and make sure there are steep penalties for the people who do it.

Data provided for one purpose should not be used for anything else without express permission from those whom it was gathered from.

If not, we can kiss what little privacy we have left goodbye sooner rather than later.