I guess I don't see any way a dockless bike/scooter rental scheme can be compatible with privacy. Their need to know where available bikes are, and to be able to detect thefts makes it hard to imagine they could work without GPS tracking.
And as soon as you know who rented what bike when, and where each bike went, you're going to start knowing customers' homes, workplaces and places of worship.
Although the government and uber knowing this data is less private than uber alone knowing, we all know uber doesn't give a shit about customer privacy. Personally I'd be much more worried about uber having the data in the first place than about the government also having the data.
Would you feel the same way if Uber complied privately and the article read:
"Uber shares real-time rider information with government agency"?
It seems like Uber can't win. If they share information, they're violating the trust and privacy of their riders. If they don't they still don't care about privacy but they're now also flouting regulators.
But Uber is offering a service that by its very nature requires that you expose the service provider to information you may wish to keep private. How is this the service provider's fault? It's not like they're going out of their way to add tracking into something that doesn't require it.
Like this is a little nuts, if you buy one of those GPS trackers for your kids you don't get to act shocked when you find out the company has their location records. You get to be angry if they use those records for anything other than providing you service but of course they have them.
It's not even remotely shady for a service to inherently involve knowing where you are. That's something that is true of every brick and mortar store, and indeed every cab driver. Yet the government doesn't demand that those businesses provide real-time feeds of information about the movements of their customers, and if the government were to do so and they were to object on privacy grounds, we wouldn't take it to mean that their entire business model is inherently immoral and all shops should cease to exist.
But it's not shady at all. Like these bike companies track the location of the bikes with GPS. Any when you go for a ride on one you are by proxy being tracked with GPS. Like this isn't magic or unexpected. Are you mad that an airlines have your location information while you're on the plane? Are you gonna demand the FAA stop tracking flights for rider privacy?
But nobody actually getting the blame since it would be weird if anyone was actually mad at this. Does anyone seriously believe that using Find My iPhone doesn't allow Apple access to your phone's location for the purposes of showing you where it is?
Do they need to know where they are at every given moment, and collect data on each customer in association with where they're coming from and where they're going?
No, they just need to know where they are when:
1. They run a collection routine
2. The bike/scooter is low on battery.
There is no info they need in association with the rider's trip. Or at least not, as the GP states, info required "by nature". That perspective is true of ride sharing (the driver needs to know where to pick up and drop off) but false in relation to bikes/scooters (no need to know start/end points, just need to know where the bike is during collection or low battery, and not in association with a rider).
They need to know where the scooters are but they don't really need to know where the customers are though.
Consider a similar system that would work with coin operated scooters. They can have GPS in the vehicle without constant association with users.
In any cases these two tracking databases, where is each scooter and who is on which scooter, should be separate so they can provide the former to law enforcement without disclosing citizens whereabouts.
That’s rather defeatist. They could use the data for setting up the ride and then throw it away after the ride is complete. Their app could keep a local record for you that’s not shared with the company. There are a ton of ways they could protect your privacy but they actively choose not to.
Anyone can watch you ride a shared scooter up to your house. That's public information. Privacy only comes into play if the scooter is taken inside your house. You have no legal expectation of privacy on a public street or sidewalk.
You don't, but what the court found was that putting a GPS tracker on someone's vehicle was materially different than having a real person shadow them all day.
Not the OP, but I would feel the same way, yes. My concern about my local government knowing my whereabouts is equal to my concern about the likes of Uber knowing my whereabouts, so if Uber shared this data, it wouldn't really change my behavior in any way.
But I avoid using Uber-anything, in part due to Uber's data collection, so my opinion on this data sharing is probably not that important.
Seems like if Uber is going to use this data for their benefit society should be able to use it to ours as well for planning an infrastructure purposes for example.
The way that society does stuff like this is through government bodies. The real problem here seems like a lack of trust or oversight of government bodies, which creates the impossible situation you identify.
> Seems like if Uber is going to use this data for their benefit society should be able to use it to ours as well for planning an infrastructure purposes for example.
I don't necessarily disagree, but "data used for their benefit" covers all data used by all businesses, from your emails stored by your provider (assuming you don't self-host) to trade secrets, etc.
So either we say the government should be able to access all data from everywhere (except the few that individuals store on their own) for planning purposes and such, or we must define why this data is different from other.
Fair point, I think there's a fundamental difference between the data collection done by a company like Uber or the FANG or whatever and the data that other companies collect in the normal course of business but it's hard for me to think of a good definition for the difference.
There's also the idea that maybe we should have total access to a currently unthinkable amount of data [0]
Without GPS or internet: put the bike at a cross road and tell the app (or call center) at which cross road you put it. Every now and then they get serviced, if the bike is not where you put it as the last owner, you pay a fine. That’s how it worked for years in Munich, Germany.
That way the bike doesn’t even need internet. To unlock the bike it generates a code with a key which is on the bike.
I don’t see how GPS prevents theft for small items like a bike. There is a lot of bigger farming machinery stolen despite their GPS.
> if the bike is not where you put it as the last owner, you pay a fine
How do they tell the difference between the last user not returning it, and the bike being stolen with bolt cutters after the last user returned it properly?
The bikes are built in a way that you don’t want to steal them. They drive down that probability in at least two ways:
Quite heavy and their specific number highly visible.
The lock is nearly unbreakable, a bolt which is locked inside the bike frame. I wouldn’t know of a way to crack this physically without demolishing the bike.
It’s much easier to steal any other bike instead.
I guess the main upside is vastly reduced technical infrastructure costs so you can get over a certain small percentage of stolen bikes after reducing this probability enough.
I watched someone dismantle a jump bike lock last week outside my apartment while walking my dog. Considering that and how often I see homeless riding them in sf, I suspect they are more easily stolen than you suggest.
I would be very surprised if someone can dismantle them on the street. But nevertheless if you have another bike right next to it which is worth more, lighter, faster and easier to crack why even bother?
Not sure how they do it exactly, but one possibility is CCTV cameras watching drop-off locations. You can then compare footage at the timestamp it was reported on-location if there's a dispute.
Combine this with a few anti-theft procedures that don't involve GPS / internet (as commonly used by bikeshare programs in various municipalities) and you've got something that might work.
It’s to point out that their suggestion of CCTV is really just a type of unstructured logging, and isn’t much better than the structured logging that seems
to be going on today.
The point here isn't about structured vs. unstructured logging: it's about addressing the possibility that legitimate users get blamed for theft.
This sort of dispute is probably going to end up in a legal forum at some point. In that case, video footage from a device that's not physically on the bike (and therefore much harder to tamper with) is going to carry much, much, much more weight than GPS traces. Also, you usually know exactly who is supposed to have access to CCTV camera systems / footage, and can therefore have those people make legally binding representations as to their accuracy / fidelity.
(Of course, with regards to this problem, your objective as a service provider is to end up in court as infrequently as possible. You'd be more likely to invest in anti-theft measures so you can get the probability of theft low enough to reasonably write off as part of opex.)
I expect Uber to care a lot about privacy. They’ve burned themselves badly before disrespecting privacy and I assume they’ve improved in that area immensely. Uber’s and their employees’ own interests are aligned with strong data privacy.
> I assume they’ve improved in that area immensely.
Why would you assume that without significant reason? This is a company that has, as you said, had problems with privacy.
2015, tracking concerns hit the news. [0]
2017, there's a class action. [1] And FTC auditing. [2]
2018, there's massive fines. [3]
We're in 2019, years on from actual problems being raised, and then being forced to confronted. How are Uber doing on that front?
> By focusing on global hiring, you will have people on the ground in other regions who can better understand the local laws, better understand the culture that drove the laws and how a new law is likely to be enforced, and build better relationships with regulators and other influencers.
Sounds more like they're interested in controlling the laws, not actually improving themselves overall.
(And none of this is to suggest the government is any way a better caretaker - they're worse in almost every way.)
Your ISP have ALL your internet data. Would you be okay if they shared it with the government? Sure they hold it temporarily, but they NEED to hold it to carry their business, even for a short amount of time. The same is true for theses scooters. In the case of the ISP, you trust them to destroy that data once it's moved to the next node, in the case of the scooters, the same can be true.
Thus, either you are fine with the government getting this data, simply because you don't trust Uber, or you are agreeing that the ISP should also share its data with the government in real time.
That's basically all it took to de-anonymise trips for celebrities using the NYC taxi data[1]. There was some poorly anonymized driver information in there but that wasn't used for tracking the celebrities themselves.
Reading your article, that doesn't appear to be a very correct description; The de-anonymization seems to have occurred through two primary aspects:
1. The taxi medallions were extracted due to poor crypto choice (and simple structure of medallion IDs), so you can map from reality -> dataset
2. The celebrities were photographed entering/exiting the taxi, with the medallion captured.
If you broke the link -- the taxi medallion -- you wouldn't have de-anonymized trips. And NYC anonymization process clearly (and correctly) intended for that link to not exist.
That is, start, end and length was not the key motivators in de-anonymization in this case. However, you can still imagine this data is sufficient to de-anonymize when usage is rare (and you've captured either start or end destination), but otherwise, the taxi data is not indicative of anonymization futility but rather implementation failure.
This is not quite incorrect. Some of the NYC taxi re-id demonstrations relied on reversing the hash for medallions, but most have not. In particular, the celebrity tracking did not require the medallion, since each record contains an origin and a destination. The identity of the driver across trips is irrelevant, since it is the passenger who is being tracked. The way this attack worked was to match an origin in the trip dataset to the timestamp on the celebrity photo. This revealed the destination of the trip.
In other cases, no photo is necessary (trips originating or ending at a residential address, linked to another sensitive location such as an abortion clinic).
There is a lot of research available on this topic. "Unique in the Crowd"[1], published in 2013, found that it takes only 4 GPS locations/timestamps to de-anonymize 95% of the population, with no other metadata. With 2 GPS pings, 50% of trips can be de-anonymized.
One could certainly design a least authority system for bike rental. Trusted hardware to compute trip length, psuedonymous account system, untraceable payments. Identity or payment escrow in case of theft.
But really, the straightforward way is culturally. Like if there were a general expectation that a company would only use data for an immediate purpose and then delete it, employees confirmed the company culture and processes, their legal terms supported this, and there was a strong privacy law to backstop any bad actors.
But our culture is not there. We've just generally accepted that Uber will act as an attacker, exploiting their surveillance data on us as much as currently possible, storing it indefinitely to do "better" in the future, and turning it over to other third party attackers for "business purposes".
This article draws our attention because we're pretty sure if the city gets access to this data, they'll do the exact same things for their own ends - probably turning it over to the police to integrate with the ANPR data who will pass it to the feds for their own nefarious games.
It's an environment of zero trust with its corresponding high costs, which are becoming more and more apparent as wider society is hit with the implications. This is the true damage that the Surveillance Valley ethos has done, and it's going to take a hell of a long time to recover.
Do you worry about Google having that same data? If you use google maps on a regular basis they know where you live, work, eat, travel, hang out with friends, and which routes you take when.
I avoid using Google Maps for precisely this reason. I'm less concerned about Uber or a local government having that data, far far less concerned. Uber rates as slightly more concerning than a government, because Uber will likely try to monetize it when/if their current business model fails to deliver profits to Wall Street.
Anyone with a cell phone in their pocket is giving their real time location data to private companies. And I’m very happy that the government can’t just access it without a warrant.
Real talk: you do not and are never going to have privacy if you have a mobile phone. You are carrying a tracking device and feeding data to at least a dozen different companies and government agencies. No mobile app is compatible with privacy because the phone itself disintegrates privacy.
Depends on the granularity of the data. What's wrong with (say) 100m square blocks as spatial granularity, with ride time to the nearest minute or even 5 minutes.
The city should be able to ensure regulatory compliance, while anonymity is preserved.
This would not provide very much privacy protection at all. Almost all trips will be unique with this level of granularity, so it will be easy to de-anonymize. I do privacy research with this type of data and have found numerous sources that used aggregation schemes with similar levels of granularity. In those public datasets, I was able to identify trips moving between a high school and a local planned parenthood, for example. 100m is far smaller than the size of school campus and most buildings.
To address privacy issues, data needs to be aggregated, with trip clusters with less than 5-10 trips dropped. Differential privacy strategies also exist, but dropping groups with low number of user contributions is the easiest solution to implement.
The "point" was to ensure privacy while satisfying the other desiderata of the the system, which includes ability to find a distinct scooter. I was disputing that it met the latter criteria by grouping too many scooters together (Scylla) in its attempt to avoid privacy violation (Charybdis). After all, why not just lump scooters into the east vs west coast?
Though I grant the general point that making the drop-off location more granular could satisfy both criteria, but you would need some kind of varying size to account for scooter density.
If you can count how many scooters are in the system at any time (and how many belong to different providers) then you should be able to enforce your licencing regime.
And if you know roughly where rides are going to / from and when, then that helps you integrate your different types of public transport - for example making sure that when the train arrives there are enough scooters there, or understanding how popular scooter ride paths interact with bike lanes, bus lanes, etc.
Mobile phone cell size is generally a pretty good proxy for population density - modern micro-cell sectors can be pretty small, and 5G will make them even small in urban areas.
(I work on this sort of stuff for a major engineering data science and asset management group in the UK).
> I guess I don't see any way a dockless bike/scooter rental scheme can be compatible with privacy. Their need to know where available bikes are, and to be able to detect thefts makes it hard to imagine they could work without GPS tracking.
I fail to understand why it's an issue if the government has this data but people are okay with Uber having it. Surely trusting the government is a more reasonable policy?
Uber doesn’t have a gigantic State apparatus with both a vested interest in and the ability to use violence to enforce it’s will on me.
By your logic, it would be more reasonable to require that Google be barred from all data sent over email, but require that copies get sent to the NSA. Similarly, AT&T should be required to not collect any phone records, but also be mandated to provide a copy of every single call to the FBI.
> Uber doesn’t have a gigantic State apparatus with both a vested interest in and the ability to use violence to enforce it’s will on me.
Uber falls under the jurisdiction of a gigantic State apparatus with both a vested interest in and the ability to use violence to enforce it’s will on you. Being a good corporate citizen, Uber would dutifully hand over your data to said government when asked. This is a distinction without a difference.
Also, the above article itself shows some empirical data that Uber will not, in fact, just hand over my data when asked.
Note that I don’t think they do this out of the goodness of the hearts or altruism, but rather that they’ve done the calculus and determined that giving this data to the government would cost them enough ill will and loss of revenue to make it not worthwhile. Uber, unlike a government, has to answer to the market, and thus its every consumer’s duty to punish those who would sell our liberties.
That's because the US government is still fundamentally democratic and follows the rule of law. Such a government might also treat your data with some due process. A government that's willing to use force to arbitrarily enforce its will is also one that would do the same to Uber and its executives. In that environment Uber would not resist.
This weird paranoia about the government acting with no consequence seems to never extend to 2nd or 3rd layer thinking. If the government could send a team of armed me to kick down your door at 3am and forcibly confine you to a cell with no due process, they could do the same to the CEO of Uber to get your information in the first place. Having a layer of indirection in the form of a private company is little-to-no protection against a despotic regime. It only works if the government is still following the rule of law themselves.
the point is:
- the government would be knocking down the door of a CEO who may not necessarily have the type of data they're looking for.
- the government would have to go through a ton of effort to get anything they needed, rather than having it all up front to begin with.
- no data should be given up freely without direct, fair consent (no matter who demands it)
It makes perfect sense in a cynical way - the government would face way more backlash if they went after the CEO of Uber as opposed to a probable nobody like you in the sense that "you are unlikely to cause major consequences which threaten their aparatus of power".
If they made a habit of doing that without a serious trail of justification under the law capital flight would be historic - damaging their income and GDP/the source of economic power, and damaging stability. It isn't even anything overtly sinister - just sensing that given the peril it is time to get the hell out of there.
And that is without lobbying and soft power aren't available.
Before you worry about the legality of Uber's Maximum Customer Satisfaction Response Team, you'll have to provide evidence that something being against the law has ever stopped Uber from attempting it.
> Surely trusting the government is a more reasonable policy?
Looks like you have not really read about what governments do to their people when it's convenient for them to do so. Current examples: check China. Of course the US is not China, but that should be an ample warning enough that trusting government with data + power is a bad combination.
"China" (as in the CCP) does not, in fact, have the data. They're leveraging a network of mostly-private companies to do the dirty work for them. So there's really no difference. If the US government became a dictatorship tomorrow, all the data collected by US private companies would end up in the government's hands. Neither private companies nor government entities can be trusted, and the only right answer is to demand that the data is not collected in the first place.
> "China" (as in the CCP) does not, in fact, have the data. They're leveraging a network of mostly-private companies to do the dirty work for them
The difference is that the CCP has every right to shut down businesses and they make the Law directly. No provisions can be made by external parties, there is no separation of power. So in practice all companies work in accordance with the CCP and will bend to their requests. In the US there are still companies which can and do refuse the federal government's requests to provide data without sufficient reason.
Your point seems to hinge on: IF the US became as bad as the CCP, it would force companies to hand over all their data anyways.
But a government like the US isn't a singular entity. There are all sorts of good, bad, and neutral actors within it. If you hand the government your data now those bad actors can abuse it now, rather than some hypothetical future where the US becomes an extreme authoritarian dictatorship.
History tells us that large corporations are not actually any better (and in many ways are worse) than governments when it comes to this sort of stuff.
And as soon as you know who rented what bike when, and where each bike went, you're going to start knowing customers' homes, workplaces and places of worship.
Although the government and uber knowing this data is less private than uber alone knowing, we all know uber doesn't give a shit about customer privacy. Personally I'd be much more worried about uber having the data in the first place than about the government also having the data.