Among the many problems Uber is facing, one of the biggest is its take on privacy, and the US Congress wants to find out exactly how the ride-sharing service handles its customers' personal information.
After a couple of Uber executives alluded to tracking users with the service's geolocation data last month, many began to question the company's privacy standards. Among them: Sen. Al Franken.
The rub is that the apps track riders' pick-up and drop-off locations. And that's what Franken's concerned about. He wants to know how the companies use this geolocation data.
Franken is the chairman of the Senate Judiciary Subcommittee on Privacy, Technology and the Law and a vocal watchdog of consumers' privacy rights. In 2011,, urging them to explicitly detail their apps' privacy policies so users could better understand what type of personal information was being collected.
The whole debacle that prompted Franken to contact Kalanick began in November when BuzzFeed reported that Uber executive Emil Michael said he would like to to "dig up dirt on its critics in the media." At the same time, another BuzzFeed journalist reported that Uber's New York general manager used a feature the company calls "God View" to .
Among several other questions he addresses in his letters, Franken asks Uber and Lyft to clarify these "limited set of legitimate business purposes." The deadline for Uber to respond to Franken is Monday. When contacted by CNET, Uber didn't respond to request for comment.
Lyft has until the end of December to respond.
"We share Senator Franken's dedication to keeping consumers and their information safe," a Lyft spokeswoman said in an emailed statement, adding that the company plans to respond by the deadline. "The respect and rights of our users are at our core as a company, and we look forward to discussing this important issue and Lyft's commitment to consumer privacy in depth."
CNET News spoke with Franken about his concerns. The following is an edited transcript of the conversation.
Q: What initially prompted you to question Uber's data collection practices and privacy policies?
I believe Americans have the fundamental right to privacy and that right includes the ability to control who's getting your personal location information and who it's shared with. Obviously Uber and Lyft get your location information and I think they have a responsibility to have a policy in place that protects people's privacy.
In your letter to Uber, you asked if there was any disciplinary action taken as a result of Emil Michael's statements, what do you think would be an appropriate disciplinary action for him?
Franken: I don't know, I just wanted to know if they had. We've heard they with the other executive but I'm not sure what that was. I don't have a real strong idea about what should be the appropriate action, but I think you'd have to do something.
You wrote Uber first -- in the context of these circumstances and incidents -- why did you choose to contact Lyft too?
Franken: They're in the same space of ride-sharing and I wanted to see what their policy was. I believe they had a similar thing with an executive and a journalist that also came to light.
Have you heard back from either of the companies?
Franken: We've heard from Uber that they will respond by Monday. We have no reason to believe they won't. We've also heard that they are consulting some experts in this field, which we think is a good idea. Maybe it's something they probably should have done before. Maybe [the letter] just had a good effect on them and maybe it made them realize they hadn't spent enough time thinking about this.
You mention that users' location data can be misused, what examples of misuse can you give?
Franken: The worst kind of misuse are stalking apps. When I first started looking into geolocation I was a newly appointed chairman of the Subcommittee on Privacy, Technology, and the Law. It's the subcommittee I helped create to really look at how technology was evolving and how that related to privacy. The way I like to talk about it is that the founding fathers did not foresee the telephone. At some point, somebody had to decide whether a phone tap was in violation of the fourth amendment. And they said, "yes it is, you have to get a warrant." And now, with geolocation information, we saw a Supreme Court decision on whether police need warrants to put a tracking device on someone's car -- and they do.
On stalking apps, some of the first testimony I got on geolocation information came from the Minnesota Coalition for Battered Women. One of the pieces of testimony was quite chilling. It was about a woman who was in an abusive relationship in northern Minnesota. She went to a county building to go to the domestic violence center there and after about five minutes she got a text from her abusive partner saying, "why are you there?" That scared her. They took her to the courthouse to get a restraining order against the guy. Not long after that, she got a text from him that said, "why did you go there, was it to get a restraining order against me?" She didn't know it, but he had a stalking app. These are apps that actually advertise themselves as, "Suspect your partner is cheating on you? Slip this on her phone and you can track her wherever she goes." It's actually a very dangerous thing and it's proliferating because of the use of smartphones. I'm writing a piece of legislation that includes making the manufacturing and advertising of these things illegal.
How does that relate to how geolocation data can be misused by ride-sharing companies?
Franken: Again, this is all very private information. It gets where you go to the doctor, what you do on the weekends. This is very private stuff and I think people have the right to determine whether that information is taken, whether it's stored and whether it's shared. There are scenarios that you can come up with where that can intersect with the issue of stalking apps. I'm asking, "Do the employees of the company look at this stuff?"
In your letter you mention that Uber maintains users' information after they've terminated their accounts, why is that a concern in your opinion?
Franken: People may have terminated their accounts for various reasons. For some, it may be that they don't like the way they've experienced their information used. OnStar, at one point, had talked about how after discontinuing their service they . I don't think that companies should do that. I wrote them a letter [asking them not to do that] and they said "OK, we won't."
Do you think what Uber and Lyft are doing is different from what other tech companies are doing, like Facebook or Foursquare, as far as location tracking?
Ideally, what would you like these ride-sharing companies to do concerning their data collection and privacy policies?
Updated, December 16 at 10:20 a.m. PTwith information about Uber's response to Franken's letter.