Car Industry

Uber agrees to 20 years of audits after FTC raised privacy, security concerns

Of course, that presumes Uber will exist in 20 years.

The Washington Post/Getty Images

In an attempt to shore up some of the issues that have plagued its ranks of late -- and also to get the feds off its back -- Uber is determined to do more to protect its user base.

Uber and the US Federal Trade Commission have come to an agreement following allegations that the ride-hailing outfit had made deceptive claims about its privacy and data security, Reuters reports. As part of its settlement, Uber must start a new privacy program, which must be submitted to regular audits for as long as 20 years.

The complaints go as far back as 2014. The FTC believed that Uber did not sufficiently observe when and how employees accessed data for both its drivers and its riders. A system was in place for doing so, but according to the FTC's complaint, it wasn't used very much, if at all.

Increased data security is never a bad thing, even if it comes after some particularly sad allegations.

Spencer Platt/Getty Images

Another chunk of the complaint focused on Uber's "god view" system, which allowed employees to track users' rides in real time. This system, along with a 2014 data breach that exposed the information of 50,000 drivers, ended up costing Uber $20,000 in fines from the state of New York following an investigation into the company's privacy and data security practices.

Other alleged bad security practices in the complaint include giving all engineers a single access key to all the data Uber stores with Amazon Web Services, lacking multifactor authentication to access its AWS data and storing personal information in plain text, without any encryption.

"We are pleased to bring the FTC's investigation to a close," an Uber spokesperson said in an emailed statement. "We've significantly strengthened our privacy and data security practices since then and will continue to invest heavily in these programs. In 2015, we hired our first Chief Security Officer and now employ hundreds of trained professionals dedicated to protecting user information. This settlement provides an opportunity to work with the FTC to further verify that our programs protect user privacy and personal information."

While it's good that this chapter of Uber's history is closing, the company is still in the midst of a not-so-righteous year. Travis Kalanick, Uber's CEO, resigned earlier this year after publicized company problems involving sexual harassment and gender bias. In January, the hashtag #DeleteUber took off after the company was viewed as a strikebreaker for its actions following the president's initial immigration ban announcement.