[hitgeek]

most of this sounds like good practice for any company that stores large amounts of sensitive data.

perhaps the features were used inappropriately, but I would hope Uber can remote wipe a laptop, log users out of company systems, or centrally enforce encryption policies.

this line is just silly.

--"Later versions of Ripley gave Uber the ability to selectively provide information to government agencies that searched the company’s foreign offices. At the direction of company lawyers, security engineers could select which information to share with officials who had warrants to access Uber’s systems, the people say"

What is the alternative? Giving law enforcement access to all data without any discretion? Querying ride data for 1 person is technically "selectively provide information", but that seems perfectly acceptable.

[diego_moita]

I agree.

The majority of people on this site are from countries that work under the rule of the law. I understand that they'd feel uneasy by these subterfuges.

But in places like Russia, China, Belarus, most of Africa and parts of Latin America these resources are more than justified. You should fear the police as much as the bad guys.

Actually, as a non-American, if I were to land on an U.S. airport with a computer or cellphone I'd also take careful measures to avoid abusive searches, even if they're substantiated by law.

[slivym]

The headline of this is that it was implemented in response to a legal police search that resulted in uber getting banned in a country because it was breaking the law. It was then repeatedly used to obstruct justice.

This wouldn't be news if I told you that Intel makes its engineers encrypt their hard disks and require passwords on wake and insist no one leave their computer unlocked.

The news here is that they're using this technology specifically for obstruction of justice.

[mcguire]

Right!

It's not the technology in question, it's the decision to use it for this specific purpose.

[dx034]

But locking out all users by office? I can't think of a legitimate use case for that. Locking/wiping devices of people who left the company is standard but why for a whole office? Robbery doesn't really apply, either they do it when no one's in the office (devices locked anyway) or you won't be able to call HQ.