Uber shared data on 12 million passengers and drivers with the government in six months

You may be more private catching the bus and paying cash…

David bisson
David Bisson


Between July and December 2015, Uber provided data on 12 million passengers and drivers following requests from US regulators and law enforcement agencies.

That is one of the major findings of the online transportation network company’s first-ever transparency report, which was released on Tuesday.

In the report, Uber reveals it received 33 requests from local regulated agencies for information pertaining to approximately 11,644,000 riders and 583,000 drivers between July and December 2015.

Sign up to our free newsletter.
Security news, advice, and tips.

Those agencies requested information about trip requests, pickup and drop-off areas, fares, vehicles, drivers, and in some instances electronic trip receipts including trip routes.

As required, Uber complied in 21.2 percent of those cases. It also attempted to negotiate a narrower scope for the vast majority of the data requests. For 42.4 percent of the cases, it succeeded.

Uber described in a blog post some of the thinking behind its first transparency report:

“Of course regulators will always need some amount of data to be effective, just like law enforcement. But in many cases they send blanket requests without explaining why the information is needed, or how it will be used. And while this kind of trip data doesn’t include personal information, it can reveal patterns of behavior – and is more than regulators need to do their jobs. It’s why Uber frequently tries to narrow the scope of these demands, though our efforts are typically rebuffed.”

Uber app

In addition to being contacted by regulatory agencies, Uber received requests from law enforcement agencies on more than 600 of its riders and drivers.

A vast majority of these cases related to fraud or the use of stolen credit cards.

The transportation company fully complied with less than a third (31.8 percent) of those requests and either partially complied/found no data on the remaining 78.2 percent of cases.

In its report, Uber was careful to include a “warrant canary” claiming it received neither a national security letter nor a court order under America’s Foreign Intelligence Surveillance Act (FISA).

Uber policy

Uber is by no means a perfect company when it comes to user privacy.

In February of 2015, researchers found it had left its lost-and-found database open to the web. This discovery came only a few weeks before a database containing the information on 50,000 drivers was revealed to have been accessed by an unauthorized third party.

Even so, this transparency report is a step in the fight direction. And it’s encouraging to see reported that Uber will release more in the future.

The transportation company joins more than 60 companies, including Google, Facebook, Amazon and Apple, that regularly release transparency reports.

David Bisson is an infosec news junkie and security journalist. He works as Contributing Editor for Graham Cluley Security News and Associate Editor for Tripwire's "The State of Security" blog.

One comment on “Uber shared data on 12 million passengers and drivers with the government in six months”

  1. IanH

    11,644,000 passengers reported to government in 33 requests averages more than 350,000 passengers per request. So it's mass surveillance?

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.