Uber/Under: Will Greyball amount to a gamble Uber couldn’t afford?

Uber Technologies Inc. (Uber), the popular ground transportation technology company, has had a controversial start to 2017. Its latest crisis involves an Uber-developed “tool” coined “Greyball” which was ostensibly designed to “den[y] ride requests to users who are violating [Uber’s] terms of service”, according to the company.[1] In reality, Uber deployed the Greyball program, at least in part, to thwart and evade local law enforcement officials and Uber’s regulators with the intent of avoiding costly tickets and fees, typically in jurisdictions where local governments resisted and banned Uber’s business model.[2] In unfriendly jurisdictions such as Portland, Oregon, Uber would, among other tactics, identify users whose credit cards or device numbers were linked to police credit unions and users who frequently opened the app near regulatory agencies. Once tagged, using the Greyball tool, Uber would present such unfriendly user with a fake version of the app showing no cars were available. If an Uber driver inadvertently picked up an unfriendly tagged user, the company would call the driver insisting on termination of the ride.[3]

To suggest that Uber’s tactics bordered, or crossed, the line of business ethics is not a controversial proposition. A more difficult question, and one less discussed by news outlets, is whether or not Uber violated the law. Interestingly, reports suggest that Greyball was explicitly approved by Uber’s general counsel’s office.[4] This suggests that Uber’s lawyers believed that either Greyball was legal, or that the benefits of an illegal Greyball program outweighed the risk of being caught and the costs that would be incurred thereafter. Whether Uber’s risk analysis was correct will not be known for some time but the following legal inquiries will likely be determinative to the final outcome: (1) did Uber violate the Computer Fraud and Abuse Act[5] (CFAA)? and (2) did Uber intentionally obstruct justice[6][7]?

In essence, the Computer Fraud and Abuse Act (18 U.S.C.A. § 1030) bans unauthorized or otherwise improper access of a computer server, including smart phones, by individuals and companies. A U.S. Attorney could allege, among other things, that Uber “intentionally access[ed] a protected computer without authorization, and as a result of such conduct, cause[d] damage and loss.”[8] Such a case would likely turn on a prosecutor proving that Uber both violated its own Terms and Conditions, or otherwise violated the terms of app stores through which it was downloaded, and caused damage that is actionable under law. Although the U.S. Attorney may have to get creative with respect to an argument alleging damages, Uber has cause for concern because courts have interpreted the CFAA’s language broadly in the past.[9] No matter the outcome of a criminal action, the CFAA also allows for civil action, opening the door to potential suits by harmed parties and competitors.

Obstruction of justice is outlawed both federally and by the states. In this case, because Uber is accused of obstructing local law enforcement and regulators, not the federal government, an obstruction action would most likely be brought by a state. Oregon’s statute, which is representative of other state statutes, and which is particularly relevant due to violations that occurred in Portland, states: “A person commits the crime of obstructing governmental . . . administration if . . . [such person]: (a) Intentionally obstructs, impairs or hinders the administration of law . . . by means of . . . physical or economic interference or obstacle.”[10] Assuming prosecutors are able to prove facts reported in the press, the elements of this statute seem relatively easy to satisfy on their face, at least in comparison to the CFAA’s elements. However, the fact that Uber is now (ostensibly) operating legally within Portland, and most other jurisdictions, may sway prosecutors to not bring an action. Local prosecutors will need to weigh whether the cost of a prolonged court battle against a well financed, aggressive technology company is in the public’s interest. This answer remains, as of today, unclear.

Though the resolution of these legal issues remains uncertain, one thing is certain: Uber’s legal department is going to have a busy year.

 

[1] https://www.nytimes.com/2017/03/03/technology/uber-greyball-program-evade-authorities.html

[2] Id.

[3] Id.

[4] https://www.theguardian.com/technology/2017/mar/03/uber-secret-program-greyball-resignation-ed-baker

[5] 18 U.S.C.A. § 1030.

[6] https://www.nytimes.com/2017/03/03/technology/uber-greyball-program-evade-authorities.html.

[7] E.g. N.Y. Penal Law § 195.05 (McKinney).

[8] 18 U.S.C.A. § 1030(5)(C).

[9] http://archives.sfweekly.com/sanfrancisco/hacking-the-law-fights-over-cyber-security-and-a-silicon-valley-divide/Content?oid=2254225

[10] Or. Rev. Stat. Ann. § 162.235 (West).

Comments are closed.