Background: Uber's offices in Montreal were raided a few days ago by Revenue Quebec: http://globalnews.ca/news/1998322/montreal-uber-offices-raid... . What is new news is that the URL above (a major Montreal newspaper) says that the local CEO called Uber HQ in San Francisco, who then tried to remotely encrypt data on Uber corporate servers, laptops, phones, and so on, during the raid. Revenue Quebec investigators noticed and are now expanding their seizure order.
An attempted coverup is often punished harshly. Richard Nixon and Martha Stewart should have taught everyone that. How is this not obstruction of justice[1], or whatever Canada calls it?
Obstruction charges can also be laid
if a person alters, destroys, or conceals
physical evidence
I dont understand why they were trying to do this remotely?
Wouldnt it have made more sense to have all the devices already encrypted? Then if someone does a raid - simply turn off all the devices - and your protected?
Are all servers and laptops currently encrypted at your work, or school, or home? I suspect that for most businesses the answer is NO. Same answer for most individuals.
But seeing as Uber is often skating at the edge of legality (or usually over the line IMO), perhaps they should have routinely been doing encryption?
I'm not sure what the benefit of encryption there is anyway. Governments have a very effective way of decrypting stuff like this: getting a court order to hold employees in prison until the data are decrypted.
Maybe they have no actual non-contractor employees in Québec? I'd be pretty pissed off if I was sitting in a Québec jail because someone in SF decided that during a raid was the appropriate time to implement encryption on my devices.
If you use full-disk encryption on your phone or laptop, it's vulnerable after you've logged in and supplied your credentials. Rebooting ensures that those credentials must be supplied again in order to decrypt.
What strikes me as odd about this is that the laptops weren't encrypted to begin with.
Relying on remote encryption to protect the data could have been defeated by simply taking the network offline at the beginning of the raid.
Potentially a remote lock prevents employees of Uber Canada being ordered to decrypt the data as they lack the means, but presumably such a court order would lead to head office having to decrypt the data anyway.
Get your popcorn ready, Canada's going to set Uber on fire.
According to the article (and what I can make of it via Google Translate) this is for tax reasons, because Canada considers Uber Canada an employer and it must collect tax.
I honestly don't understand why they would bother doing this what with an almost certain Obstruction of Justice charge and the fact that it's pretty obvious that money goes from people to workers via Uber.
I don't know anything about the formal structure of working as an Uber driver, but could Uber make the argument that their drivers work for the passengers and that Uber merely facilitates the connecting of drivers to passengers?
I think Canada's revenue service wanted to obtain evidence that money went through Uber from consumers to employees. If it were possible to pay any Uber rider directly (perhaps with a separate payment to Uber) then Canada couldn't call Uber drivers "employees." But they are, really. Uber processes the transaction and skims some off the top while passing on the rest to a driver. So Uber drivers are employees in Canada (or will be soon, at any rate)
wow, this clearly is criminal behavior from Uber HQ. Instead of fully complying with the investigation and using legal means to contest it they are behaving like a bunch of pedophiles trying to encrypt their hard drives so the police cannot get to their kiddy porn stash, despicable...
edit: obviously i'm not against data encryption it's just funny how encryption is used in this case to obstruct justice, article in French, obviously but the headings are saying something like this :
SF Uber engineers attempted to remotely encrypt the
data of Uber Canada computers during a search at Uber
Canada headquarters led by the Québec IRS in Montréal
last week.
Search at Uber Canada's office
Last May 14, dozens of investigators from "Revenue Québec"
proceeded in searching computers at Uber Canadas's office,
on Notre-Dame street. Investigators were looking for evidence
showing that Uber Canada is violating tax laws
Around 10:40 am, one of the investigators noticed
that "some handsets, computers and tablets
were remotely turned on" during the search. Another
female investigator, who was performing a second
search warrant in another office, noticed the
same exact phenomenon, also at 10:40 am."computers
were being remotely accessed and manipulated, we took
control of them then turned them down given the
emergency and the high risk of remote data
manipulation", can be read in the case made by judge
Jean-Pierre Braun
Encryption may or may not protect you against law enforcement, but that's not the only use case: it also protects you from employees who forget their laptop at Starbucks, disgruntled system administrators, and so on. Law enforcement may be able to compel you to decrypt the systems, but laptop thieves cannot.
Nothing he wrote implies that. He offered pedophiles as an example of a class that uses encryption to aid crime, not as an exhaustive list of all classes that use encryption.
If I wrote that in a recent program I used a functional approach, like they do in Lisp, would you think I'm claiming that Lisp is the only language with functional programming support? Because that's the kind of error you made in reading his statement.
>Investigators are looking for evidence to demonstrate Uber Canada is violating the tax law by not collecting GST and QST on behalf of its drivers to UberX.
For those who don't want to google translate. Further down it says that this is one of those things Uber doesn't think it has to do because it's an app, not an employer. Quebec seems to disagree and be willing to follow up.
Are we sure that the government agency really understood what happened here? It may be that a single laptop was doing a file vault update or something, and they jumped all over the place.
Yeah, we're pretty sure... if you read the article, you might be, too: multiple laptops and cell phones were remotely rebooted via the remote management facility at the same time (10:40), leaving them in an encrypted and unlockable state.
Commenters seem to think their servers were being remotely encrypted as well, but I didn't see any info to that effect.
It is funny to see how 30+ different governments are now up in arms against something that is essentially just a set of computers running on the internet, i.e. the Uber platform.
I wonder how many copycats will spring up in the future, and become Uber2, Uber3,and so on?
In Canada, Uber obviously made a serious mistake. They should not be physically present anywhere. Their strategy does not work, if governments can physically attack them. They are themselves missing the point about themselves.
I see governments everywhere seething and claiming that they want to shut down AirBnb, but where to do that? AirBnb does not have offices or staff over there, and therefore make it impossible for these governments to engage in their core business, that is, to use violence in order to impose their stupidity onto others.
42 comments
[ 3.4 ms ] story [ 89.2 ms ] threadAn attempted coverup is often punished harshly. Richard Nixon and Martha Stewart should have taught everyone that. How is this not obstruction of justice[1], or whatever Canada calls it?
[1] https://en.wikipedia.org/wiki/Obstruction_of_justiceGenerally the best legal strategy is to not do anything illegal, but sometimes that window has already closed ;)
Wouldnt it have made more sense to have all the devices already encrypted? Then if someone does a raid - simply turn off all the devices - and your protected?
But seeing as Uber is often skating at the edge of legality (or usually over the line IMO), perhaps they should have routinely been doing encryption?
Maybe they have no actual non-contractor employees in Québec? I'd be pretty pissed off if I was sitting in a Québec jail because someone in SF decided that during a raid was the appropriate time to implement encryption on my devices.
Relying on remote encryption to protect the data could have been defeated by simply taking the network offline at the beginning of the raid.
Potentially a remote lock prevents employees of Uber Canada being ordered to decrypt the data as they lack the means, but presumably such a court order would lead to head office having to decrypt the data anyway.
According to the article (and what I can make of it via Google Translate) this is for tax reasons, because Canada considers Uber Canada an employer and it must collect tax.
I honestly don't understand why they would bother doing this what with an almost certain Obstruction of Justice charge and the fact that it's pretty obvious that money goes from people to workers via Uber.
edit: obviously i'm not against data encryption it's just funny how encryption is used in this case to obstruct justice, article in French, obviously but the headings are saying something like this :
(work in progress)Encryption may or may not protect you against law enforcement, but that's not the only use case: it also protects you from employees who forget their laptop at Starbucks, disgruntled system administrators, and so on. Law enforcement may be able to compel you to decrypt the systems, but laptop thieves cannot.
If I wrote that in a recent program I used a functional approach, like they do in Lisp, would you think I'm claiming that Lisp is the only language with functional programming support? Because that's the kind of error you made in reading his statement.
I wonder if these actions could be legitimized by Uber claiming that they were merely trying to protect user data.
For those who don't want to google translate. Further down it says that this is one of those things Uber doesn't think it has to do because it's an app, not an employer. Quebec seems to disagree and be willing to follow up.
Commenters seem to think their servers were being remotely encrypted as well, but I didn't see any info to that effect.
https://translate.google.com/translate?hl=en&sl=fr&tl=en&u=h...
1. are generally significant, particularly
2. about a company closely followed by the HN community, and where
3. no obvious english-language alternative exists.
Sometimes it's through just such postings that the English language coverage is initiated.
I wonder how many copycats will spring up in the future, and become Uber2, Uber3,and so on?
In Canada, Uber obviously made a serious mistake. They should not be physically present anywhere. Their strategy does not work, if governments can physically attack them. They are themselves missing the point about themselves.
I see governments everywhere seething and claiming that they want to shut down AirBnb, but where to do that? AirBnb does not have offices or staff over there, and therefore make it impossible for these governments to engage in their core business, that is, to use violence in order to impose their stupidity onto others.