Jussie Smollett - photo credit: By Sister Circle Live |
Jussie Smollett -- What Went Uber Wrong with the Plan
by Susan Basko, esq.
Other writers: If you are going to "borrow" my writing or research, at least give me credit. I do original research and -- heck, you ought to try that, too.
The latest twist in the Jussie Smollett street attack story is that he paid his two body-building friends, Chicagoans Nigerian brothers Abel and Ola Osundairo, $3500 to stage the mugging. (Allegedly, someone emailed in to remind me to write allegedly.)
What went wrong with the plan?
1. The story seemed fishy from the beginning for a whole roster of reasons, including that Chicago is not MAGA country, but rather, is a sanctuary city and longtime Democratic stronghold. Then there was the fact it was an icy cold Chicago night and people were not out strolling about. Surveillance video had to be searched to find even two people out and about. Then there was the oddball fact that Jussie Smollett still had his Subway sandwich after being attacked and tossed around. Subway sandwiches are excellent, but in case of a violent tussle, are likely to be dropped and lost. All in all, the story came rang up as not likely fully true.
2. The attack took place - or was staged -- just below a street surveillance camera. And then it turned out the camera was actually facing the opposite direction. This was the first big snag in the plan; the video evidence was nonexistent.
3. Chicago police located two potential attackers on surveillance video and then, according to at least one news report, used the Uber ride-sharing app to identify one of them. Uber requires those who join its app to allow the company to have access to the phone's locations, pictures, files, phone calls, texts, contacts lists, etc. All the CPD had to do was issue a subpoena or warrant to Uber and they could obtain not only the name of the man using the account, but his financial data, airline ticket jpgs and itineraries which were likely stored on the phone, photos, a location history, and tons of other information likely contained on the phone that the user had given Uber permission to access upon joining Uber. Scary? The permissions required are why I have not joined Uber; I was shocked when I recently read the permissions list.
Here are screen shots of the Uber app permissions that appeared on a version of the app that recently appeared. The app gives written notice that "Updates to Uber may automatically add additional capabilities within each group." In other words, these capabilities may be expanded each time an app update occurs. Some apps update automatically, and others require a click or permission. Very rarely would anyone seek out or read what permissions are being given to the app on an update.
This first screen full of permissions gives Uber permission to know the identity of the user, find accounts on the phone, add or remove accounts, read the contact card, read the person's contacts, and find the person's approximate and precise locations.
This fourth set of Uber app permissions overlaps with the third screen. Here, Uber lists as "Other" a set of "New" permissions. Uber can: Draw over other apps (I am not sure exactly what this means, but it does not sound good), prevent phone from sleeping, connect and disconnect from WiFi, read Google service configuration, control vibration, pair with bluetooth devices, change your audio settings, use accounts on the device (sounds like it can buy things on your Amazon account? or what?), view network connections, and have full network access.
Basically, when you give Uber all these permissions, you are employing Uber to spy on you, your contacts, your locations, phone calls, your audio, and all your files.
It sounds like with the two Nigerian-Chicagoan brothers, the Chicago Police Department were able to track them via the Uber app. One day, the men in the grainy photo were unidentified and barely recognizable. Soon thereafter, Chicago police knew their names, their address, knew when they had flown to Nigeria and when they were coming back. Police were waiting at O'Hare Airport for them upon their return.
What's the upshot here? Does Uber need all this information and all these capabilities to arrange for someone to give you a ride? Likely, it needs some of these capabilities. Having some of these permissions probably makes Uber riders and drivers safer or at least they can be held accountable easier if they do something bad. After all, with Uber, you are getting into a car with an unlicensed stranger and that driver is allowing random people off the street into their car. The Uber app permissions make both the driver and riders more known and less random. The knowability probably makes the whole enterprise a bit safer for all involved.
The downside is you are giving Uber the right to act as a surveillance machine upon the intimate details of your life that are contained in your phone. Upon considering this list of permissions, I could not get myself to click, "I accept." I decided that if I cannot walk or take a bus or train, I will call a taxi or a friend, if one is nearby. Many times, I am in places where taxis are scarce. My lack of Uber has meant such things as walking with groceries in the rain or walking a distance to where I knew there was a cab stand. It's not convenient and I long to use a ride sharing service, if one were respectful of my privacy.
What is the legality of police using information gathered by the Uber app, when the Uber user has given the app permission to gather all that information? If the police serve a subpoena or warrant upon Uber, it seems likely the Uber user has no standing to object to the subpoena and would probably not even be given notice of the subpoena. Might the police require Uber to commandeer the phone and, for example, require Uber to give the location of the phone, and likely of the phone owner, since most people carry their phones with them? Might police require Uber to use the phone camera to show the people or the place where they are located? Might police require Uber to use the phone as a listening device? Or would Uber be required to only give the information it would have otherwise obtained in the normal course of its business operations?
Conversely, are there privacy laws that prohibit an app from gathering excess information? Right now, as far as I know, the legal standard is that the app must get permission from the users to gather or use information. However, app permissions are always a take-it-or-leave-it proposition -- either you agree to allow the app to do what it does or you do not use the app. A user cannot opt in or out of the various permissions. And, as seen above, the app can automatically add on more capabilities with each update.
All these are legal questions that have yet to be explored, as far as I know. Right now, awareness is the key. If you are agreeing to turn your phone into a complete surveillance device that can be used against you, then at least be aware you are doing that.
Here are screen shots of the Uber app permissions that appeared on a version of the app that recently appeared. The app gives written notice that "Updates to Uber may automatically add additional capabilities within each group." In other words, these capabilities may be expanded each time an app update occurs. Some apps update automatically, and others require a click or permission. Very rarely would anyone seek out or read what permissions are being given to the app on an update.
This first screen full of permissions gives Uber permission to know the identity of the user, find accounts on the phone, add or remove accounts, read the contact card, read the person's contacts, and find the person's approximate and precise locations.
This second set of permissions gives the Uber app the abilitiy to receive text messages on the user's phone, read the user's text messages, and send text messages from the user's phone. Uber is also given permission to directly call phone numbers, presumably using your phone or possibly using your phone contacts to make phone calls. Uber is also given permission to modify or delete contents of the user's SD card. The SD card is where you may have stored pictures, files, tickets and receipts, songs and videos, games, etc.
This third set of permissions allows Uber to use the user's camera to take pictures and videos! It also allows Uber to obtain the user's WiFi connection information, which would show which WiFi systems have been available to your phone and which you have logged into. This would be a way of tracking the Uber user's movements and activities, as well as a way to be able to find out more information, such as what was done on any of those WiFi systems. Included in this set of permissions is that Uber can read the phone status and identity and the Device ID and phone call information. You're just calling for a car ride, not joining the CIA, remember.
This fourth set of Uber app permissions overlaps with the third screen. Here, Uber lists as "Other" a set of "New" permissions. Uber can: Draw over other apps (I am not sure exactly what this means, but it does not sound good), prevent phone from sleeping, connect and disconnect from WiFi, read Google service configuration, control vibration, pair with bluetooth devices, change your audio settings, use accounts on the device (sounds like it can buy things on your Amazon account? or what?), view network connections, and have full network access.
Basically, when you give Uber all these permissions, you are employing Uber to spy on you, your contacts, your locations, phone calls, your audio, and all your files.
It sounds like with the two Nigerian-Chicagoan brothers, the Chicago Police Department were able to track them via the Uber app. One day, the men in the grainy photo were unidentified and barely recognizable. Soon thereafter, Chicago police knew their names, their address, knew when they had flown to Nigeria and when they were coming back. Police were waiting at O'Hare Airport for them upon their return.
What's the upshot here? Does Uber need all this information and all these capabilities to arrange for someone to give you a ride? Likely, it needs some of these capabilities. Having some of these permissions probably makes Uber riders and drivers safer or at least they can be held accountable easier if they do something bad. After all, with Uber, you are getting into a car with an unlicensed stranger and that driver is allowing random people off the street into their car. The Uber app permissions make both the driver and riders more known and less random. The knowability probably makes the whole enterprise a bit safer for all involved.
The downside is you are giving Uber the right to act as a surveillance machine upon the intimate details of your life that are contained in your phone. Upon considering this list of permissions, I could not get myself to click, "I accept." I decided that if I cannot walk or take a bus or train, I will call a taxi or a friend, if one is nearby. Many times, I am in places where taxis are scarce. My lack of Uber has meant such things as walking with groceries in the rain or walking a distance to where I knew there was a cab stand. It's not convenient and I long to use a ride sharing service, if one were respectful of my privacy.
What is the legality of police using information gathered by the Uber app, when the Uber user has given the app permission to gather all that information? If the police serve a subpoena or warrant upon Uber, it seems likely the Uber user has no standing to object to the subpoena and would probably not even be given notice of the subpoena. Might the police require Uber to commandeer the phone and, for example, require Uber to give the location of the phone, and likely of the phone owner, since most people carry their phones with them? Might police require Uber to use the phone camera to show the people or the place where they are located? Might police require Uber to use the phone as a listening device? Or would Uber be required to only give the information it would have otherwise obtained in the normal course of its business operations?
Conversely, are there privacy laws that prohibit an app from gathering excess information? Right now, as far as I know, the legal standard is that the app must get permission from the users to gather or use information. However, app permissions are always a take-it-or-leave-it proposition -- either you agree to allow the app to do what it does or you do not use the app. A user cannot opt in or out of the various permissions. And, as seen above, the app can automatically add on more capabilities with each update.
All these are legal questions that have yet to be explored, as far as I know. Right now, awareness is the key. If you are agreeing to turn your phone into a complete surveillance device that can be used against you, then at least be aware you are doing that.