The wireless connectivity that makes rented electric scooters a viable—and sometimes despised—transportation option may also leave some effectively chained to the curb in Los Angeles.
The city wants to know where people are taking and leaving e-scooters so it can assess whether some neighborhoods are getting shortchanged and left with fewer transportation options. The companies that operate these fleets of two-wheeled conveyances possess that information, thanks to the GPS sensors and mobile-broadband connections onboard them. But that doesn’t mean they want to hand over this data about their customers to L.A.’s government—and now one of them, Uber, says it will sue the city so it doesn’t have to.
The legal threat came the same day Seleta Reynolds, general manager of the Los Angeles Department of Transportation, suggested to a crowd in Washington, D.C., that this data sharing was a done deal.
“In Los Angeles, we have got to give people different choices for how to get around,” Reynolds said during a panel at CityLab DC, a conference hosted by The Atlantic Media Group (an occasional freelance client of mine). But the city didn’t want to wonder where every scooter startup was placing these vehicles: “We need information about where these for-profit fleets are operating,” she said.
With some 37,000 scooters now on L.A. streets, Reynolds said only “a couple of companies” operating them were resisting disclosing the requested trip-pattern data so that the city could ensure that scooters went beyond “neighborhoods that are already spoiled for choice in transportation.”
She emphasized the city’s data-minimization efforts, saying that “we start by collecting as little as possible”—six data points about the vehicle, not the person on it—and “we keep it for as short a period of time as possible.” Reynolds added that the city will encrypt this confidential data and pledge not to provide it to law-enforcement agencies absent a legal process.
Uber’s response: As long as you still want the GPS coordinates of the start and end of a trip, that’s not good enough.
“Independent privacy experts have clearly and repeatedly asserted that a customer’s geolocation is personally identifiable information, and—consistent with a recent legal opinion by the California legislative counsel—we believe that LADOT’s requirements to share sensitive on-trip data compromises our customers’ expectations of data privacy and security,” the company said in a statement.
Uber also shared correspondence with city officials that highlighted further problems: The department asked for trip data before crafting an initial set of privacy rules, it had yet to turn a broader set of privacy principles into detailed rules, and it had not pledged not to monetize this information.
Two privacy groups had earlier voiced support for Uber’s stance. The Center for Democracy & Technology, a Washington-based think tank, filed comments with LADOT warning that the data it sought “presents a detailed map of the individual riding habits of residents of Los Angeles.” (The CDT got 43% of its 2018 funding from corporations, including Uber.) The Electronic Frontier Foundation, a San Francisco-based group that has criticized Uber’s privacy policies in the past, made the same point when it urged ride-sharing users to contact the city government.
Uber itself keeps that location-history data available in each user’s app until they delete their account or request that trip history’s erasure. A statement from LADOT sent Wednesday said, “While all other permitted scooter and bike companies are complying with the rules, Uber has repeatedly refused, despite knowing about these requirements for months and agreeing to abide by them when obtaining a permit.” It did not address Uber’s location-privacy concerns.
However, the privacy trade-offs created by adding a GPS radio and a cellular transmitter to an otherwise low-tech device doesn’t have to remain stalled in this standoff.
Uber points to its work with the University of California at Berkeley to develop an open-source “differential privacy” tool that adds enough noise to a query about ride history to hide the most personal data. Apple has touted the same basic approach in its design of personalized tools like Siri—although critics of the voice assistant have pointed out that it could use more of a personal touch.
However, attempts at privacy don’t always work. Activity-tracking app Strava realized it was collecting data that could be highly useful to cities, and added privacy-preserving measures like blurring out the start and end of a ride or run. But ultimately, that wasn’t enough: Hiding the beginning and end of an activity did not stop soldiers using the app from unintentionally outlining the locations of military bases on their daily jogs.
Given what happened with Strava, the possible misuse of location data should be considered, even if it comes from Uber, a company that many hesitate or refuse to trust.