Tech

Lawyers for Former Uber Chief Security Officer Say He Was Sacrificed By The Company


Federal prosecutors say Joe Sullivan obstructed justice When in 2016, as Uber’s chief security officer, he failed to disclose the breach of driver and customer records to government regulators.

However, Mr. Sullivan’s lawyers said he had no way of concealing the incident and claimed that he broke the law stemming from Uber’s attempt to rebuild its image after a reign of terror. volatility of the company’s former CEO Travis Kalanick.

Opening arguments began Wednesday in a San Francisco federal court in what is expected to be a month-long trial against Mr. Sullivan, who, in addition to obstruction of justice, is also charged conceal a felony. Many security experts believe Mr. Sullivan, a former federal prosecutor, is the first chief executive officer of a company likely to face criminal liability for a data breach.

The company’s security officials say the outcome of the trial could inform how they handle security incidents, including how they interact with hackers and when they disclose information to consumers and management agency.

“There is a threat of jail time. You can’t put a company in jail. You can put an executive in jail. Now, that’s on the table,” said Chinmayi Sharma, a resident scholar and lecturer at the Robert Strauss Center for International Security and Law at the University of Texas at Austin.

In 2016, Mr. Sullivan learned that hackers had access to the personal data of approximately 600,000 Uber drivers and additional personal information related to 57 million riders and drivers, according to a criminal complaint against he.

Prosecutors said on Wednesday that Mr. Sullivan called hackers to Uber’s bug bounty program, a popular way to pay “white hat” security researchers to identify and report scams. security holes in popular online services.

Through the program, Uber paid the hackers $100,000 and required them to sign nondisclosure agreements, federal prosecutors said. The company did not disclose the incident to the public or notify the Federal Trade Commission about it.

The two young men responsible for the incident later pleaded guilty to hacking. One of them is expected to testify in the trial.

The the government charged Mr. Sullivan for failing to disclose the breach to the FTC while it was investigating Uber for an earlier incident.

In all 50 states, companies are required to disclose a security breach if hackers download personally identifiable data and a certain number of users are affected. There is no federal law that requires companies or executives to disclose violations to regulators.

One of Mr. Sullivan’s attorneys said the responsibility for reporting the case rests with Uber’s legal team. Mr. Sullivan, he argued, reasonably disclosed the incident to the legal team and others at the company.

David Angeli, one of Mr. Sullivan’s attorneys.

The data breach was not made public until 2017, when Dara Khosrowshahi became Uber’s new chief executive and fired Mr. Uber declined to comment for this story.

Mr Angeli said the notion that Mr Sullivan covered up the breach was a “narrative” created by Uber’s new executive team and Mr Khosrowshahi accused Mr. Sullivan of not disclosing the incident because Mr Khosrowshahi wanted distance. . company from its past.

“His mantra is Uber 2.0,” Angeli said of Khosrowshahi. “He wants to flip what Uber is doing.”

Andrew Dawson, assistant US attorney, said Mr. Sullivan tried to cover up the incident both before and after Mr. Khosrowshahi joined the firm. “This is a case of cover-up, of redemption and of lies,” he said. ‘Evidence will show that Mr. Sullivan paid the hacker’s silence’ as Uber is being investigated by the FTC

Mr. Dawson said Mr. Sullivan lied to Mr. Khosrowshahi in an email describing the incident to Uber’s new chief executive, implying that the hackers had not downloaded any data from the company.

Mr. Angeli argued that Mr. Sullivan had very little contact with the F.TC. During the investigation Uber and the company’s attorneys were held accountable for their response to the investigation.

“Uber’s legal team has all the information it needs,” he said, to decide whether the company should report the 2016 security incident to the agency.

He said 30 people at the company were aware of the breach and that Mr. Khosrowshahi had known about it for nearly three months before the company reported it. He suggested that by blaming Mr. Sullivan, Uber’s new management team was able to wash their hands with the incident.



Source link

news7f

News7F: Update the world's latest breaking news online of the day, breaking news, politics, society today, international mainstream news .Updated news 24/7: Entertainment, Sports...at the World everyday world. Hot news, images, video clips that are updated quickly and reliably

Related Articles

Back to top button