50 stories
·
0 followers

News Roundup: EquiTF

3 Comments and 5 Shares

We generally don’t do news roundups when yet another major company gets hacked and leaks personally compromising data about the public. We know that “big company hacked” isn’t news, it’s a Tuesday. So the Equifax hack didn’t seem like something worth spending any time to write an article about.

But then new things kept coming out. It got worse. And worse. And worse. It’s like if a dumpster caught on fire, but then the fire itself also caught on fire.

If you have been living under a rock, Equifax, a company that spies on the financial behavior of Americans and sells that intelligence to banks, credit card companies, and anyone else who’s paying, was hacked, and the culprits have everything they need to steal the identities of 143 million people.

The Equifax logo being flushed in a toilet, complete with some artsy motion blur

That’s bad, but everything else about it is worse. First, the executives kept the breach secret for months, and then sold stock just before the news went public. That is a move so utterly brazen that they might as well be a drunk guy with no shirt shouting, “Come at me bro! Come at me!” They’re daring the Securities and Exchange Commission to do something about it, and are confident that they won’t be punished.

Speaking of punishment, the CEO retired, and he’ll be crying about this over the $90M he’s collecting this year. The CIO and CSO went first, of course. They probably won’t be getting huge compensation packages, but I’m sure they’ll land cushy gigs somewhere.

Said CSO, by the way, had no real qualifications to be a Chief Security Officer. Her background is in music composition.

Now, I want to be really clear here: I don’t think her college degree is actually relevant. What you did in college isn’t nearly as important as your work experience, which is the real problem- she doesn’t really have that, either. She’s spent her entire career in “executive” roles, and while she was a CSO before going to Equifax, that was at First Data. Funny thing about First Data: up until 2013 (about when she left), it was in a death spiral that was fixed after some serious house-cleaning and restructuring- like clearing out dead-weight in their C-level.

Don't worry about the poor shareholders, though. Remember Wells Fargo, the bank that fraudulently signed up lots of people for accounts? They list Equifax as an investment opportunity that's ready to "outperform".

That’s the Peter Principle and corporate douchebaggerry in action, and it certainly starts getting me angry, but this site isn’t about class struggle- it’s about IT. And it’s on the IT side where the real WTFs come into play.

Equifax spies on you and sells the results. The US government put a mild restriction on this behavior: they can spy on you, but you have the right to demand that they stop selling the results. This is a “credit freeze”, and every credit reporting agency- every business like Equifax- has to do this. They get to charge you money for the privilege, but they have to do it.

To “secure” this transaction, when you freeze your credit, the credit reporting companies give you a “password” which you can use in the future to unfreeze it (because if you want a new credit card, you have to let Equifax share your data again). Some agencies give you a random string. Some let you choose your own password. Equifax used the timestamp on your request.

The hack itself was due to an unpatched Struts installation. The flaw itself is a pretty fascinating one, where a maliciously crafted XML file gets deserialized into a ProcessBuilder object. The flaw was discovered in March, and a patch was available shortly thereafter. Apache rightfully called it “Critical”, and encouraged all Struts users to apply the fix.

Even if they didn’t apply the fix, Apache provided workarounds- some of which were as simple as, “Turn off the REST plugin if you’re not using it,” or “if you ARE using it, turn off the XML part”. It’s certainly not the easiest fix, especially if you’re on a much older version of Struts, but you could even patch just the REST plugin, cutting down on the total work.

Now, if you’re paying attention, you might be saying to yourself, “Hey, Remy, didn’t you say that they were breached (initially) in March? The month the bug was discovered? Isn’t it kinda reasonable that they wouldn’t have rolled out the fix in time?” Yes, that would be reasonable: if a flaw exposed in March was exploited within a few days or even weeks of the flaw being discovered, I could understand that. But remember, the breach that actually got announced was in July- they were breached in March, and they still didn’t apply the patch. This honestly makes it worse.

Even then, I’d argue that we’re giving them too much of the benefit of the doubt. I’m going to posit that they simply don’t care. Not only did they not apply the patch, they likely had no intention of applying the patch, because they assumed they’d get away with it. Remember: you are the product, not the customer. If they accidentally cut the sheep while shearing, it doesn’t matter: they’ve still got the wool.

As an example of “they clearly don’t care”, let’s turn our attention to their Argentinian Branch, where their employee database was protected by the password admin/admin. Yes, with that super-secure password, you could log in from anywhere in the world and see the users usernames, employee IDs, and personal details. Of course, their passwords were obscured as “******”… in the rendered DOM. A simple “View Source” would reveal the plaintext of their passwords, in true “hunter2” fashion.

Don’t worry, it gets dumber. Along with the breach announcement, Equifax took to social media to direct users to a site where, upon entering their SSN, it would tell them whether or not they were compromised. That was the promise, but the reality was that it was little better than flipping a coin. Worse, the site was a thinly veiled ad for their "identity protection" service, and the agreement contained an arbitration clause which kept you from suing them.

That is, at least if you went to the right site. Setting aside the wisdom of encouraging users to put confidential information into random websites, for weeks Equifax’s social media team was directing people to the wrong site! In fact, it was directing them to a site which warns about the dangers of putting confidential information into random websites.

And all of that, all of that, isn’t the biggest WTF. The biggest WTF is the Social Security Number, which was never meant to be used as a private identifier, but as it’s the closest thing to unique data about every American, it substitutes for a national identification system even when it’s clearly ill-suited to the task.

I’ll leave you with the CGP Grey video on the subject:

[Advertisement] Release! is a light card game about software and the people who make it. Play with 2-5 people, or up to 10 with two copies - only $9.95 shipped!
Read the whole story
miestasmagnus
18 days ago
reply
Share this story
Delete
3 public comments
jasoncrowther
19 days ago
reply
Ouch.
chrisminett
19 days ago
reply
Wow
Milton Keynes, UK
zippy72
22 days ago
reply
Equifax: "it’s like if a dumpster caught on fire, but then the fire itself also caught on fire." Perfect.
FourSquare, qv

Save Your Work

1 Comment and 5 Shares
Here's a useful habit I've picked up as a software engineer. Every time you do something difficult, create a reproducible artifact that can be used to do it more easily next time, and shared with others.

Some examples of this:

  • You spent all afternoon debugging a thorny issue. Write down the monitoring you checked and the steps you took to reach the conclusion you did. Put these details in the issue tracker, before moving on to actually fix it.
  • You figured out what commands to run to get the binary to work properly. Turn the commands into a short script and check it into source control.
  • You spent a day reading the code and figuring out how it works. Write yourself some notes and documentation as you go. At the end, take half an hour to clean it up and send it to your boss or teammates who might find it helpful. Maybe even put up a documentation website if that seems appropriate.

This makes it easier to pick up where you left off for next time (for you or someone else), and makes it easier to prove that the work you're doing is difficult and has value.
Read the whole story
miestasmagnus
20 days ago
reply
pfctdayelise
20 days ago
reply
Melbourne, Australia
Share this story
Delete
1 public comment
luizirber
18 days ago
reply
Great tips!
Davis, CA

Understanding Uber: It’s Not About The App

2 Comments

On Friday 22 September, many Londoners who regularly use Uber received an email. “As you may have heard,” it began, “the Mayor and Transport for London have announced that they will not be renewing Uber’s licence to operate in our city when it expires on 30 September.”

“We are sure Londoners will be as astounded as we are by this decision,” the email continued, with a sense of disbelief. It then pointed readers towards an online petition against this attempt to “ban the app from the capital.”

Oddly, the email was sent by a company that TfL have taken no direct action against, and referred to an app that TfL have made no effort (and have no power) to ban.

When two become one

If that last statement sounds confusing, then that’s because – to the casual observer – it is. This is because the consumer experience that is “Uber” is not actually the same as the companies that deliver it.

And “companies” is, ultimately, correct. Although most users of the system won’t realise it, over the course of requesting, completing and paying for their journey an Uber user in London actually interacts with two different companies – one Dutch, one British.

The first of those companies is Uber BV (UBV). Based in the Netherlands, this company is responsible for the actual Uber app. When a user wants to be picked up and picks a driver, they are interacting with UBV. It is UBV that request that driver be dispatched to the user’s location. It is also UBV who then collect any payment required.

At no point, however, does the user actually get into a car owned, managed or operated by UBV. That duty falls to the second, UK-based company – Uber London Ltd. (ULL). It is ULL who are responsible for all Uber vehicles – and their drivers – in London. Just like Addison Lee or any of the thousands of smaller operators that can be found on high streets throughout the capital, ULL are a minicab firm. They just happen to be one that no passenger has ever called directly – they respond exclusively to requests from UBV.

This setup may seem unwieldy, but it is deliberate. In part, it is what has allowed Uber to skirt the blurred boundary between being a “pre-booked” service and “plying-for-hire” (a difference we explored when we last looked at the London taxi trade back in 2015). It is also this setup that also allows Uber to pay what their critics say is less than their fair share’ of tax – Uber pays no VAT and, last year, only paid £411,000 in Corporation Tax.

The average Londoner can be forgiven for not knowing all of the above (commentators in the media, less so). In the context of the journey, it is the experience that matters, not the technology or corporate structure that delivers it. In the context of understanding the causes – and likely outcome – to the current licensing situation, however, knowing the difference between the companies that make up that Uber experience is important. Because without that, it is very easy for both Uber’s supporters and opponents to misunderstand what this dispute is actually about.

The raw facts

Uber London Ltd (ULL) are a minicab operator. This means they require a private hire operator’s licence. Licences last five years and ULL were last issued one in May 2012. They thus recently applied for its renewal.

ULL were granted a four-month extension to that licence this year. This was because TfL, who are responsible for regulating taxi services in London, had a number of concerns that ULL might not meet the required standard of operational practice that all private hire operators – from the smallest cab firm to Addison Lee – are required to meet. Issuing a four-month extention rather than a five-year one was intended to provide the time necessary to investigate those issues further.

On Friday 22 September, TfL announced that they believe ULL does not meet the required standard in the following areas:

  • Their approach to reporting serious criminal offences.
  • Their approach to how medical certificates are obtained.
  • Their approach to how Enhanced Disclosure and Barring Service (DBS) checks are obtained.
  • Their approach to explaining the use of Greyball in London – software that could be used to block regulatory bodies from gaining full access to the app and prevent officials from undertaking regulatory or law enforcement duties.

As a result, their application for a new licence has been denied.

ULL have the right to appeal this decision and can remain in operation until that appeal has been conducted. Similarly, if changes are made to their operational practices to meet those requirements to TfL’s satisfaction, then a new licence can be issued.

Put simply, this isn’t about the app.

So why does everyone think it is?

Washington DC, September 2012

“I know that you like to cast this as some kind of fight,” said Mary Cheh, Chair of the Committee on Transport and the Environment, “Do you understand that? I’m not in a fight with you.”

“When you tell us we can’t charge lower fares, offer a high-quality service at the best possible price, you are fighting with us.” Replied Travis Kalanick, Uber’s increasingly high profile (and controversial) CEO.

“You still want to fight!” Cheh sighed, throwing her hands in the air.

Back in San Francisco, Salle Yoo, Uber’s chief counsel, was watching in horror via webcast. Pulling out her phone, she began frantically texting the legal team sitting with Kalanick in the room:

Pull him from the stand!!!

It was too late. Kalanick had already launched into a monologue on toilet roll prices in Soviet Russia. He had turned what had been intended as a (relatively) amicable hearing about setting a base fare for Uber X services in the city into an accusation – and apparent public rejection by Kalanick – of an attempt at consumer price fixing.

The events that day, which are recounted in Brad Stone’s ‘The Upstarts’, were important. In hindsight, they marked the point where Uber shifted gears and not only started to aggressively move in on existing taxi markets, but also began to use public support as a weapon.

Cause and effect

Weirdly, one of the causes for that shift in attitude and policy was something London’s Black Cab trade had done.

Kalanick and fellow founder Garrett Camp had launched Uber in 2008 with a simple goal – to provide a high-quality, reliable alternative to San Francisco’s notoriously awful taxis.

What’s important to note here is that neither man originally saw Uber as a direct price-for-price rival to the existing San Francisco taxi trade. San Francisco, like many cities in the USA, utilised a medallion system to help regulate the number of taxi drivers in operation at any one time. Over the years, the number of medallions available had not increased to match rising passenger demand.

Camp – who had moved toSan Francisco after the sale of his first startup, StumbleUpon, became increasingly frustrated at his inability to get around town. Then Camp discovered that town car licences (for limousine services) weren’t subject to the medallion limits. Soon he began to float the idea of a car service for a pool of registered users that relied on limousine licences instead.

This would be more expensive than a regular cab service, but he argued that the benefits of better quality vehicles and a more reliable service would make it worthwhile in the eyes of users. A friend and fellow startup entrepreneur, Kalanick, agreed. They hired some developers and then started touting the idea to investors (often describing it as “AirBNB for taxis”). Uber grew from there.

As the company expanded, this ‘luxury on the cheap’ model sometimes brought Uber into conflict with the existing US taxi industry and individual city regulators. The fact that they were rarely undercutting the existing market helped limit resistance, however.

What eventually shifted Uber into a different gear was the arrival of a threat from abroad – Hailo.

Hailo wars

Founded by Jay Bregman in 2009, Hailo was a way for London’s Black cab trade to combat the inroads private hire firms had been making into their market share. Those firms were starting to use the web and digital technology to make pre-booking much more convenient. Bregman had seen Uber’s app and realised the potential. He created Hailo as a way to help Black Cabs do the same thing.

At this, Hailo was initially successful. Bregman, an American by birth, soon started casting his eyes across the Atlantic at the opportunities to do the same thing there. In March 2012, Bregman announced that Hailo had raised $17m to fund an expansion into the US, where it would attempt to partner with existing cab firms as it had done in London.

Expansion into London had already been on Uber’s radar. They had also been aware of Hailo. Bregman’s announcement, however, turned a potential rival in an overseas market into a direct, domestic threat. Uber’s reaction was swift and aggressive, as was the ‘app war’ which soon erupted in cities such as Boston and New York where both firms had a presence.

One of the crucial effects of the Hailo wars was that they finally settled a long-running argument that had existed over Uber’s direction between its two founders. Camp had continued to insist that Uber offer luxury at a (smallish) premium. Kalanick had argued that it was convenience, at a low cost, that would drive expansion. When Hailo crossed the pond, offering a low-cost service, Kalanick’s viewpoint finally won out based on necessity.

Controlling the debate

As the Washington hearing would show later that year, Kalanick’s victory had enormous consequences – not just in terms of how the service was priced and would work (it would lead to the launch of Uber X, the product with which most users are familiar), but in how Uber would pitch itself to the public.

The approach that Kalanick took in his Washington testimony, of espousing the public need as being the same as Uber’s need, has since become a standard part of Uber’s tactics for selling expansion into new markets. The ability – often correct – to claim that Uber offers a better service at a cheaper price is powerful selling point, one that Uber have never shied away from pushing.

It’s a simple argument. It is also one that Uber have used to drown out more complex objections from incumbent operators, regulators or politicians in areas into which they’ve expanded. It is also one of the reasons why Uber have continued to push the narrative that they are a technical disruptor when skirting (or sometimes ignoring) existing regulations – because being an innovative startup is ‘sexy’. Being a large company ignoring the rules isn’t.

Back to the licence

Understanding where Uber have come from, and their approach to messaging is critical to understanding the London operator licence debate. Uber may have tried to frame it as a debate about the availability (or otherwise) of the app, but that’s not what this is. It is a regulatory issue between TfL as regulator and ULL as an operator of minicabs.

The decision to cast the debate in this way is undoubtedly deliberate. Uber are aware that their users are not just passengers, but a powerful lobbying group when pointed in the right direction- as long as the message is something they will get behind. Access to the Uber app is a simple message to sell, the need to lighten ULL’s corporate responsibilities is not.

Corporate responsibilities

One of the primary responsibilities of the taxi regulator in most locations is the consideration of passenger safety. This is very much the case in London – both for individual drivers and for operators.

The expectation of drivers is relatively obvious – that they do not break the law, nor commit a crime of any kind. The expectation of operators is a bit more complex – it is not just about ensuring that drivers are adequately checked before they are hired, but also that their activity is effectively monitored while they are working and that any customer complaints are taken seriously and acted upon appropriately.

The nature of that action can vary. The report of a minor offence may warrant only the intervention of the operator themselves or escalation to TfL. It is expected, however, that serious crimes will be dealt with promptly, and reported directly to the police as well.

On 12 April 2017, the Metropolitan Police wrote to TfL expressing a major concern. In the letter, Inspector Neil Bellany claimed that ULL were not reporting serious crimes to them. They cited three specific incidents by way of example.

The first of these related to a ‘road rage’ incident in which the driver had appeared to pull a gun, causing the passenger to flee the scene. Uber dismissed the driver, having determined that the weapon was a pepper spray, not a handgun, but failed to report the incident to the police. They only became aware of it a month later when TfL, as operator, processed ULL’s incident reports.

At this point, the police attempted to investigate (pepper spray is an offensive weapon in the UK) but, the letter indicated, Uber refused to provide more information unless a formal request via the Data Protection Act was submitted.

The other two offences were even more serious, and here it is best simply to quote the letter itself:

The facts are that on the 30 January 2016 a female was sexually assaulted by an Uber driver. From what we can ascertain Uber have spoken to the driver who denied the offence. Uber have continued to employ the driver and have done nothing more. While Uber did not say they would contact the police the victim believed that they would inform the police on her behalf.

On the 10 May 2016 the same driver has committed a second more serious sexual assault against a different passenger Again Uber haven’t said to this victim they would contact the police, but she was, to use her words, ‘strongly under the impression’ that they would.

On the 13 May 2016 Uber have finally acted and dismissed the driver, notifying LTPH Licensing who have passed the information to the MPS.

The second offence of the two was more serious in its nature. Had Uber notified police after the first offence it would be right to assume that the second would have been prevented. It is also worth noting that once Uber supplied police with the victim’s details both have welcomed us contacting them and have fully assisted with the prosecutions. Both cases were charged as sexual assaults and are at court next week for hearing.

Uber hold a position not to report crime on the basis that it may breach the rights of the passenger. When asked what the position would be in the hypothetical case of a driver who commits a serious sexual assault against a passenger they confirmed that they would dismiss the driver and report to TfL, but not inform the police.

The letter concluded by pointing out that these weren’t the only incidents the Metropolitan Police had become aware of. In total, Uber had failed to report six sexual assaults, two public order offences and one assault to the police. This had lead to delays of up to 7 months before they were investigated. Particularly damning, with the public order offences this meant that in both cases the prosecution time limit had passed by the time the police became aware of them.

As the letter concludes:

The significant concern I am raising is that Uber have been made aware of criminal activity and yet haven’t informed the police. Uber are however proactive in reporting lower level document frauds to both the MPS and LTPH. My concern is twofold, firstly it seems they are deciding what to report (less serious matters / less damaging to reputation over serious offences) and secondly by not reporting to police promptly they are allowing situations to develop that clearly affect the safety and security of the public.

The Metropolitan police letter is arguably one of the most important pieces of evidence as to why TfL’s decision not to renew ULL’s licence is the correct one right now. Because one of the most common defences of Uber is that they provide an important service to women and others late at night. In places where minicabs won’t come out, or for people whose personal experience has left them uncomfortable using Black Cabs or other minicab services, Uber offer a safe, trackable alternative.

The reasoning behind that argument is entirely valid. Right now, however, TfL have essentially indicated that they don’t trust ULL to deliver that service. The perception of safety does not match the reality.

Again, it is not about the app.

Greyball

Concerns about vetting and reporting practices in place at ULL may make up the bulk of TfL’s reasons for rejection, but they are not the only ones. There is also the issue of Greyball – a custom piece of software designed by Uber which can provide the ‘real’ Uber map that the user sees on their device with a convincing fake one.

Greyball’s existence was revealed to the world in March 2017 as part of an investigation by the New York Times into Uber’s activities in Portland back in 2014. The paper claimed that knowing that they were breaking the regulations on taxi operation in the city, Uber had accessed user data within its app to identify likely city officials and target them with false information. This ensured that those people were not picked up for rides, in turn hampering attempts by the authorities to police Uber’s activities there.

Initially, Uber denied the accusations. They confirmed that Greyball existed, but insisted that it was only used for promotional purposes, testing and to protect drivers in countries where there was a risk of physical assault.

Nonetheless, the seriousness of the allegations and the evidence presented by the New York Times prompted Portland’s Board of Transport (PBOT) to launch an official investigation into Uber’s activities. That report was completed in April. It was made public at the beginning of September. In it, Portland published evidence – and an admission from Uber itself – that during the period in which it had been illegal for Uber to operate in Portland, they had indeed used it to help drivers avoid taxi inspectors. In Portland’s own words:

Based on this analysis, PBOT has found that when Uber illegally entered the Portland market in December 2014, the company tagged 17 individual rider accounts, 16 of which have been identified as government officials using its Greyball software tool. Uber used Greyball software to intentionally evade PBOT’s officers from December 5 to December 19, 2014 and deny 29 separate ride requests by PBOT enforcement officers.

The report did confirm that, after regulatory changes allowed Uber to enter the market legally, there seemed to be no evidence that Greyball had been used for this purpose again, As the report states, however:

[i]t is important to note that finding no evidence of the use of Greyball or similar software tools after April 2015 does not prove definitively that such tools were not used. It is inherently difficult to prove a negative. In using Greyball, Uber has sullied its own reputation and cast a cloud over the TNC [transportation network company] industry generally. The use of Greyball has only strengthened PBOT’s resolve to operate a robust and effective system of protections for Portland’s TNC customers.

Portland also went one further. They canvassed other transport authorities throughout the US asking whether, in light of the discovery of Greyball, they now felt they had evidence or suspicions that they had been targeted in a similar way. Their conclusions were as follows:

PBOT asked these agencies if they have ever suspected TNCs of using Greyball or any other software programs to block, delay or deter regulators from performing official functions. As shown in figure 3.0 below, seven of the 17 agencies surveyed suspected Greyball use, while four agencies (figure 3.1) stated that they have evidence of such tactics. One agency reported that they only have anecdotal evidence, but felt that drivers took twice as long to show up for regulators during undercover inspections. The other agencies cities believe that their enforcement teams and/or police officers have been blocked from or deceived by the application during enforcement efforts.

Uber are now under investigation by the US Department of Justice for their use of Greyball in the US.

Of all the transport operators in Europe, TfL are arguably the most technically literate. It is hard to see how the potential use of Greyball wouldn’t have raised eyebrows within the organisation so it is not surprising to see it make the list of issues. A regulator is only as good as their ability to regulate, and as the Portland report shows, Uber now have ‘form’ for blocking that ability.

Sources suggest that TfL have requested significant assurances and guarantees that Greyball will not be used in this way in London. The fact that it makes the list of issues, however, suggests that this demand has currently not been met. It is possible this is one of the times when Uber’s setup – multiple companies under one brand – has caused a problem outside of ULL’s control. Uber Global may ultimately be the only organisation able to provide such software assurances.

Perhaps Uber Global is the only organisation able to provide such assurances. Until now, they may simply not have realised just how important it was that they give them.

Understanding the economics

There is still much more to explore on the subject of Uber. Not just Uber London’s particular issues with TfL, but the economics of how they operate and what their future plans might be.

That last part is important because the main element of Uber’s grand narrative – their continued ability to offer low fares – is not as guaranteed a prospect as Londoners (and indeed all users) have been led to believe.

In the context of the current debate, it is worth bearing something in mind: Uber’s fares do not cover the actual cost of a journey.

Just how large the deficit is varies by territory and – as the firm don’t disclose more financial information than necessary – it is difficult to know what the shortfall per trip is in London itself. In New York, however, where some 2016 numbers are available, it seems that every journey only covers 41% of the costs involved in making it.

Just why Uber do this is something we will explore another time, but for now it is important just to know it is happening. It means that, without significant changes to Uber’s operational model, the company will never make a profit (indeed it currently loses roughly $2bn a year). As one expert in transport economics writes:

Thus there is no basis for assuming Uber is on the same rapid, scale economy driven path to profitability that some digitally-based startups achieved. In fact, Uber would require one of the greatest profit improvements in history just to achieve breakeven.

This means that Uber’s cheap fares – sometimes argued as one of the ways in which it provides a ‘social good’ for low-income users – are likely only temporary.

Indeed the only way this won’t be the case is if there is a significant technical change to the way Uber delivers its service. In this regard, Uber has often pulled on its reputation as a ‘startup’ and has pointed to the economies of scale made by companies such as Amazon.

Unfortunately, this simply isn’t how transport works. Up to 80% of the cost of each Uber journey is fixed cost – it goes on the driver, the fuel and the vehicle. This is a cost which scales in a linear fashion. Put simply, the number of books Amazon can fit in a warehouse once it’s been built (and paid for) increases exponentially. The number of passengers Uber can stick in a car does not.

Uber, of course, are aware of this. Indeed it’s why they have quickly become one of the biggest investors in self-driving vehicle technology (and are subject to a lawsuit from Google over the theft of information related to that subject).

It is worth bearing in mind that behind Uber’s stated concern for their ‘40,000 drivers’ in London should be taken with a considerable pinch of salt. Not only is the active figure likely closer to 25,000 (based on Uber’s own growth forecasts from last year), but they would also quite like to get rid of them anyway – or at the very least squeeze their income further in order to push that cost-per-journey figure closer to being in the black.

Bullying a bully

None of these issues with Uber’s operational are likely exclusive to London. Which begs the question – why have TfL said ‘no’ when practically everyone else has said ‘yes’?

To a large extent, the extreme public backlash this news received, and the size of Uber’s petition provide the answer – because Uber are a bully. Unfortunately for them, TfL can be an even bigger one.

TfL aren’t just a transport authority. They are arguably the largest transport authority in the world. Indeed legislatively speaking TfL aren’t really a transport authority at all (at least not in the way most of the world understands the term). TfL are constituted as a local authority. One with an operating budget of over £10bn a year. They also have a deep reserve of expertise – both legal and technical.

Nothing to divide

To make things worse for Uber, TfL aren’t accountable to an electorate. They serve, and act, at the pleasure of just one person – the Mayor of London, the third most powerful directly elected official in Europe (behind the French and Russian presidents).

This is a problem for Uber. In almost every other jurisdiction they have operated in, Uber have been able to turn their users into a political weapon. That weapon has then been turned on whatever political weak point exists within the legislature of the state or city it is attempting to enter, using popularism to get regulations changed to meet Uber’s needs.

The situation in London is practically unique, simply because there is only one weak point that can be exploited – that which exists between TfL and the Mayor.

Just how much direct power the Mayor of London exercises over TfL is one of the themes that has been emerging from our transcripts of the interviews conducted for the Garden Bridge Report. To quote the current Transport Commissioner, Mike Brown, in conversation with Margaret Hodge, MP:

Margaret Hodge: But it’s your money.

Mike Brown: Yes, I know but the Mayor can do what he wants as the Chair of the TfL Board.

MH: Without accountability to the Board?

MB: Yes and Mayoral Directions are — the Mayor is actually extremely powerful in terms of Mayoral Directions. He or she can do whatever they want.

MH: What, to whatever upper limit you want?

Andy Brown: That’s right, I think, yeah.

MB: Yeah, pretty much is. Yeah — so arguably it’s more direct financial authority than even a Prime Minister would have, for example.

As long as the TfL and the Mayor, Sadiq Khan, remain in lockstep on the licence issue, therefore, Uber’s most powerful weapon has no ammunition. 500,000 signatures mean nothing to TfL if the organisation has the backing of the Mayor and they are confident of a victory in court.

It is also worth noting that all TfL really wants Uber to do is comply with the rules. Despite the image that has been pushed in some sections of the media, TfL has not suddenly become the champion of the embattled London cabbie. TfL has always seen itself as the taxi industry’s regulator, not as the Black Cab’s saviour. This was true back in 2015 when the Uber debate really erupted in earnest and it is still true now.

Indeed if TfL have any kind of ulterior motive for their actions, it is simply that they dislike the impact Uber are having on congestion within the capital, and the effect this congestion then has on the bus network. Indeed Uber would do well to remember the last time a minicab operator made the mistake of making it harder for TfL’s buses to run on time.

That the Mayor was prepared to go so public in his support for such an unpopular action should also serve as a warning for Uber.

When it comes to legal action, TfL are risk-averse in the extreme – there is a reason they have never sued the US Embassy over unpaid Congestion Charge fees. The current Mayor is even more so.

Whilst his field is human rights rather than transport, Khan is a lawyer himself and by all accounts a good one. GQ’s Politician of the Year is also an extremely shrewd political operator. It is unlikely that he would have lent his support to TfL on this subject unless he knew it was far more likely to make him look like a statesman who stands up to multinationals, than a man who steals cheap travel from the electorate.

Ultimately, the next few days (and beyond) will likely come to define the relationship between London and Uber. Indeed sources suggest that Uber have already begun to make conciliatory noises to TfL, as the seriousness of the situation bubbles up beyond ULL and UBV to Uber Global itself. Only time will tell if this is true.

In the meantime, however, the next time you see a link to a petition or someone raging about this decision being ‘anti-innovation’, remember Greyball. Remember the Metropolitan Police letter. Remember that this is about holding ULL, as a company, to the same set of standards to which every other mini-cab operator in London already complies.

Most of all though remember: it is not about the app.

In the next part of this series, we will look at the economics of Uber, their internal culture, impact on roadspace and relationship with their drivers.

The post Understanding Uber: It’s Not About The App appeared first on London Reconnections.

Read the whole story
miestasmagnus
25 days ago
reply
As it turns out, TfL had some very good reasons for not renewing Uber's licence:
Share this story
Delete
1 public comment
splicer
25 days ago
reply
Well written and impartial write up on why TFL is not renewing ULL license.
London

ajleanon5: asexualautistic: flipface4: pink-nympho: babypinkme...

2 Shares












ajleanon5:

asexualautistic:

flipface4:

pink-nympho:

babypinkmermaid:

unedited-spoonie:

the-psychlife:

ssaisstopsexualassaultinschools:

Consent Education.

THIS IS IMPORTANT.

And please note that there are no specific pronouns. Consent is ALWAYS required from ALL individuals, regardless of gender, sex, relationship, et cetera.

Idc if this doesnt match my theme

Consent is so important to know about!!

I know I avoid any sexual content on this blog but this is insanely important.

This post is important and the pillow comment is funny

CONSENT!!!!!!

Read the whole story
miestasmagnus
27 days ago
reply
Technicalleigh
28 days ago
reply
SF Bay area, CA (formerly ATL)
Share this story
Delete

Fisking Boris Johnson’s Brexit essay

1 Share

Boris Johnson has penned a 4000 word piece about Brexit for The Telegraph (Update: now posted to Facebook as well). It’s a premium piece on their site for some reason and you have to hence register to read it – I did that, and have read it, and this blog is the result of analysing it paragraph by paragraph. Bear in mind however that this is not a fisk in the classic sense – there is so much waffle in the piece I cannot take apart every single paragraph. So think of this as a kind of fisk of the best and worst of it.

Also – as a summary of sorts – there is little new in Boris’s piece. He is committed to hard Brexit. He says nothing about transition periods. He makes nice noises but says nothing of substance on citizens rights. He says nothing about Ireland and the border (thanks Peter Geoghegan). And he fills out the rest of the 4000 words with nationalist guff.

But anyway, this is a fisk. So let’s get to it.

There are some media observers – in this country and around the world – who think we are going to bottle it.

Strike me that this is off. No-one thinks the British are going to bottle it. If anything it is the opposite – that the UK has excess confidence, not too much fear!

And then there were dyed-in-the-wool Europhiles, who thought Brussels was going too far and the only way to get change was to vote Leave.

This is just ridiculous, and I’d be fascinated to meet such a person. I think I can even count of the British Europhiles I know on the fingers of one hand.

Before the referendum, we all agreed on what leaving the EU logically must entail: leaving the customs union and the single market, leaving the penumbra of the European Court of Justice; taking back control of our borders, cash, laws.

This is absolutely, totally, categorically NOT the case. The referendum means the UK must leave the EU, but there was nothing in the referendum itself to be that prescriptive. I explain this in more depth here.

Overwhelmingly, I find that Leavers and Remainers are coming together

I would like to see some evidence of this. Opinion polls look as split as ever. Parliament is perhaps more united than it was, but this idea that there is a unity of purpose is miles from the mark. Also even if there is a consensus that Brexit has to happen I am pretty sure there is no consensus on what sort of Brexit.

you may remember how we were repeatedly assured that even if we were unhappy with the direction of the project, even if we disagreed with the concept of ever closer union, it was none the less worth putting up with it all for the sake of the influence we would have.

This implies that the EU was something done to the UK. As @EmporersNewC pointed out in this classic Twitter thread the UK was indeed successful at making major changes to the EU and how it works, but then changed its mind and blamed the EU instead. That is exactly what Boris is doing here.

Of course we should pay tribute to the patriotic British men and women who went out to Brussels and got stuck into those institutions […] And it is notable that today their numbers have diminished to the point where the UK represents 16 per cent of EU GDP and 13 per cent of the population but only 3.6 per cent of EU officials.

That says that the UK officials were pretty bad at passing the entrance examinations. And do not speak enough languages to be recruited. And the negative attitude towards the EU from people like Johnson himself surely did not help either.

If we had been asked to design the EU ourselves, on a blank sheet of paper, we would have nothing like the body that exists today. We tried so often to frustrate it.

This is such a ridiclous line. What would a UK designed EU look like? Oh, and the Single Market, a core component of the EU to this day was rather driven forward by Thatcher. Again this idea that the UK cannot change or influence the EU, denying when the UK actually did do that.

we tried to stop the expansion of majority voting.

No. Majority voting was central to the development of the Single Market through the Single European Act, and here Thatcher was in favour. Background here. And were unanimity to still apply in an EU of 28 Member States then Boris would be bemoaning the EU’s slow decision making and inefficiency.

it was about trussing the nations together in a gigantic and ever-tightening cat’s cradle of red tape

Yes. The big evil Delors cat’s cradle red tape monster! Waaah!

when push comes to shove, that apparent willingness to support the UK position is less powerful than the great centripetal force of integration. To every question, to every crisis – whether it is the euro or immigration – the answer is always the same: more Europe!

Again we have this assumption that the EU always does things to the UK, as if the EU somehow drives this integration aside from its Member States. Look at responses to Juncker’s state of the EU speech this week – loads of scepticism all over the place.

I look ahead over the next 15 years at what may be coming down the track: the push to create an economic government of Europe, the activism of the ECJ in all the new competences of the Lisbon Treaty

Is that it? The UK has an economic opt out from the Euro, and hence would play no role in economic government. So judicial activism of the ECJ is the biggest fear?

the logic of their ambition means trying to construct what is effectively a single polity out of 27 countries

This is such a straw man. Look at Scotland – it has been in a union with England since 1707, but it does not have its own polity? Or are the political methods and traditions of Spain and Lithuania subsumed into one?

We have spent too much time trying, and often failing, to exert influence in the meeting rooms of Brussels. That exercise has diverted massive quantities of the intellectual energy of the British government, and it has not helped us to address the real challenges this country faces.

UKRep has a couple of hundred staff. Add perhaps a couple of thousand who do EU work in part or full time in Whitehall. And those scant resources could have put Britain on a better path? That’s rubbish. And even out of the EU the UK cannot not deal with the EU, so resources will still be needed. And meanwhile Brexit itself needs masses of civil service resources.

On the contrary: unemployment is at record lows, and manufacturing is booming “in spite of Brexit”, as the BBC would put it.

Boris, you are the Foreign Secretary. And you are having cheap shots in a newspaper column about the BBC? Oh and meanwhile the UK has the slowest growth in the EU – unsurprisingly that was not mentioned by Boris.

But, of course, this country still has chronic problems, and at least some of them have been exacerbated by the rigidities of EU membership – and certainly by the way we have chosen legally to apply those obligations.

Our infrastructure is too expensive – and takes far longer than France or other countries.

France is in the EU. How does Boris even write these sentences one after the other?

Successive governments have failed to build enough homes […] we have yet to find a way of persuading middle-class kids that they might be just as well off getting a skill as a degree […] We do not conduct enough basic research in science […] The result of all these failings – over decades – is that we have low productivity: lower than France or Germany.

Repeat after me, Boris: France and Germany are in the EU. Britain does have those problems but NOT because of the EU!

I believe we have an immense can-do spirit. I have seen it in action. But we also have a truly phenomenal ability to delay and to rack up cost. We have been able to blame bureaucracy and to blame Brussels, and my point is that after Brexit we will no longer be able to blame anyone but ourselves.

Agh I despair. So Brexit is actually necessary because until now Britain has been incapable of coming to terms with its own problems? While a few sentences earlier you blamed the EU for the UK’s infrastructure costs.

We would not expect to pay for access to their markets any more than they would expect to pay for access to ours.

Note “access to” here. Canada does not pay to access EU markets either. But if the UK had a Canada option that’s a very hard Brexit and has associated economic costs. Sounds like a nice line, but belies the complexity of this.

And yes – once we have settled our accounts, we will take back control of roughly £350 million per week. It would be a fine thing, as many of us have pointed out, if a lot of that money went on the NHS

This is just about true actually, as the UK contributes roughly that amount gross to the EU. And he loosens the commitment to how much of it would go on the NHS. As I point out in point 6 here, giving the NHS £350m a week more is going to happen within a decade anyway – it just won’t be money saved from the EU.

Our systems of standards will remain absolutely flush with the rest of the EU […] But over time we will be able to diverge from the great accumulated conglomerate, to act with regulatory freedom.

(note: I diverge from the chronological order of the piece here) So which is it then? Are the standards the same, or are they to diverge?

whether you believe such notable authorities as Peter Mandelson, who once claimed that EU regulation cost us 4 per cent of GDP, or Gordon Brown, who said the cost was nearer 7 per cent

Mandelson seems to have said this in 2004, and I can only find it quoted on UKIP blogs and from Roger Helmer. I can’t even find a source for the Gordon Brown figure. Plus were these figures even true, how much of this would UK businesses still have to deal with after Brexit? And what about the economic benefits of the Single Market?

At the stroke of a pen, for instance, the Chancellor will be able to cut VAT on tampons. This is often demanded by Parliament but – absurdly – it is legally impossible to deliver.

This issue was sorted between David Cameron and the Commission before the referendum. Next.

business will no longer be able to use immigration as an excuse not to invest in the young people of this country

Is business actually really genuinely doing this? I am not sure businesses would use that line in that way. The state also has a responsibility here.

And I can think of obvious ways in which Brexit can help us tackle the housing crisis […] There may be ways of simplifying planning procedures, post-Brexit, and abbreviating impact assessments, without in any way compromising the environment.

Boris: do other EU countries have housing crises like the UK’s? No, not in the same way. So perhaps have a think about what else the UK could do? And which country was keenest of impact assessments in EU law? Oh, the UK. Well I never.

We should seize the opportunity of Brexit to reform our tax system. Andy Haldane, the Bank of England’s chief economist, argued in 2015 that our system is currently skewed so as to discourage investment. He believes that reform could raise output by around 20 per cent.

Output of what? By whom? And is the EU at fault for it not happening?

This is our chance to catch the wave of new technology, and to put Britain in the lead

Do tell me, please tell me, why is the EU stopping this?

People often ask themselves why the EU has failed to produced a single major tech giant on the scale of those found in America. Well, part of the answer may be found in the statist and top-down approach that characterises the thinking of the Commission.

Or not. This is just prejudice. Yes, all EU countries could be better here, but slating the Commission for this is just cheap.

Have you ever wondered what happened to Minitel, the state-owned and managed French equivalent of Google?

Have you ever wondered what happened to the Amstrad 64? Or the Atari? Or the BBC B Micro?

There are in fact four zones of the world where big tech investments are made: Boston, Silicon Valley, Shanghai and the triangle formed by London, Oxford and Cambridge.

Oh. While the UK was in the EU. But you just said that Brexit was to help the UK make a success of its tech. Now I am lost.

we will be able to get on and do free-trade deals, to campaign for free trade that has lifted billions out of poverty, which so badly needs a new champion

So that EU that has sorted a deal with Canada, is finalising one with Japan, starting with Australia and New Zealand… no advocate? And the UK can be a champion of that having ended the deepest trade relationship it ever had – with the EU?

Britain’s success will not be a bad thing for our friends across the Channel. On the contrary, it will mean a bigger market in the UK for everything from Italian cars to German wine.

Ah. Innovative! It’s Riesling and Fiat today. Prosecco and BMWs are so yesterday. Seriously though, the economic consensus is that Hard Brexit is bad for the UK economy, so how is Boris claiming this?

We have a glorious future – but hardly any of this would be possible under the bizarre and incoherent plans of the Labour Party […] Now it appears he wants to remain in the single market and the customs union. In other words, he would make a complete mockery of Brexit, and turn an opportunity into a national humiliation.

Ah. Not leaving the Single Market is a national humiliation. That’s even stronger than the usual saboteur language used against the Remain side. The rest of the EU if anything would see this as sensible – the UK not burning all its bridges.

I look at so many young people with the 12 stars lipsticked on their faces and I am troubled with the thought that people are beginning to have genuinely split allegiances. […] You don’t have to be some tub-thumping nationalist to worry that a transnational sense of allegiance can weaken the ties between us; and you don’t have to be an out‑and‑out nationalist to feel an immense pride in this country and what it can do.

So Brexit is essentially nationalism, and exclusionary nationalism. Again all of this is so us-versus-them. Is it really impossible to have some allegiance to Glasgow, Scotland, the UK, and Europe? Is that such a bad thing? But at least here this gives some insight into Boris’s mentality.

Look at Canary Wharf – a banking district now bigger than Frankfurt itself.

Oh. I assume he doesn’t mean geographically? Or does he?

I was proud to be mayor of the greatest city on Earth, and I believe we can be the greatest country on Earth.

Make Britain Great Again!

[Update 16.9.17, 1400]
Faisal Islam has done a Twitter thread about Boris. It has figures to disprove the £350m figure in this tweet:

[Update 16.9.17, 1845]
Boris can manage to unite people… in their critique of him! Even Iain Martin’s outfit reaction.life has a piece that’s very tough in its critique of Johnson’s essay! Weirdly Cathy Newman seems to like Johnson’s piece though, and she is normally sensible.

[Update 16.9.17, 1900]
Dr. Zog on Twitter rightly points out that the impact of Brexit is actually bad for housing in that it exacerbates the skills shortage in the construction industry.

Steve Analyst also points me to where the UK has been the advocate of more Qualified Majority Voting, underlining a point I make above.

The post Fisking Boris Johnson’s Brexit essay appeared first on Jon Worth Euroblog.