A LOOK BACK
The Uber Case
"That wasn't an act of coverup....in the way the evidence came in."
Judge Orrick, Presiding Judge, Northern District of California
My stint at Uber was the shortest stop in my career but one of the most discussed. I am proud of the team I built and the work we did there in a little more than two years. We inherited a small handful of people and built a world-class safety, security, and risk organization that protected riders and drivers in cars, built cybersecurity controls, and dramatically reduced fraud and abuse. It is unfortunate that such a great team became known most for a new CEO and Chief Legal Officer re-branding a year-old security incident as something that should have been disclosed to regulators.

Throughout it all, my team and I operated with transparency and purpose, and we successfully protected our users’ data from loss. We coordinated everything with the CEO, legal department, and communications team. I may have lost the trial, but going through it made me a much stronger person and finally made the true facts public, and most importantly the Judge said on the record that our use of an NDA bug bounty agreement was not a cover-up.

I am forever grateful that the cybersecurity community rallied to support me during the proceeding, and I continue to appeal the case because the legal precedent it set is terrible for the future of good cybersecurity. I speak at conferences about my lessons learned in the case because I don’t want anyone else to have to go through what I experienced.
Hear from Aravind Swaminathan, Global Co-Chair of Cybersecurity & Data Privacy at Orrick and attorney for Joe Sullivan, on this case.
More about Joe