Federal prosecutors say Joe Sullivan obstructed justice when in 2016, as the chief of safety for Uber, he failed to disclose a breach of driver and buyer records to government regulators.
But Mr. Sullivan’s lawyers say that he in no way concealed the incident and that claims that he broke the law stem from Uber’s efforts to recast its image following the turbulent reign of the company’s former chief executive Travis Kalanick.
Opening arguments started on Wednesday in a San Francisco federal court in what is anticipated to be a monthlong trial for Mr. Sullivan, who, in addition to obstruction of justice, is accused of concealing a felony. Many safety professionals think that Mr. Sullivan, a former federal prosecutor, is the initially executive at a corporation to face possible criminal liability for a information breach.
Corporate safety officials say the trial’s outcome could inform how they deal with safety incidents, like how they interact with hackers and when they reveal data to buyers and regulators.
“There is the threat of jail time. You can’t put a company in jail. You can put an executive in jail. Now, that is on the table,” mentioned Chinmayi Sharma, a scholar in residence and lecturer at the Robert Strauss Center for International Security and Law at the University of Texas at Austin.
In 2016, Mr. Sullivan discovered that hackers had gained access to the individual information of about 600,000 Uber drivers and more individual data related with 57 million riders and drivers, according to the criminal complaint against him.
Mr. Sullivan referred the hackers to Uber’s bug bounty system, a prevalent way of paying “white hat” safety researchers to recognize and report safety vulnerabilities in well-liked on-line solutions, prosecutors mentioned on Wednesday.
Through the system, Uber paid the hackers $one hundred,000 and had them sign nondisclosure agreements, federal prosecutors mentioned. The corporation did not disclose the incident to the public or inform the Federal Trade Commission of it.
The two young males accountable for the incident later pleaded guilty to hacking. One of them is anticipated to testify in the trial.
The government accuses Mr. Sullivan of failing to disclose the breach to the F.T.C. even though the agency investigated Uber more than an earlier incident.
In all 50 states, corporations are expected to disclose safety breaches if hackers download personally identifiable information and a specific quantity of customers are impacted. There is no federal law requiring corporations or executives to reveal breaches to regulators.
One of Mr. Sullivan’s attorneys mentioned the duty for reporting the incident had rested with Uber’s legal group. Mr. Sullivan, he argued, adequately disclosed the incident to the legal group and other folks at the corporation.
“You won’t hear a single witness take that stand and say that Joe Sullivan told them to lie to the F.T.C. or destroy documents or hide what had happened from Uber’s senior management or the Uber legal team,” mentioned David Angeli, 1 of Mr. Sullivan’s attorneys.
The information breach did not grow to be public till 2017, when Dara Khosrowshahi became Uber’s new chief executive and fired Mr. Sullivan. Uber declined to comment for this story.
Mr. Angeli mentioned that the notion that Mr. Sullivan had concealed the breach was a “narrative” designed by Uber’s new executive group and that Mr. Khosrowshahi had accused Mr. Sullivan of failing to disclose the incident mainly because Mr. Khosrowshahi had wanted to distance the corporation from its previous.
“His mantra was Uber 2.0,” Mr. Angeli mentioned of Mr. Khosrowshahi. “He wanted to turn the page of what Uber was doing.”
Andrew Dawson, an assistant U.S. lawyer, mentioned Mr. Sullivan had attempted to conceal the incident each just before and just after Mr. Khosrowshahi had joined the corporation. “This is a case about a cover-up, about payoffs and about lies,” he mentioned. “The evidence will show that Mr. Sullivan paid for the hackers’ silence” mainly because Uber was getting investigated by the F.T.C.
Mr. Dawson mentioned Mr. Sullivan had lied to Mr. Khosrowshahi in an e mail describing the incident to the new Uber chief executive, implying that the hackers had not downloaded any information from the corporation.
Mr. Angeli argued that Mr. Sullivan had incredibly handful of communications with the F.TC. for the duration of the agency’s investigation of Uber and that the company’s lawyers had been accountable for its response to the investigation.
“The Uber legal team had all the information it needed” in order to make a decision whether or not the corporation must report the 2016 safety incident to the agency, he mentioned.
He mentioned that 30 persons at the corporation had recognized about the breach and that Mr. Khosrowshahi had been conscious of it for nearly 3 months just before the corporation had reported it. By placing the blame on Mr. Sullivan, he argued, Uber’s new management group was capable to wash their hands of the incident.