In May 2015 about 10 examiners for the Quebec tax authority burst into Uber Technology Inc .‘s office in Montreal. The authorities believed Uber had violated tax laws and had a warrant to collect evidence. Directors on-site knew what to do, say people with knowledge of the event.

Like managers at Uber’s hundreds of offices abroad, they’d been training to page a number that alerted specially trained the staff members of company headquarters in San Francisco. When the call came in, staffers rapidly remotely logged off every computer in the Montreal office, inducing it practically impossible for the authorities to retrieve the company records they’d secured a warrant to accumulate. The researchers left without any evidence.

Most tech corporations don’t expect police to regularly raid their offices, but Uber isn’t most corporations. The ride-hailing startup’s reputation for flouting local labor statutes and taxi rules has made it a favorite target for enforcement agencies around the world. That’s where this remote system, called Ripley, comes in. From spring 2015 until late 2016, Uber routinely applied Ripley to thwart police raids in foreign countries, say three people with knowledge of the system. Allusions to its nature can be found in a smattering of court filings, but its details, scope, and origin haven’t been previously reported.

Uber Uses’ Ripley’ in Periods of Panic

The Uber HQ team overseeing Ripley could remotely change passwords and otherwise lock up data on company-owned smartphones, laptops, and desktops as well as shut down the devices. This routine was initially called the unexpected guest protocol. Employees aware of its existence eventually took to calling it Ripley, after Sigourney Weaver’s flamethrower-wielding hero in the movies. The nickname was inspired by a Ripley line in, after the acid-blooded extraterrestrials easily best a squad of ground troops.” Nuke the entire website from orbit. It’s the only style rest assured .”

Other corporations have shut off computers during police raids, then granted policemen access after reviewing a warrant. And Uber has reason to be cautious with the sensitive information it comprises about customers and their places around the world. Ripley stands out partly because it was used regularly–at least two dozen times, the people with knowledge of the system say–and partly because some employees involved “says hes” seemed the program slowed investigations that were legally voiced in the local agencies’ jurisdictions.” Obstruction of justice definitions vary widely by country ,” says Ryan Calo, a cyberlaw professor at the University of Washington.” What’s clear is that Uber maintained a general pattern of legal arbitrage .”

” Like every company with offices around the world, we have security procedures in place to protect corporate and customer data ,” Uber said in a statement.” When it comes to government investigations, it’s our policy to collaborate with all valid searches and requests for data .”

Uber has already depict criminal investigations from the U.S. Department of Justice for at the least five other alleged schemes. In February, the exposed Uber’s use of a software tool called Greyball, which depicted law enforcement officers a fake version of its app to protect motorists from getting ticketed. Ripley’s existence commits officers give further consideration to other Uber incidents reason to wonder what they may have missed when their raids were stymied by locked computers or encrypted files. Lawyers may look at whether Uber stymie law enforcement in a new daylight.” It’s a fine line ,” says Albert Gidari, director of privacy at Stanford Law School’s Center for Internet& Society.” What is going to determine which side of the line you’re on, between blockage and properly protecting your business, “re gonna be all” things like your history, how the government has interacted with you .”

About a year after the failed Montreal raid, the magistrate in the Quebec tax authority’s lawsuit against Uber expressed the view that” Uber wanted to shield evidence of its illegal activities” and that the company’s actions in the raid indicated” all the characteristics of an is making an effort to obstruct justice .” Uber told the court it never deleted its files. It cooperated with a second search warrant that are specifically embraced the files and agreed to collect provincial taxes for each ride.

Uber deployed Ripley routinely as recently as late 2016, including during government raids in Amsterdam, Brussels, Hong Kong, and Paris, say the people with knowledge of the matter. The tool was developed in coordination with Uber’s security and legal departments, the people say. The heads of both departments, Joe Sullivan and Salle Yoo, left the company last year. Neither responded to requests for comment.

Ripley’s roots date to March 2015, when police stormed Uber’s Brussels office, say people with knowledge of the event. The Belgian authorities, which accused Uber of operating without proper permissions, gained access to the company’s pays system and financial documents as well as driver and employee datum. A court order forced Uber to shut down its unlicensed service afterwards that time. Following that raid and another in Paris the same week, Yoo, then Uber’s general counsel, directed her staff to install a standard encryption services and log off computers after 60 seconds of inactivity. She likewise proposed testing an app to counter raids. Laborers in Uber’s IT department were soon tasked with creating a system to keep internal records disguised from intruders entering any of its hundreds of foreign offices. They employed software from Twilio Inc . to page staffers who would trigger the lockdown.

The security team, which housed many of Uber’s most controversial programs, took over Ripley from the IT department in 2016. In a letter shared with U.S. attorneys and made public in a trade-secrets suit against Uber, Richard Jacobs, a former Uber manager, accused the security group of spying on government officials and challengers. Jacobs’s letter makes an oblique reference to a program for obstructing police raids. A 2016 wrongful-dismissal lawsuit by Samuel Spangenberg, another Uber manager, likewise references its utilize during the May 2015 tax authority raid in Montreal.

The three people with knowledge of the program “says hes” belief Ripley’s use was justified in some cases because police outside the U.S. didn’t ever “re coming with” warrants or relied on broad orders to conduct fishing expeditions. But the program was a closely guarded secret. Its existence was unknown even to many employees in the Uber offices being raided. Some were bewildered and distressed when law enforcement ordered them to log on to their computers and they are not able to do so, two of the people say.

Later versions of Ripley committed Uber the ability to selectively provide information to government agencies that searched the company’s foreign office. At the direction of company lawyers, security engineers could select which information to share with officials who had warrants to access Uber’s systems, the people say.

Another option was contemplated for times when Uber wanted to be less transparent. In 2016 the security squad began working on software called uLocker. An early prototype could present a dummy version of a typical login screen to police or other unwanted eyes, the people say. But Uber says no dummy-desktop function was ever enforced or employed, and that the present version of uLocker doesn’t include that ability. The programme is overseen by John Flynn, Uber’s chief info security officer.