uber 2016 case study

• CCI Magazine
• Writing for CCI
• Career Connection
• NEW: CCI Press – Book Publishing
• Advertise With Us
• See All Articles
• Internal Audit
• HR Compliance
• Cybersecurity
• Data Privacy
• Financial Services
• Well-Being at Work
• Leadership and Career
• Vendor News
• Submit an Event
• Download Whitepapers & Reports
• Download eBooks
• New: Living Your Best Compliance Life by Mary Shirley
• New: Ethics and Compliance for Humans by Adam Balfour
• 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
• CCI Press & Compliance Bookshelf
• On-Demand Webinars: Earn CEUs
• Leadership & Career
• Getting Governance Right
• Adam Balfour
• Jim DeLoach
• Mary Shirley

Executive Responsibilities and Consequences: A Case Study of Uber’s Data Breaches

Individuals potentially face criminal charges for failing to disclose a data breach.

Organizations at risk of a data breach (that’s every organization, by the way) can learn something from Uber’s data privacy missteps. Squire Patton Boggs attorneys Colin Jennings, Ericka Johnson and Dylan Yépez offer key takeaways from the company’s high-profile data breaches.

On August 19, 2020, the former Chief Security Officer (CSO) for Uber Technologies Inc. (Uber) was charged with obstruction of justice and misprision of felony for allegedly trying to conceal from federal investigators a cyberattack that occurred in 2016, exposing the data of 57 million riders and drivers. Although an extreme case, it is a good reminder for companies and executives to take data breach disclosure obligations seriously.

The criminal complaint, filed in the U.S. District Court for the Northern District of California (“the Complaint”), appears to claim that Uber, through its former CSO, Joseph Sullivan, should have reported the 2016 data breach to federal investigators. But a business’s duty to disclose a data breach is not always clear, and there are often a myriad of laws, regulatory practices and consumer expectations when navigating a breach. Using Uber’s 2016 breach as a case study, company executives must be aware of and recognize the business and personal consequences associated with breach response, and specifically with intentionally concealing a breach.

The Obligation to Report a Data Breach is Often Not Straightforward

Across the world, countries have widely varying laws related to the protection of personal information and even greater variance on the requirements to disclose a breach of such information. Even within the United States, the definitions of “personal information” and “data breach” differ greatly from state to state, with no two state laws being identical, so businesses, particularly those operating on a national or global scale, must conduct multijurisdictional analyses to determine whether an obligation to disclose a given breach exists and, if so, the scope of the obligation. Often there are inconsistent laws and obligations, and regulatory and consumer expectations can vary greatly based on the nature, scope and context of the breach.

Many laws require disclosure of a data breach only if there is a “reasonable risk of harm” to the individual(s) whose personal information was unlawfully accessed and/or exfiltrated. This requires businesses to determine whether, based on the totality of circumstances, it is reasonably likely that a breach of personal information will harm affected individuals. On the other hand, some laws do not require any risk of harm. Further, given that the forensic review of a data breach evolves over time, it is not uncommon for the initial findings to change dramatically over the course of a breach response. What often appears to be a limited attack can become a wholesale loss of sensitive consumer or business data – and oftentimes both simultaneously.

The legal analysis is then complex, fact-specific and ever changing. Perhaps, for example, only a portion of the sensitive data was exposed (e.g., only the last four digits of a social security number or only an individual’s last name). Maybe, due to insufficient logs, forensic investigators cannot rule out the possibility that an unauthorized third party accessed the sensitive data or moved laterally into human resources data or databases containing consumer financial information. Or perhaps evidence suggests that the cybercriminals appear to be staging sensitive data for exfiltration, but have destroyed any evidence that data was actually taken. These are but a few examples of factors that can make the obligation to report far from straightforward.

As Uber’s 2016 breach response indicates, the difficulty of ascertaining a business’s breach notification obligations is not a defense to those company executives who intentionally conceal a breach. As discussed below, company executives who ultimately have to decide whether to disclose a breach should take notice of the potential consequences of making the wrong decision.

A Case Study in Intentionally Failing to Report a Breach

The Complaint alleges that, in response to Uber’s 2016 breach, former CSO Joseph Sullivan “engaged in a scheme to withhold and conceal from the [Federal Trade Commission] both the hack itself and the fact that that data breach had resulted in the hackers obtaining millions of records associated with Uber’s users and drivers.”

At the time of the breach, Sullivan was helping oversee Uber’s response to a Federal Trade Commission (FTC) investigation into Uber’s data security practices, which had been triggered, in part, by another Uber data breach that occurred in or around 2014. Sullivan was “intimately familiar with the nature and scope of the FTC’s investigation.”

About 10 days after providing sworn testimony to the FTC, however, Sullivan received an email from “[email protected],” claiming to have found a “major vulnerability in uber [ sic ],” and threatening that the hacker “was able to dump uber [ sic ] database and many other things.” Within days, Sullivan’s security team realized that an unauthorized person or persons had accessed Uber’s data and obtained, among other things, a copy of a database containing approximately 600,000 driver’s license numbers for Uber drivers.

Based on available information, this massive data breach likely triggered Uber’s duty to notify under numerous jurisdictions’ data breach laws. By contrast, the 2016 breach appeared significantly more expansive than the 2014 breach, in which a cybercriminal accessed over 100,000 individuals’ personal information on a cloud-based data warehouse.

Based on the Complaint, Sullivan allegedly took affirmative measures to conceal the data breach and the resulting exposure of data. Among other things, he allegedly:

• negotiated with the cybercriminals to pay $100,000 in exchange for the hackers to sign a nondisclosure agreement (NDA), “falsely represent[ing] that the hackers had not obtained or stored any data during their intrusion,” even though “[b]oth the hackers and Sullivan knew at the time that this representation in the NDA was false;”
• “instructed his team to keep knowledge of the 2016 breach tightly controlled;”
• “never informed the FTC of the 2016 data breach, even though he was aware that the FTC’s investigation focused on data security, data breaches and protection of [Personally Identifiable Information];” and
• “removed certain details … that would have illustrated the true scope of the [2016] breach” from a prepared summary for the new Uber CEO – changes which “resulted in both affirmative misrepresentations and misleading omissions of fact.”

Sullivan’s alleged motives to cover up the 2016 hack and data breach are the concerns that all companies must assess in connection with their breach notification responsibilities.

First , the Complaint appears to allege that one motive to conceal the breach was to prevent further reputational harm to the company. Like Uber’s customers, individuals entrust their data to companies on a daily basis, from making purchases to requesting services. Companies know, therefore, that they risk losing revenue if their customers lose confidence in the protection of their data.

Understanding this dynamic, he “became aware the attackers had accessed [the cloud] in almost the identical manner the 2014 attacker had used,” according to the Complaint. “That is, the attackers were able to access Uber’s source code on GitHub (this time by using stolen credentials), locate [a cloud] credential and use that credential to download Uber’s data.” As such, the Complaint appears to allege that both the embarrassment of falling victim to the same attack vector and the associated reputational consequences may have motivated Sullivan to conceal the breach.

Second , the Complaint appears to allege that another motive for concealing the breach was to prevent additional regulatory scrutiny. In the United States, companies like Uber are subject to many state- and industry-specific regulators (e.g., state Attorneys General, the Securities and Exchange Commission, FTC) — often simultaneously. Additionally, outside of the United States there are numerous laws and data protection or other authorities that govern data breaches.

At the time of the breach, Sullivan was actively responding to the FTC’s inquiries to assist in reaching a settlement related to the 2014 breach. For example, he approved language to the FTC representing that “‘all new database backup files’ had been encrypted since August 2014,” when in fact, they had not. Sullivan’s fears may not have been misplaced. In light of the new information regarding the 2016 breach, the FTC effectively withdrew its previous settlement terms and added requirements to the resolution with Uber.

Ultimately, it appears that such attempts to rationalize and avoid Uber’s breach notification responsibilities may have led Sullivan to engage in the actions he did.

Lesson Learned

In a public statement, the FBI advised that, “[w]hile this case is an extreme example of a prolonged attempt to subvert law enforcement, we hope companies stand up and take notice.” In effect, the consequences of failing to disclose a data breach are the most extreme in cases where a notification obligation clearly exists and the company and its officers consciously decide to circumvent that obligation during the course of an ongoing investigation. While companies have incentives to rationalize and avoid their disclosure obligations (e.g., reputational harm, regulatory oversight, expense), this incident highlights the potential consequences executives should be aware of when weighing the business decision to disclose a breach. Disclosure and direct individual notification of a data breach is now the expectation, and the decision to not disclose must be very carefully weighed – taking into account law, regulatory practice and consumer/customer expectations. One size does not fit all, and the nature, scope and circumstance of the specific breach must be carefully assessed in real time.

Ultimately, the legal analysis to determine whether an obligation exists and the business decision to disclose the same are nuanced and complex. If you experience a data breach, it is best to retain counsel who is highly experienced in the nuances of data breaches and the complexities of data breach notification laws for help determining whether and how to disclose a given breach.

How COVID-19 is Shifting Tax Reporting Regulations

Cci media group launches book publishing division targeting global audience in compliance, ethics, risk, internal audit.

Colin Jennings, Ericka Johnson and Dylan Yépez

Related Posts

In Crisis or In Control? Evolving Threat Actor Tactics Illustrate the Need for Clear Cybersecurity Communications Strategies

Preparing for the unexpected goes beyond IT expertise

Navigating Personal Liability: Post–Data Breach Recommendations for Officers

Executives may be on the hook if info is compromised

Primary Markets Abuse: High Stakes and High Consequences for Investment Banks

Agencies signal that random monitoring is not enough

From Departments of War to the Basement Next Door: The AI-Disinformation Threat to Companies

The evolving threat of AI-based disinformation requires risk mitigation planning to avoid catastrophic reputational damage. As disinformation threats can materialize...

Privacy Policy

Founded in 2010, CCI is the web’s premier global  independent  news source for compliance, ethics, risk and information security. 

Got a news tip?  Get in touch . Want a weekly round-up in your inbox?  Sign up  for free. No subscription fees, no paywalls. 

Browse Topics:

• Compliance Podcasts
• eBooks Published by CCI
• GRC Vendor News
• On Demand Webinars
• Resource Library
• Uncategorized
• Whitepapers

© 2024 Corporate Compliance Insights

Privacy Overview

• Ride-sharing /

Uber admits covering up massive 2016 data breach in settlement with US prosecutors

The personal information of 57 million people was exposed in the hack.

By Andrew J. Hawkins , transportation editor with 10+ years of experience who covers EVs, public transportation, and aviation. His work has appeared in The New York Daily News and City & State.

Share this story

Uber admitted to covering up a massive cybersecurity attack that took place in October 2016 , exposing the confidential data of 57 million customers and drivers, as part of a settlement with the US Department of Justice to avoid criminal prosecution.

In order to not be prosecuted for the cover-up, Uber “admits that its personnel failed to report the November 2016 data breach to the [Federal Trade Commission] despite a pending FTC investigation into data security at the company,” according to a press release from the DOJ .

Hackers used stolen credentials to access a private source code repository and obtain a proprietary access key

Hackers used stolen credentials to access a private source code repository and obtain a proprietary access key, which they then used to access and copy large quantities of data associated with Uber’s users and drivers, including data pertaining to approximately 57 million user records with 600,000 driver’s license numbers. 

The data breach was only revealed a year later in when the company publicly disclosed it, as reported by Bloomberg . The company allegedly paid its hackers a $100,000 ransom to delete the data and not publicize the breach to media or regulators. At the time, newly appointed Uber CEO Dara Khosrowshahi, who had taken over from former CEO Travis Kalanick after the latter was ousted from his position, admitted that the cover-up should not have happened.

According to the settlement, Khosrowshahi and his team reported the breach to the public, drivers, and government authorities after discovering it a year later. The decision not to prosecute the company was, in part, based on Uber’s decision to disclose the breach as well as an agreement with the FTC in 2018 to report any future cyberattack to government regulators. The settlement also acknowledges that Uber paid $148 million to settle civil litigation tied to the data breach.

It was a sharp turnaround as compared to the company’s leadership under Kalanick, who learned of the breach a month after it occurred. Joe Sullivan, Uber’s chief security officer at the time, was also complicit in the cover-up, leading to his firing by Khosrowshahi in 2017. Sullivan was later  charged with obstruction of justice  for trying to hide a data breach from the FTC and Uber management. His case is scheduled to go to trial in September 2022 .

The hack included names, email addresses, and phone numbers of more than 50 million Uber riders worldwide, while more than 7 million Uber drivers had similar data exposed on top of driver’s license numbers for around 600,000 US drivers. 

Apple apologizes for iPad ‘Crush’ ad that ‘missed the mark’

Apple doesn’t understand why you use technology, sonos says its controversial app redesign took ‘courage’, asus’ next rog ally handheld will be the rog ally x, microsoft says it needs games like hi-fi rush the day after killing its studio.

More from Transpo

Scout Motors wants to put the ‘mechanical’ back into electric trucks

Lucid slashes prices for its luxury EVs for the third time in seven months

GM is preparing for another major expansion of its hands-free Super Cruise system

Tesla’s latest update takes aim at cold weather woes

Uber admits covering up 2016 hacking, avoids prosecution in U.S. settlement

• Medium Text

• Company Uber Technologies Inc Follow

Sign up here.

Reporting by Jonathan Stempel in New York; Editing by Leslie Adler

Our Standards: The Thomson Reuters Trust Principles. New Tab , opens new tab

Business Chevron

US agency opens probe into over 200,000 Ford vehicles on fuel leak risks

The U.S. auto safety regulator said on Friday it was opening a preliminary evaluation into 210,960 Ford vehicles following complaints alleging diesel fuel leaks that may result in a fire.

• After-Hours
• Market Movers
• Fear & Greed
• World Markets
• Markets Now
• Before the Bell
• Leading Indicator
• Global Energy Challenge
• Mission: Ahead
• Business Evolved
• Work Transformed
• Innovative Cities
• Reliable Sources
• Fresh Money
• Biz + Leisure

Center Piece

Perspectives, international.

• Switzerland
• Passion to Portfolio
• On: Germany
• Newsletters
• Accessibility and CC

Entertainment

Do Not Sell

Uber paid hackers $100,000 after they stole data on 57 million users

Uber says it paid hackers $100,000 after they stole data last year on 57 million of its users.

The startup did not disclose the attack until Tuesday, adding a potential cover up to a list of recent corporate controversies.

Uber said that two people outside the company accessed the personal information of 57 million Uber users in late 2016, including names, email addresses and phone numbers. The license numbers of around 600,000 drivers in the United States were included in the breach.

The company did not alert victims or regulators of the breach when it was first discovered.

Britain's data protection watchdog said the news raised "huge concerns" about Uber's data policies and ethics.

"If U.K. citizens were affected then we should have been notified so that we could assess and verify the impact on people whose data was exposed," said James Dipple-Johnstone of the U.K. Information Commissioner's Office.

Uber CEO Dara Khosrowshahi said in a statement he recently learned of the breach.

Khosrowshahi, who became CEO in August, said he launched an investigation into why the company did not alert authorities or affected individuals. He said, "two of the individuals who led the response to this incident are no longer with the company." Khosrowshahi said the company is now notifying regulatory authorities.

Bloomberg reported that Joe Sullivan, Uber's chief security officer, is no longer with the company. Uber would not confirm to CNNMoney which individuals had left the company.

Related: Uber's PR crises show no sign of letting up

"At the time of the incident, we took immediate steps to secure the data and shut down further unauthorized access by the individuals," Khosrowshahi said in the statement.

"We subsequently identified the individuals and obtained assurances that the downloaded data had been destroyed. We also implemented security measures to restrict access to and strengthen controls on our cloud-based storage accounts," he said.

Uber did not say how hackers assured the company the stolen data was destroyed, but it did confirm that $100,000 was paid to the hackers.

According to the company, no location history, credit card numbers, Social Security numbers, or dates of birth were downloaded in the hack. Uber said it is providing free credit monitoring to drivers who had their license numbers exposed.

It's the latest blow to Uber, which is trying to improve its public image. The company has been embroiled in a number of controversies , including using software called Greyball to evade regulators, a court battle over allegedly stolen secrets from Google's self-driving car division, and a slew of complaints regarding sexual harassment and toxic company culture.

This week, the company was fined almost $9 million for background check issues in Colorado.

In his statement, Khosrowshahi said things will be different moving forward. "While I can't erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes," he wrote.

-- Samuel Burke contributed reporting.

CNNMoney Sponsors

Smartasset paid partner.

• These are your 3 financial advisors near you
• This site finds and compares 3 financial advisors in your area
• Check this off your list before retirement: talk to an advisor
• Answer these questions to find the right financial advisor for you
• Find CFPs in your area in 5 minutes

NextAdvisor Paid Partner

• An Insane Card Offering 0% Interest Until Nearly 2020
• Transferring Your Balance to a 14-Month 0% APR is Ingenious
• The Top 7 Balance Transfer Credit Cards On The Market Today
• Get $300 Back With This Outrageous New Credit Card

• Share full article

Advertisement

Supported by

Uber Investigating Breach of Its Computer Systems

The company said on Thursday that it was looking into the scope of the apparent hack.

By Kate Conger and Kevin Roose

Uber discovered its computer network had been breached on Thursday, leading the company to take several of its internal communications and engineering systems offline as it investigated the extent of the hack.

The breach appeared to have compromised many of Uber’s internal systems, and a person claiming responsibility for the hack sent images of email, cloud storage and code repositories to cybersecurity researchers and The New York Times.

“They pretty much have full access to Uber,” said Sam Curry, a security engineer at Yuga Labs who corresponded with the person who claimed to be responsible for the breach. “This is a total compromise, from what it looks like.”

An Uber spokesman said the company was investigating the breach and contacting law enforcement officials.

Uber employees were instructed not to use the company’s internal messaging service, Slack, and found that other internal systems were inaccessible, said two employees, who were not authorized to speak publicly.

Shortly before the Slack system was taken offline on Thursday afternoon, Uber employees received a message that read, “I announce I am a hacker and Uber has suffered a data breach.” The message went on to list several internal databases that the hacker claimed had been compromised.

The hacker compromised a worker’s Slack account and used it to send the message, the Uber spokesman said. It appeared that the hacker was later able to gain access to other internal systems, posting an explicit photo on an internal information page for employees.

The person who claimed responsibility for the hack told The New York Times that he had sent a text message to an Uber worker claiming to be a corporate information technology person. The worker was persuaded to hand over a password that allowed the hacker to gain access to Uber’s systems, a technique known as social engineering.

“These types of social engineering attacks to gain a foothold within tech companies have been increasing,” said Rachel Tobac, chief executive of SocialProof Security. Ms. Tobac pointed to the 2020 hack of Twitter, in which teenagers used social engineering to break into the company. Similar social engineering techniques were used in recent breaches at Microsoft and Okta.

“We are seeing that attackers are getting smart and also documenting what is working,” Ms. Tobac said. “They have kits now that make it easier to deploy and use these social engineering methods. It’s become almost commoditized.”

The hacker, who provided screenshots of internal Uber systems to demonstrate his access, said that he was 18 years old and had been working on his cybersecurity skills for several years. He said he had broken into Uber’s systems because the company had weak security. In the Slack message that announced the breach, the person also said Uber drivers should receive higher pay.

The person appeared to have access to Uber source code, email and other internal systems, Mr. Curry said. “It seems like maybe they’re this kid who got into Uber and doesn’t know what to do with it, and is having the time of his life,” he said.

In an internal email that was seen by The New York Times, an Uber executive told employees that the hack was under investigation. “We don’t have an estimate right now as to when full access to tools will be restored, so thank you for bearing with us,” wrote Latha Maripuri, Uber’s chief information security officer.

It was not the first time that a hacker had stolen data from Uber. In 2016, hackers stole information from 57 million driver and rider accounts and then approached Uber and demanded $100,000 to delete their copy of the data. Uber arranged the payment but kept the breach a secret for more than a year.

Joe Sullivan, who was Uber’s top security executive at the time, was fired for his role in the company’s response to the hack. Mr. Sullivan was charged with obstructing justice for failing to disclose the breach to regulators and is currently on trial.

Lawyers for Mr. Sullivan have argued that other employees were responsible for regulatory disclosures and said the company had scapegoated Mr. Sullivan.

Kate Conger is a technology reporter in the San Francisco bureau, where she covers the gig economy and social media. More about Kate Conger

Kevin Roose is a technology columnist and the author of “Futureproof: 9 Rules for Humans in the Age of Automation.” More about Kevin Roose

A Guide to Digital Safety

A few simple changes can go a long way toward protecting yourself and your information online..

A data breach into your health information  can leave you feeling helpless. But there are steps you can take to limit the potential harm.

Don’t know where to start? These easy-to-follow tips  and best practices  will keep you safe with minimal effort.

Your email address has become a digital bread crumb that companies can use to link your activity across sites. Here’s how you can limit this .

Protect your most sensitive accounts by creating unique passwords and adding extra layers of verification .

There are stronger methods of two-factor authentication than text messages. Here are the pros and cons of each .

Do you store photos, videos and important documents in the cloud? Make sure you keep a copy of what you hold most dear .

Browser extensions are free add-ons that you can use to slow down or stop data collection. Here are a few to try.

Using Big Data to Estimate Consumer Surplus: The Case of Uber

Estimating consumer surplus is challenging because it requires identification of the entire demand curve. We rely on Uber’s “surge” pricing algorithm and the richness of its individual level data to first estimate demand elasticities at several points along the demand curve. We then use these elasticity estimates to estimate consumer surplus. Using almost 50 million individual-level observations and a regression discontinuity design, we estimate that in 2015 the UberX service generated about $2.9 billion in consumer surplus in the four U.S. cities included in our analysis. For each dollar spent by consumers, about $1.60 of consumer surplus is generated. Back-of-the-envelope calculations suggest that the overall consumer surplus generated by the UberX service in the United States in 2015 was $6.8 billion.

We are grateful to Josh Angrist, Keith Chen, Joseph Doyle, Hank Farber, Alan Krueger, Greg Lewis, Jonathan Meer, and Glen Weyl for helpful comments and discussions. We are also grateful to Mattie Toma for excellent research assistance. The views expressed herein are those of the authors and do not necessarily reflect the views of the National Bureau of Economic Research.

Peter Cohen transitioned from paid independent contractor to full-time employee of Uber during the writing of the paper. As a current employee, he has an equity stake in the company.

Jonathan Hall was an employee and shareholder of Uber Technologies before, during, and after the writing of this paper.

MARC RIS BibTeΧ

Download Citation Data

Working Groups

Mentioned in the news, more from nber.

In addition to working papers , the NBER disseminates affiliates’ latest findings through a range of free periodicals — the NBER Reporter , the NBER Digest , the Bulletin on Retirement and Disability , the Bulletin on Health , and the Bulletin on Entrepreneurship  — as well as online conference reports , video lectures , and interviews .

International Journal of Communication

Founding Editor

• Larry Gross

Founding Managing Editor

• Arlene Luck
• Silvio Waisbord

Managing Editor

• Kady Bell-Garcia

Managing Editor, Special Sections

• Mark Mangoba-Agustin

Editorial Board

• Sean Aday George Washington University
• Omar Al-Ghazzi London School of Economics and Political Science
• Ilhem Allagui Northwestern University-Qatar
• Abeer Al-Najjar American University Of Sharjah
• Meryl Alper Northeastern University
• Adriana Amaral Universidade Paulista
• Hector Amaya University of Southern California
• Melissa Miriam Aronczyk Rutgers University
• Jonathan David Aronson University of Southern California
• Karen Arriaza Ibarra Universidad Complutense de Madrid Spain
• Hanan Badr Paris Lodron University of Salzburg
• Sandra Ball-Rokeach University of Southern California
• Sarah Banet-Weiser University of Pennsylvania/University of Southern California
• Francois Bar University of Southern California
• Emma Baulch Monash University Malaysia
• Yochai Benkler Harvard Law School
• Lance Bennett University of Washington
• TJ Billard Northwestern University
• Bruce Bimber UC Santa Barbara
• Pablo Javier Boczkowski Northwestern University
• Mark Boukes University of Amsterdam
• Nicholas David Bowman Syracuse University
• danah boyd Microsoft Research / Data & Society
• Michael Brüggemann University of Hamburg
• Gustavo Cardoso University of Lisbon
• Manuel Castells
• Lik Sam Chan Chinese University of Hong Kong
• Michael Chan Chinese University of Hong Kong
• Jaeho Cho University of California, Davis
• Lilie Chouliaraki London School of Economics and Political Science
• Renita Coleman University of Texas
• Simon Cottle Cardiff University
• Sasha Costanza-Chock Massachusetts Institute of Technology
• Nick Couldry London School of Economics and Political Science
• Robert T. Craig University of Colorado at Boulder
• Nick Cull University of Southern California
• Afonso de Albuquerque Universidade Federal Fluminense
• Michael X. Delli Carpini University of Pennsylvania
• Claes de Vreese University of Amsterdam
• Marco Deseriis Scuola Normale Superiore
• Alexander Dhoest University of Antwerp
• Susan Douglas University of Michigan
• John D.H. Downing Southern Illinois University
• William Dutton Michigan State University
• Stephen Duncombe New York University
• Richard Dyer University of London
• John Nguyet Erni Hong Kong Baptist University
• Lewis Allen Friedland University of Wisconsin-Madison
• Anthony Y.H. Fung Chinese University of Hong Kong
• Oscar Gandy University of Pennsylvania
• Dilip Gaonkar Northwestern University
• Myria Georgiou London School of Economics and Political Science
• Homero Gil de Zúñiga University of Salamanca Pennsylvania State University
• Ian Glenn University of Cape Town
• Sergio Godoy Universidad Catolica de Chile
• Guy J. Golan Texas Christian University
• Trudy Govier University of Lethbridge
• Mary L. Gray Microsoft Research & Indiana University
• Larry Grossberg University of North Carolina
• Manuel Alejandro Guerrero Universidad Iberoamericana
• Lei Guo Fudan University
• Dan Hallin University of California, San Diego
• James Hamilton Stanford University
• Eszter Hargittai University of Zurich
• John Hartley Curtin University
• Francois Heinderyckx Université Libre de Bruxelles
• Andreas Hepp University of Bremen
• David Hesmondhalgh University of Leeds
• Tom Hollihan University of Southern California
• Yu Hong Zhejiang University
• Kathleen Hall Jamieson University of Pennsylvania
• Henry Jenkins University of Southern California
• Min Jiang University of North Carolina at Charlotte
• Dal Yong Jin Simon Fraser University
• Steve Jones University of Illinois-Chicago
• Douglas Kellner UCLA
• Su Jung Kim University of Southern California
• Marwan M. Kraidy Northwestern University in Qatar
• Josh Kun University of Southern California
• Chin-Chuan Lee National Chengchi University
• Chul-joo Lee Seoul National University
• Francis Lee Chinese University of Hong Kong
• Justin Lewis Cardiff University
• Sonia Livingstone London School of Economics
• Robin Elizabeth Mansell London School of Economics
• Alice E. Marwick University of North Carolina at Chapel Hill
• Jorg Matthes University of Vienna
• Robert McChesney University of Illinois, Urbana-Champaign
• Max McCombs The University of Texas at Austin
• Christine Meltzer Hanover University for Music, Theater and Media
• Kaitlynn Mendes Western University
• Oren Meyers University of Haifa
• Toby Miller Universidad de La Frontera
• Peter R. Monge University of Southern California
• Seungahn Nah University of Florida
• Thomas Nakayama Northeastern University
• Philip Napoli Duke University
• Horace Newcomb University of Georgia
• Zhongdang Pan University of Wisconsin - Madison
• Zizi Papacharissi University of Illinois at Chicago
• Cinzia Padovani Southern Illinois University
• John Durham Peters Yale University
• Victor Pickard University of Pennsylvania
• Alejandro Piscitelli University of Buenos Aires
• Dana Polan New York University
• Marshall Scott Poole University of Illinois, Urbana-Champaign
• Adam Powell University of Southern California
• Shawn Mathew Powers Georgia State
• Monroe Price University of Pennsylvania
• Jack Linchuan Qiu National University of Singapore
• Janice Radway Northwestern University
• N. Bhaskara Rao Centre for Media Studies, New Delhi
• Michael Renov USC Cinematic Arts
• Allissa V. Richardson University of Southern California
• Eric Rothenbuhler Webster University
• Michael Schudson Columbia University
• Ellen Seiter USC Cinematic Arts
• Brian Semujju Makerere University
• James Shanahan Indiana University
• Limor Shifman Hebrew University of Jerusalem
• Aram Sinnreich American University
• Jonathan Sterne McGill University
• Joseph Straubhaar University of Texas at Austin
• Lukasz Szulc University of Manchester
• John Thompson Cambridge University
• Kjerstin Thorson Michigan State University
• Katrin Tiidenberg Tallinn University
• Florian Toepfl University of Passau
• Yariv Tsfati University of Haifa
• Joseph Turow University of Pennsylvania
• Nikki Usher University of Illinois
• Derek W. Vaillant University of Michigan
• Baldwin Van Gorp Ku Leuven University
• Jorge Vázquez-Herrero Universidade de Santiago de Compostela
• Ingrid Volkmer University of Melbourne
• Jay Wang University of Southern California
• James Webster Northwestern University
• Chris Wells Boston University
• Dmitri Williams University of Southern California
• Angela Xiao Wu New York University
• Guobin Yang University of Pennsylvania
• Dannagal G. Young University of Delaware
• Barbie Zelizer Annenberg/ University of Pennsylvania
• Juyan Zhang University of Texas at San Antonio
• Yuezhi Zhao Simon Fraser University
• Ying Zhu College of Staten Island, CUNY

• For Readers
• For Authors
• For Librarians

PUBLISHED BY:

EDITORIAL STAFF Shadee Ashtari Sarah Nehemiah Jillian Verzwyvelt Sui Wang Josh Widera Assistant Editors

ISSN: 1932-8036

Follow @IJoC_USC

The PDF file you selected should load here if your Web browser has a PDF reader plug-in installed (for example, a recent version of Adobe Acrobat Reader ).

If you would like more information about how to print, save, and work with PDFs, Highwire Press provides a helpful Frequently Asked Questions about PDFs .

Alternatively, you can download the PDF file directly to your computer, from where it can be opened using a PDF reader. To download the PDF, click the Download link above.

Fullscreen Fullscreen Off