A damning letter written by the lawyer for a former Uber security manager claims that the ride-hailing company secretly spied on rivals; destroyed, concealed and falsified evidence; and engaged in other illegal behaviors like wiretapping. The letter, which put the brakes on a trial scheduled to begin this month in a case in which a sister company of Google alleged that Uber stole its self-driving car secrets, was made public Friday.

Also Friday, a special master appointed by a federal judge filed a scathing report saying Uber should have submitted the letter as part of the lawsuit.

The letter chronicles clandestine intelligence-gathering by Uber worldwide, particularly by units of its San Francisco-based Threat Ops division, which “frequently engaged in fraud and theft, and employed third-party vendors to obtain unauthorized data or information,” the letter said.

One Threat Ops unit, Marketplace Analytics, “exists expressly for the purpose of acquiring trade secrets, codebase, and competitive intelligence,” including information on “major ride-sharing competitors globally,” the letter said.

The letter follows on the heels of at least five federal investigations of Uber’s practices, such as programs to thwart law enforcement and alleged bribes of foreign officials — something the letter asserts took place. Controversies over Uber’s allegedly over-aggressive tactics helped lead to the ouster of Uber co-founder Travis Kalanick as CEO in June.

The 37-page letter from the lawyer for Ric Jacobs, the former Uber security manager, was unsealed by a federal court with some redactions. Some of its allegations were read aloud during hearings late last month in the self-driving car case, which pits Waymo, the self-driving car unit of Alphabet, against Uber.

Waymo sued Uber for allegedly stealing its proprietary designs for lidar sensors, which help self-driving cars see the world around them. Waymo claims former star engineer Anthony Levandowski downloaded 14,000 files before he left Waymo, started a new company and sold it to Uber for $680 million — bringing the intellectual property with him. Uber denies the allegations and has fired Levandowski for refusing to cooperate with its investigation of the matter. Levandowski has asserted his Fifth Amendment rights against self-incrimination in declining to testify in the case.

“While we haven’t substantiated all the claims in this letter — and, importantly, any related to Waymo — our new leadership has made clear that going forward we will compete honestly and fairly, on the strength of our ideas and technology,” Uber said. Several current and former security employees mentioned in the letter issued statements saying the claims were unequivocally false.

Uber’s new CEO, Dara Khosrowshahi, emailed employees on Wednesday that “there is more than enough there (in the 37-page Jacobs letter) to merit serious concern.”

Uber deputy general counsel Angela Padilla, the Jacobs letter’s recipient, testified last month that its “fantastical” accusations were the work of an extortionist. Uber has paid Jacobs $4.5 million and his lawyer another $3 million. Jacobs, whom Uber said was caught downloading confidential files on the day he quit, portrayed himself to Uber as a whistle-blower, other Uber employees testified.

Although Padilla said ex-CEO Kalanick and many board members saw the letter, Uber did not turn it over as part of discovery in the Waymo lawsuit. That omission outraged U.S. District Judge William Alsup, who is presiding over the case. Alsup berated Uber’s lawyers — who said they were unaware of the letter — for withholding evidence and postponed the planned jury trial to Feb. 5, a two-month delay, to allow time for further discovery about the letter’s explosive allegations.

The letter makes clear that Padilla was keenly aware of how explosive Jacobs’ allegations were. It referred to a previous communication with her during which, the letter said, “You (Padilla) indicated that our client’s assertions regarding destruction, spoliation and manipulation of discovery documents were of particular concern ... because this type of conduct would be contrary to your own directives.”

The letter said top Uber security managers Mat Henley and Craig Clark “led Uber’s efforts to evade current and future discovery requests, court orders, and government investigations in violation of state and federal law as well as ethical rules governing the legal profession.”

Henley, Uber director of threat operations, testified in court last month that the letter’s allegations were false, and said that Jacobs was an incompetent employee.

Clark, formerly Uber’s legal director for threat operations, was dismissed last month along with chief security officer Joe Sullivan in the wake of revelations that Uber had failed to disclose a huge data theft of personal information about 57 million passengers and drivers that occurred last year.

An attorney representing Henley and three other security analysts named in the Jacobs letter said that it “is nothing more than character assassination for cash,” describing Jacobs as “a failed Uber employee who underperformed and got demoted, and then retaliated ... with a letter filled with distortions.”

Sullivan said in a statement: “From where I sat, my team acted ethically, with integrity, and in the best interests of our drivers and riders.”

Clark’s attorney said he “acted appropriately at all times.”

Earlier this month, Alsup had asked the case’s special master, John Cooper, to determine whether Uber was at fault for failing to produce the letter, as well as Jacobs’ resignation email and his settlement agreement with Uber.

In a strongly worded court filing Friday, Cooper noted that Padilla, board members and top executives were well aware of the “inflammatory” Jacobs letter and said Uber should have given it to Waymo. However, he said Jacobs’ resignation email and settlement with Uber did not need to be produced.

“Mr. Jacobs’ correspondence alleged systemic, institutionalized, and criminal efforts by Uber to conceal evidence and steal trade secrets, not just as a general matter but also specifically involving the evidence and trade secrets at issue in this case — maybe the largest and most significant lawsuit Uber has ever faced,” Cooper wrote.

The letter came to light when the U.S. attorney’s office for the Northern District of California took the highly unusual step of forwarding it to Alsup on Nov. 22. The U.S. attorney’s cover letter, unsealed this week, confirmed that it was pursuing a criminal investigation of Uber.

Jacobs, who is now working for Uber as a consultant making $1 million a year, walked back some of the letter’s bombshell accusations in court last month, saying he had only hastily reviewed the letter before his lawyer sent it. Most of the accusations are highly detailed, including specific dates and names.

Carolyn Said is a San Francisco Chronicle staff writer. Email: csaid@sfchronicle.com Twitter: @csaid

Bombshell allegations

A letter written by a lawyer for a former Uber security manager alleged that the ride-hailing company engaged in corporate espionage. Among the allegations in the letter:

Destruction and concealment of records

Uber’s ThreatOps unit used ephemeral and encrypted communications such as Wickr “for the express purpose of destroying evidence of illegal or unethical practices.” Jacobs’ bosses instructed him to “shroud” documents with false claims of attorney-client privilege.

Jacobs’ team used “non-attributable” hardware and software, “so that the Internet traffic would not appear to originate from an Uber network. … By storing this data on non-attributable devices, Uber believed it would avoid detection and never be subject to legal discovery.”

Teaching clandestine tactics

Several security managers visited Uber’s autonomous vehicles group in Pittsburgh to educate its members on using self-destructing email and other practices “with the specific intent of preventing Uber’s unlawful schemes from seeing the light of day.”

Trade secret theft

An Uber team “fraudulently impersonates riders and drivers on competitor platforms, hacks into competitor networks, and conducts unlawful wiretapping.”

Spying on rivals

Uber downloaded a database of 35,000 driver records from a rival company whose name was redacted but appeared to be a very short word. Uber hacked into protected data “to lure these drivers away to work for Uber instead.” “Uber used driver and customer impersonation to steal competitor trade secrets.”

Inflating Uber’s valuation

“Not only was Uber able to obtain (redacted company name’s) trade secrets, but used the data it obtained to inflate the ultimate valuation of Uber.”

Illegal surveillance

Uber infiltrated private event spaces at hotels and conference facilities where a rival company was meeting, and recorded and observed private conversations among the executives. “These collection tactics were tasked directly by (former chief security officer Joe) Sullivan on behalf of Uber’s (then) CEO, Travis Kalanick.”

Sexual harassment wiretap

Uber “improperly record(ed) (redacted name’s) call following allegations of sexual harassment by a former Uber employee. ... The investigations team (redacted) used the recording, along with other egregious and purposeful violations of personal privacy.” The employee, whose name was redacted, subsequently left Uber.

Spying on politicians and regulators

Uber conducted “collections of mobile-phone call records and mobile phone link analysis on opposition figures, politicians and government regulators in (redacted location).”

Foreign espionage

“Vendors, directed by Uber employees, conducted foreign espionage against a sovereign nation despite Jacobs’s objections. … Jacobs heard about the practice of bribing foreign government officials … in multiple areas.”

Retaliation

Jaobs said he repeatedly told his bosses that Uber’s “collection methods were unethical, illegal, costly, time-consuming and risky to the company’s personnel and reputation.” He was “floored” to receive a negative performance review and demotion in February 2017. “Jacobs experienced this review and demotion as pure retaliation for his refusal to buy into the ThreatOps culture of achieving business goals through illegal conduct.”