People with Ring indoor or outdoor cameras may have had any some of their private videos seen by teams working for the company, an expose claimed on Thursday. [Updated with additional Ring response]
Starting in 2016 Ring provided a Ukrainian team, Ring Labs, with "virtually unfettered" access to a folder on Amazon's S3 cloud storage with every video recorded by a Ring camera, according to The Intercept, citing an anonymous source. Files were allegedly unencrypted because Ring was worried that implementing encryption would cost money, and reduce revenue because of restricted access. The Labs team is also said to have been able to associate recordings with a database of Ring customers.
U.S.-based Ring engineers and executives are said to have had unnecessary access to a technical support video portal that enabled live access to some customer cameras. The only thing Ring staff needed to tune into a camera was top-level access and a customer's email address.
Engineers are even said to have spied on each other, teasing each other about people they brought home on dates. Some workers were supposedly aware of being watched, but that may not always have been the case.
Ring Labs was reportedly given broad access because of deficiencies in Ring's facial and object recognition. "Data operators" were assigned to manually tag and label items as a way of training Ring's AI, improving accuracy and reducing false positives. A second source indicated that some employees showed each other videos they were working on, including events like displays of affection or theft.
Hiring for data operators continues.
A Ring spokesperson, Yassi Shahmiri, acknowledged to The Intercept that tagging work is going on, but insisted that videos are taken exclusively from publicly-shared videos in the Neighbors app and "a small fraction of Ring users who have provided their explicit written consent to allow us to access and utilize their videos for such purposes."
Shahmiri further insisted that Ring has systems to "restrict and audit access," and that it punishes anyone violating legal or ethical standards.
Tighter controls were purportedly put on Ring Labs in May after a visit from parent company Amazon, but staffers reportedly found a way to circumvent them.
Ring's smarthome lineup is one of the most popular in the market, thanks in part to Amazon's takeover in February 2018. While the company has yet to support Apple's HomeKit standard, Ring accessories do work with iPhones and iPads.
Update: In a statement to AppleInsider, a Ring spokesperson said that "Ring does not provide employees with access to livestreams of Ring devices."
30 Comments
I mentioned a couple days ago that after looking closer I wasn't comfortable any longer with (Amazon)Ring's privacy policy and might take a look at replacing my Ring Pro doorbell with a Nest Hello, but that was a maybe. This latest article pretty well seals it for me. While I'm not rushing to make a change, a change will almost certainly happen.
Disturbing as hell.
How (yawn) surprising. Does anyone actually think that any of these surveillance/home automation devices are private?