If you own a Ring doorbell camera system, we’ve got some bad news. The smart home company owned by Amazon, which the Internet retail giant shelled out more than $1 billion to acquire, has apparently been violating its customers’ privacy in a pretty shocking way. A new report from The Intercept quotes unnamed sources who confirm that engineers and executives at Ring have “highly privileged access” to live customer camera feeds, utilizing both Ring’s doorbells as well as its in-home cameras.
All that’s apparently required to tap into the live feeds is a customer’s email address. Meaning, the company has been so egregiously lax when it comes to security and privacy that even people outside the company could have potentially done this, using merely an email address to begin spying on customers, according to the report.
Within the company, a team that was supposed to have been focused on helping Ring get better at object recognition in videos caught customers in videos doing everything from kissing to firing guns and stealing. This news, we should add, also comes less than a month after Ring was in the news for a different potential privacy flap. As we told you here, a new patent application has begun to spur fears that Amazon would use Ring as a tool for creepy surveillance.
That patent application envisions using a combination of doorbell cameras and facial recognition technology to build a system that could be used to match images of people who show up at your door to a “suspicious persons” database.
Regarding this new report, The Intercept also disclosed that a Ring R&D team in Ukraine could access a folder containing “every video created by every Ring camera around the world.” Additionally, as if that wasn’t bad enough, those employees could also access a “corresponding database that linked each specific video file to corresponding specific Ring customers.”
It keeps getting worse from there. Those videos were also, you guessed it, unencrypted. Because, why else? Ring decided it would cost too much.
It brings to mind the similar “God-mode” map that revealed detailed passenger movements. This has also been something of an open secret within the company, with Intercept sources recalling how engineers sometimes teased each other about who they brought home after dates. The implication being that they’d been spying on each other. Also worth noting: “Neither Ring’s terms of service nor its privacy policy mention any manual video annotation being conducted by humans, nor does either document mention of the possibility that Ring staffers could access this video at all,” the Intercept piece concludes. “Even with suitably strong policies in place, the question of whether Ring owners should trust a company that ever considered the above permissible will remain an open one.”
A Ring spokesman sent BGR the following statement:
“We take the privacy and security of our customers’ personal information extremely seriously. In order to improve our service, we view and annotate certain Ring video recordings. These recordings are sourced exclusively from publicly shared Ring videos from the Neighbors app (in accordance with our terms of service), and from a small fraction of Ring users who have provided their explicit written consent to allow us to access and utilize their videos for such purposes. Ring employees do not have access to livestreams from Ring products.
“We have strict policies in place for all our team members. We implement systems to restrict and audit access to information. We hold our team members to a high ethical standard and anyone in violation of our policies faces discipline, including termination and potential legal and criminal penalties. In addition, we have zero tolerance for abuse of our systems and if we find bad actors who have engaged in this behavior, we will take swift action against them.”