Why it matters: Another company’s privacy and security policies have come under scrutiny. This time, it’s Amazon-owned Ring that could be in trouble, after a new report claims employees around the world were given access to the video feeds created by its products, including those within customers’ homes, and that this footage was unencrypted.
A report from the Intercept explains how, starting in 2016, Ring allowing its Ukraine-based R&D team access to a folder on Amazon’s S3 cloud storage service that contained video histories of every Ring customer around the world. At the time, the files were unencrypted because Ring’s leaders felt “encryption would make the company less valuable.”
Even more damning is the claim that “executives and engineers” in the U.S. were given “highly privileged access,” allowing them “unfiltered, round-the-clock live feeds from some customer cameras.” It’s alleged that only an email address was required to view a customer’s camera feed.
The Intercept’s source said there were instances of employees watching co-workers via the cameras and “teasing each other about who they brought home” after romantic dates.
Ring said that the videos used to improve its service come from “publicly shared Ring videos from the Neighbors app,” along with customers who have given explicit written consent for their use. Ring added that it has never given employees access to livestreams of the company's devices.
Since Amazon acquired Ring last year, measures have been put in place to restrict access to the videos in the Ukraine office, but staff have reportedly found ways to circumvent them.
Responding to the report, Ring gave the following statement:
We take the privacy and security of our customers’ personal information extremely seriously. In order to improve our service, we view and annotate certain Ring video recordings. These recordings are sourced exclusively from publicly shared Ring videos from the Neighbors app (in accordance with our terms of service), and from a small fraction of Ring users who have provided their explicit written consent to allow us to access and utilize their videos for such purposes. Ring employees do not have access to livestreams from Ring products.
We have strict policies in place for all our team members. We implement systems to restrict and audit access to information. We hold our team members to a high ethical standard and anyone in violation of our policies faces discipline, including termination and potential legal and criminal penalties. In addition, we have zero tolerance for abuse of our systems and if we find bad actors who have engaged in this behavior, we will take swift action against them.