A hot potato: The controversy surrounding Amazon-owned Ring is likely to increase after the company admitted to firing four employees over the last four years for inappropriately accessing users’ home surveillance footage.
In a January letter responding to US senators questioning Ring’s security practices, the firm wrote: “Over the last four years, Ring has received four complaints or inquiries regarding a team member’s access to Ring video data. Although each of the individuals involved in these incidents was authorized to view video data, the attempted access to that data exceeded what was necessary for their job functions.”
Each incident was investigated by Ring, and the individuals were terminated once it was determined they violated company policy.
It’s possible that the incidents could refer to a report from January, in which it was alleged that, since 2016, Ring had given its Ukraine-based R&D team access to a folder on Amazon’s S3 cloud storage service containing video histories of every customer around the world.
It’s also claimed that “executives and engineers” in the U.S. were given “highly privileged access,” allowing them “unfiltered, round-the-clock live feeds from some customer cameras.” And the only thing required to access a customer’s camera feed was their email address.
Ring denied that its team in the Ukraine had the level of access described in the report, though it did say three employees “have the ability to access stored customer videos for the purpose of maintaining Ring’s AWS infrastructure.”
The letter is a response to several questions regarding the company’s security policies. These were submitted in November 2019 by Senators Ron Wyden, Chris Van Hollen, Edward Markey, Christopher Coons, and Gary Peters.
At CES, Ring unveiled a series of new security measures, including requiring two-factor authentication for its new products. But Senator Wyden said: "Amazon needs to go further -- by protecting all Ring devices with two-factor authentication."
In August last year, it was revealed that Ring has partnerships with hundreds of US police forces, allowing them access to Ring doorbell and motion camera footage for use in investigations. In November, it admitted that police can ask users for videos up to 45 days old and 12 hours long, keep them forever, and share them with anyone without providing evidence of a crime.
To add to its problems, Ring is being sued following a number of hacks that compromised its customers’ cameras.