Yikes! Ring employees were able to spy on customers' camera feeds
Another day, another tech company doing something creepy.
According to The Intercept and The Information, Ring allowed employees access to unencrypted customer videos taken from its lineup of smart doorbell. The incidents began in 2016, when the company moved from San Francisco to Ukraine, in an effort to save money.
Months later, Ring transmitted users’ videos without encryption. It aslo gave its R&D team in Ukraine unfettered access to some customers’ video files. Specifically, it was given access to the company’s Amazon S3 cloud storage, which contained every Ring customer video and a database that detailed who the videos belonged to. Those files were unencrypted, so nothing was stopping Ring employees from downloading or sharing the information they could access.
While this was happening with the Ukraine team, US-based Ring executives and engineers were granted access to “unfiltered, round-the-clock live feeds from some customer cameras”. The Intercept said this led to Ring engineers “teasing each other about who they brought home” after dates. Basically, if someone who had been given this access inside Ring wanted to snoop, all they needed was a user’s email address.
Amazon purchased Ring in 2018, and in that time, some steps have been taken in order to protect Ring’s customers’ information. Ring, for its part, has said that much of the reason it had given employees access to these videos is to help train Ring’s software to better recognize objects. There’s no documented instances where employees were abusing this access, but it still seems shady.
It’s especially shady when you consider it’s not just cameras outside the home, but ones inside, as well.
In response to the Intercept and The information’s reports, Ring has said that employees were only given access to videos that were made public through its community watch program, Neighbors. It also promised to fire any employees they catch flouting new security measures and policies put in place, but this instance has shown some disregard for customers’ privacy.
Although Ring said many of these troubling policies have changed, a former employee in Ukraine claimed that the system, which gave employees access to this data, “could still be accessed from any computer, at home, or anywhere”.
Update: A Ring representative told Pocket-lint that Ring employees only have access to recordings that are sourced from publicly shared Ring videos in the Neighbors app, as well as from some Ring users who’ve given written consent to allow the company to access and their videos. It also said Ring employees do not have access to livestreams. Here’s the company’s full statement:
“We take the privacy and security of our customers’ personal information extremely seriously. In order to improve our service, we view and annotate certain Ring video recordings. These recordings are sourced exclusively from publicly shared Ring videos from the Neighbors app (in accordance with our terms of service), and from a small fraction of Ring users who have provided their explicit written consent to allow us to access and utilize their videos for such purposes. Ring employees do not have access to livestreams from Ring products.
We have strict policies in place for all our team members. We implement systems to restrict and audit access to information. We hold our team members to a high ethical standard and anyone in violation of our policies faces discipline, including termination and potential legal and criminal penalties. In addition, we have zero tolerance for abuse of our systems and if we find bad actors who have engaged in this behavior, we will take swift action against them.”