Videos and information from Amazon’s tiny Ring security cameras could be accessed by Ring employees in Ukraine and the US at the least, reports The Intercept. Employees were also using video streams from within and outside the house to tag objects in order to train its poor object-recognising software, it adds. The report also questions Ring’s standards, privacy policies, their existence, and the checks and balances.
What was accessible and by who
- From the start of 2016, the company made available a folder on the Amazon S3 cloud storage, where ALL of Ring’s videos were stored, to its Ukraine R&D team. The files on this folder could be viewed and downloaded.
- These video files were unencrypted because encryption would be expensive and “make the company less valuable”
- The team was also given access to an information database which would link the video to Ring customers
The report also mentioned that Ring’s Neighbors’ (residential surveillance program) object recognition system was not very strong, in that it could not easily differentiate between leaves, trees, people, animals, etc.
- Ring also had Ukrainian “data operators” who would manually tag and label objects in a video through a “training” program for its software, to teach the software to recognise these objects by itself in the future
- The same team also watched footage broadcasting from within the house as well as outside, and that Ring employees would show these videos to each other describing the events in those videos
- Executives and engineers in the US could access the “highly privileged” tech support video portal “unfiltered” and with 24/7 live feeds from some customer camera
- For this access, they only needed the Ring customer’s email ID to watch their home cameras
‘Yes, we did it, but we have zero tolerance to abuse’
When The Intercept contacted Ring, their spokesperson did not answer its questions, but sent it a statement which said that Ring takes the privacy and security of its customers “extremely seriously”, but that it did view and annotate “certain Ring videos” which were publicly shared from the Neighbors app with “explicit written consent” from its users. The statement went on to say that, “…..and anyone in violation of our policies faces discipline, including termination and potential legal and criminal penalties. In addition, we have zero tolerance for abuse of our systems and if we find bad actors who have engaged in this behavior, we will take swift action against them.”
Check our privacy coverage here.