Whistleblower: Amazon Ring stores your doorbell and home video feeds unencrypted and grants broad "unfettered" access to them
Thursday January 10, 2019. 08:22 PM , from BoingBoing
Sources 'familiar with Ring's practices' have told The Intercept that the company -- a division of Amazon that makes streaming cameras designed to be mounted inside and outside your home -- stores the video feeds from its customers' homes in unencrypted format and allows staff around the world to have essentially unfettered access to these videos.
Of particular note is a team of Ukrainian researchers who are charged with improving the product's facial recognition tools as part of the company's push to turn Ring doorbells into a private surveillance grid that conducts continuous streetwide surveillance and alerts homeowners of undesirable strangers near their homes (Ring's description of this program omits any mention of facial recognition, but leaked internal images clearly show facial recognition in action).
Since 2016, this team has had 'virtually unfettered' access to every Ring customers' camera videos, which are stored in Amazon's S3 cloud without encryption.
In the USA, a broad group of engineers and executives are able to call up any customer's videos with no access controls, merely by searching on the customer's email address. The Intercept's source claims that Ring employees used this to spy on each others' romantic evenings, teasing each other about the people they'd brought home and exposed to a Ring camera.
Storing data in the clear means that a single unethical employee -- or security failure -- could expose every Ring customer in the world to privacy breaches. Granting broad internal access to this video significantly increases the likelihood of a breach.
Amazon's Rekognition facial recognition program was highly controversial all last year, with both Amazon engineers and the wider public sounding the alarm about the company's marketing of facial recognition tools for policing and surveillance.
A never-before-published image from an internal Ring document pulls back the veil of the company’s lofty security ambitions: Behind all the computer sophistication was a team of people drawing boxes around strangers, day in and day out, as they struggled to grant some semblance of human judgment to an algorithm. (The Intercept redacted a face from the image.)
A second source, with direct knowledge of Ring’s video-tagging efforts, said that the video annotation team watches footage not only from the popular outdoor and doorbell camera models, but from household interiors. The source said that Ring employees at times showed each other videos they were annotating and described some of the things they had witnessed, including people kissing, firing guns, and stealing.
Ring spokesperson Yassi Shahmiri would not answer any questions about the company’s past data policies and how they might be different today, electing instead to provide the following statement:
For Owners of Amazon’s Ring Security Cameras, Strangers May Have Been Watching Too [Sam Biddle/The Intercept]
Apr, Fri 19 - 02:59 CEST