By Joe Wolverton, II, J.D.
In a letter to U.S. senators, tech behemoth Amazon admits that it has fired employees discovered to have been spying on customers using the company’s Ring cameras.
Although the Ring cameras were originally marketed as a way to see who’s standing outside the door before opening it, many users have installed the surveillance equipment inside the house.
Ring’s eight-page letter was a response to inquiries made by five U.S. senators regarding the company’s security policies and findings of the company’s internal audits. In November 2019 Senators Ron Wyden, Chris Van Hollen, Edward J. Markey, Christopher A. Coons, and Gary C. Peters co-signed the letter looking for answers to questions about stories of privacy breaches being reported in the media.
The letter to legislators, signed by Amazon Vice President of Public Policy Brian Huseman, explains that Ring received four complaints of its employees viewing of Ring data “that exceeded what was necessary for their job functions.” Huseman reports in the letter that “after determining that the individual violated company policy, the individual was terminated.”
It is unclear whether Huseman means that one individual in each of the four complaints was fired, or whether the abuse of access to data reported to Ring resulted in the termination of only one of the employees investigated by Ring.
Regardless, use of the Ring cameras is rapidly increasing. In my neighborhood, three of my four closest neighbors have a Ring doorbell camera installed at their front door. Of course, the survey of my neighbors’ use of the Amazon surveillance device is not evidence of its wider use, but it is evidence of just how farseeing is the sight of a company that has admitted its employees secretly spy on customers.
Just how many Americans have bought Amazon’s Ring cameras is not known, and in the letter to the senators, Huseman refuses to disclose the number, revealing only that “millions of customers have purchased a Ring device.”
It strains the imagination to think that of all the millions of feeds of live video unauthorized access has only happened four times. Nevertheless, Amazon is to be commended for its efforts to stop serious infringements on the privacy of people using its products.
The access to the live video feeds of Ring customers by Amazon employees was first reported by The Intercept. The authors of that story discovered that people in Ukraine hired by Ring were given access to user video for research purposes. In its letter, Ring explains, “The R&D team in Ukraine can only access publicly available videos and videos available from Ring employees, contractors, and friends and family of employees or contractors with their express consent.”
Of course, the location of people peeping on customers seems of secondary import at best.
Apparently, Ring surveillance devices aren’t only vulnerable to unwanted access by Amazon employees. The following chilling account was published in December 2019 by Vice:
A blaring siren suddenly rips through the Ring camera, startling the Florida family inside their own home.
“It’s your boy Chance on Nulled,” a voice says from the Ring camera, which a hacker has taken over. “How you doing? How you doing?”
“Welcome to the NulledCast,” the voice says.
The NulledCast is a podcast livestreamed to Discord. It’s a show in which hackers take over people’s Ring and Nest smarthome cameras and use their speakers to talk to and harass their unsuspecting owners. In the example above, Chance blared noises and shouted racist comments at the Florida family.
“Sit back and relax to over 45 minutes of entertainment,” an advertisement for the podcast posted to a hacking forum called Nulled reads. “Join us as we go on completely random tangents such as; Ring & Nest Trolling, telling shelter owners we killed a kitten, Nulled drama, and more ridiculous topics. Be sure to join our Discord to watch the shows live.”
Software to hack Ring cameras has recently become popular on the forum.
The software churns through previously compromised email addresses and passwords to break into Ring cameras at scale.
This has led to a recent spate of hacks that have occurred both during the podcast and at other times, several of which have been covered by local media outlets. In Brookhaven a hacker shouted at a sleeping woman through her hacked Ring camera to wake up. In Texas, a hacker demanded a couple pay a bitcoin ransom. Hackers targeted a family in DeSoto County, Mississippi, and spoke through the device to one of the young children.
In response to these rattling incidents of invasion of its customers’ homes, Ring devices now sound an alarm when someone is accessing the device from a new location.
“Requiring two-factor [authentication] for new accounts is a step in the right direction, but there are millions of consumers who already have a Ring camera in their homes who remain needlessly vulnerable to hackers. Amazon needs to go further — by protecting all Ring devices with two-factor authentication. It is also disturbing to learn that Ring’s encryption of user videos lags behind other companies, who ensure that only users have the encryption keys to access their data,” Senator Wyden said, speaking of the security measures deployed by Ring in the wake of the worrying invasion of lives and homes by hackers.
Finally, while Ring customers are undeniably justified to fear hackers invading their homes through these devices or Ring employees watching them in unguarded moments, there is yet another group with access to the sights and sounds collected by Ring surveillance devices that is potentially more menacing.
Amazon’s Ring home security service has entered into contracts with over 200 police departments, giving law enforcement expansive access to the video and audio collected by the service’s surveillance devices.
A visit to Amazon’s Ring Security System’s product page reveals to possible customers — and those worried about personal privacy — all the data that Amazon is making available — without prior permission or notice of Ring customers — to police departments.
Monitor your property in HD video, and check-in on home at anytime with Live View on-demand video and audio.
Hear and speak to people on your property from your mobile device with the built-in microphone and speakers.
Activate the siren from your phone, tablet and PC to scare away any suspicious people caught on camera.
Perhaps most troubling is the fact that the images and sounds recorded by Ring can be obtained from Ring customers without a warrant. Admittedly, the homeowner would need to give permission to police, but pressure would be there. As millions of Americans are fond of saying, “If you haven’t done anything wrong, you’ve got nothing to hide.” So complying with a request from police for access to their security camera footage would be regarded by many as their civic duty.
All the foregoing reveals that as the federal government expands its surveillance net across the globe, there are millions of Americans who actually pay to have cameras and microphones, with known vulnerabilities to unwanted access and control, installed in and around their homes. We seem to be adding strings to the net with cords of our own making.
Joe Wolverton II, J.D., is the author of the book The Real James Madison and his second book, What Degree of Madness: Federalist 46 and James Madison’s Call to Make America STATES Again, has just been published.