Another day, another tech company doing something creepy.
According to The Intercept and The Information, Ring allowed employees access to unencrypted customer videos taken from its lineup of smart doorbell. The incidents began in 2016, when the company moved from San Francisco to Ukraine, in an effort to save money.
Months later, Ring transmitted its users videos without encryption. Somewhere in that process, Ring gave teams in the company unfettered access to customer video files, including live feeds and videos stored on company servers.
This included Ring’s R&D team based in Ukraine. It was given access to the company’s Amazon S3 cloud storage, which contained every Ring customer video and a database that detailed the video belonged to. These files were unencrypted, so nothing was stopping Ring employees from downloading or sharing the information they could’ve accessed.
While this was happening with the Ukraine team, executives and engineers were granted overreaching access to live feeds from some customer cameras. The Intercept said this led to Ring engineers “teasing each other about who they brought home” after dates. Basically, if someone who had been given this access inside Ring wanted to snoop, all they needed was a user’s email address.
Amazon purchased Ring last year, and in that time, some steps have been taken in order to protect Ring’s customer’s information. Ring, for its part, has said that much of the reason it has given employees access to these videos is to help train Ring’s software to better recognize objects. There’s no documented instances where employees were abusing this access, but it still seems shady.
It’s especially shady when you consider it’s not just cameras outside the home, but ones inside, as well.
In response to the Intercept and The information’s reports, Ring has said that employees were only given access to videos that were made public through its community watch program, Neighbors. It also promised to fire any employees they catch flouting new security measures and policies put in place, but this instance has shown some disregard for customer’s privacy.
Although Ring said many of these troubling policies have changed, a former employee in Ukraine claimed that the system, which gave employees access to this data, “could still be accessed from any computer, at home or anywhere”.