Amazon’s popular security system, Ring, is billed as a round-the-clock sentry for homeowners. But lax privacy practices have allowed Ring employees to turn the security cameras into ‘surveillance’ devices, reports claim.

Starting in 2016, according to the Intercept, Ring provided employees based in Ukraine nearly unrestricted access to an Amazon database containing every video created by every Ring camera around the world. The company’s Ukraine team was also reportedly given the ability to link individual video files to corresponding Ring customers.

Read more

The Ukraine-based “data operators” use the database to manually tag and label objects that appear in a given video – in what appears to be a years-long attempt to enhance Ring’s self-learning identification software.

The home security company, which sells a range of miniature “smart” cameras that can be mounted on doorbells, garages and even inside homes, was acquired by Amazon for a reported $1 billion in February last year.

Ring customers have the option of activating a device function that “recognizes facial characteristics of familiar visitors” – but neither Ring’s terms of service nor its privacy policy mention that employees have access to their videos and may manually annotate them.

A Ring spokesperson claimed that the company only views and annotates videos that are “sourced exclusively from publicly shared Ring videos” or come from a handful of Ring users who have voluntarily provided access to their videos.

"We have strict policies in place for all our team members. We implement systems to restrict and audit access to information,” the statement read. The Ring spokesperson also told RT that anyone found “in violation” of the company policies would face discipline penalties, “including termination,” as well as other legal consequences. “If we find bad actors who have engaged in this behavior, we will take swift action against them,” she added.

Also on rt.com Closer to Orwellian state? Watchdog says Amazon tried to sell facial recognition to ICE

Sources that spoke with the Intercept, however, painted a very different picture of how the company handles sensitive data. The Ukrainian employees involved in the video-tagging project, for example, were reportedly given access to outdoor as well as indoor cameras. Unbeknownst to their clients, the Ring employees allegedly watched and shared among each other videos of customers going about their daily lives, including “kissing, firing guns, and stealing.”

A source familiar with the troubling practice told The Intercept that Ring also provided senior executives and engineers in the US with access to unfiltered live feeds from customer cameras – even though having access to such sensitive data was not necessarily required to carry out their jobs. The potential for abuse is hard to overstate, a source familiar with Ring’s operations told the website.

If [someone] knew a reporter or competitor’s email address, [they] could view all their cameras.

The source also recounted instances of Ring engineers “teasing each other about who they brought home” after returning from a romantic night on the town.

Responding to The Intercept’s story, Ring strongly denied that it has ever granted any of its employees access to video live feeds.

Similar privacy lapses were reported by The Information last month. According to the outlet, Amazon implemented tighter privacy and security policies last May, after representatives from the tech giant visited the Ukraine office. However, former employees told The Information that staffers quickly found ways around the new protocols.

Like this story? Share it with a friend!