For Owners of Amazon’s Ring Security Cameras, Strangers May Have Been Watching Too

Sources disclosed troubling privacy practices at a Ring office in Ukraine.

Illustration: Daniel Stolle for The Intercept

The “smart home” of the 21st century isn’t just supposed to be a monument to convenience, we’re told, but also to protection, a Tony Stark-like bubble of vigilant algorithms and internet-connected sensors working ceaselessly to watch over us. But for some who’ve welcomed in Amazon’s Ring security cameras, there have been more than just algorithms watching through the lens, according to sources alarmed by Ring’s dismal privacy practices.

Ring has a history of lax, sloppy oversight when it comes to deciding who has access to some of the most precious, intimate data belonging to any person: a live, high-definition feed from around — and perhaps inside — their house. The company has marketed its line of miniature cameras, designed to be mounted as doorbells, in garages, and on bookshelves, not only as a means of keeping tabs on your home while you’re away, but of creating a sort of privatized neighborhood watch, a constellation of overlapping camera feeds that will help police detect and apprehend burglars (and worse) as they approach. “Our mission to reduce crime in neighborhoods has been at the core of everything we do at Ring,” founder and CEO Jamie Siminoff wrote last spring to commemorate the company’s reported $1 billion acquisition payday from Amazon, a company with its own recent history of troubling facial recognition practices. The marketing is working; Ring is a consumer hit and a press darling.

Despite its mission to keep people and their property secure, the company’s treatment of customer video feeds has been anything but, people familiar with the company’s practices told The Intercept. Beginning in 2016, according to one source, Ring provided its Ukraine-based research and development team virtually unfettered access to a folder on Amazon’s S3 cloud storage service that contained every video created by every Ring camera around the world. This would amount to an enormous list of highly sensitive files that could be easily browsed and viewed. Downloading and sharing these customer video files would have required little more than a click. The Information, which has aggressively covered Ring’s security lapses, reported on these practices last month.

At the time the Ukrainian access was provided, the video files were left unencrypted, the source said, because of Ring leadership’s “sense that encryption would make the company less valuable,” owing to the expense of implementing encryption and lost revenue opportunities due to restricted access. The Ukraine team was also provided with a corresponding database that linked each specific video file to corresponding specific Ring customers.

“If [someone] knew a reporter or competitor’s email address, [they] could view all their cameras.””

At the same time, the source said, Ring unnecessarily provided executives and engineers in the U.S. with highly privileged access to the company’s technical support video portal, allowing unfiltered, round-the-clock live feeds from some customer cameras, regardless of whether they needed access to this extremely sensitive data to do their jobs. For someone who’d been given this top-level access — comparable to Uber’s infamous “God mode” map that revealed the movements of all passengers — only a Ring customer’s email address was required to watch cameras from that person’s home. Although the source said they never personally witnessed any egregious abuses, they told The Intercept “if [someone] knew a reporter or competitor’s email address, [they] could view all their cameras.” The source also recounted instances of Ring engineers “teasing each other about who they brought home” after romantic dates. Although the engineers in question were aware that they were being surveilled by their co-workers in real time, the source questioned whether their companions were similarly informed.

Ring’s decision to grant this access to its Ukraine team was spurred in part by the weaknesses of its in-house facial and object recognition software. Neighbors, the company’s disarming name for its distributed residential surveillance platform, is now a marquee feature for Ring’s cameras, billed as a “proactive” neighborhood watch. This real-time crime-fighting requires more than raw video — it requires the ability to make sense, quickly and at a vast scale, of what’s actually happening in these household video streams. Is that a dog or your husband? Is that a burglar or a tree? Ring’s software has for years struggled with these fundamentals of object recognition. According to the most recent Information report, “Users routinely complained to customer support about receiving alerts when nothing noteworthy was happening at their front door; instead, the system seemed to be detecting a car driving by on the street or a leaf falling from a tree in the front yard.”

Computer vision has made incredible strides in recent years, but creating software that can categorize objects from scratch is often expensive and time-consuming. To jump-start the process, Ring used its Ukrainian “data operators” as a crutch for its lackluster artificial intelligence efforts, manually tagging and labeling objects in a given video as part of a “training” process to teach software with the hope that it might be able to detect such things on its own in the near future. This process is still apparently underway years later: Ring Labs, the name of the Ukrainian operation, is still employing people as data operators, according to LinkedIn, and posting job listings for vacant video-tagging gigs: “You must be able to recognize and tag all moving objects in the video correctly with high accuracy,” reads one job ad. “Be ready for rapid changes in tasks in the same way as be ready for long monotonous work.”

ring-redacted-1547070465
Image: Ring

A never-before-published image from an internal Ring document pulls back the veil of the company’s lofty security ambitions: Behind all the computer sophistication was a team of people drawing boxes around strangers, day in and day out, as they struggled to grant some semblance of human judgment to an algorithm. (The Intercept redacted a face from the image.)

A second source, with direct knowledge of Ring’s video-tagging efforts, said that the video annotation team watches footage not only from the popular outdoor and doorbell camera models, but from household interiors. The source said that Ring employees at times showed each other videos they were annotating and described some of the things they had witnessed, including people kissing, firing guns, and stealing.

Ring spokesperson Yassi Shahmiri would not answer any questions about the company’s past data policies and how they might be different today, electing instead to provide the following statement:

We take the privacy and security of our customers’ personal information extremely seriously. In order to improve our service, we view and annotate certain Ring videos. These videos are sourced exclusively from publicly shared Ring videos from the Neighbors app (in accordance with our terms of service), and from a small fraction of Ring users who have provided their explicit written consent to allow us to access and utilize their videos for such purposes.

We have strict policies in place for all our team members. We implement systems to restrict and audit access to information. We hold our team members to a high ethical standard and anyone in violation of our policies faces discipline, including termination and potential legal and criminal penalties. In addition, we have zero tolerance for abuse of our systems and if we find bad actors who have engaged in this behavior, we will take swift action against them.

It’s not clear that the current standards for which Ring videos are accessed in Ukraine, as described in Ring’s statement, have always been in place, nor is there any indication of how (or if) they’re enforced. The Information quoted former employees saying the standards have not always been in place, and indicated that efforts to more tightly control video were put in place by Amazon only this past May after Amazon visited the Ukraine office. Even then, The Information added, staffers in Ukraine worked around the controls.

Furthermore, Ring’s overview of its Neighbors system provides zero mention of image or facial recognition, and no warning that those who use the feature are opting in to have their homes watched by individuals in a Ukrainian R&D lab. Mentions of Ring’s facial recognition practices are buried in its privacy policy, which said merely that “you may choose to use additional functionality in your Ring product that, through video data from your device, can recognize facial characteristics of familiar visitors.” Neither Ring’s terms of service nor its privacy policy mention any manual video annotation being conducted by humans, nor does either document mention of the possibility that Ring staffers could access this video at all. Even with suitably strong policies in place, the question of whether Ring owners should trust a company that ever considered the above permissible will remain an open one.

Update: January 11th, 2019

After initial publication, Ring spokesperson Yassi Shahmiri told The Intercept that “Ring employees never have and never did provide employees with access to livestreams of their Ring devices,” a claim contradicted by multiple sources.

Join The Conversation