Ring camera privacy breaches see Amazon fined – but only $6M

Home » Ring camera privacy breaches see Amazon fined – but only $6M
Ring camera privacy breaches see Amazon fined – but only $6M

Ring camera privacy has been under fire since 2019, with two separate issues leading to a formal complaint to the Federal Trade Commission (FTC). That has now resulted in Ring owner Amazon being fined – but only $5.8M.

The company was also fined $25M for using Alexa data from children to train its algorithms, something the FTC said was clearly illegal …

Ring camera privacy breaches

There were two issues, relating to access by both Amazon employees and police departments.

Video footage from Ring security cameras is stored on cloud services. These first issue is that these videos were unencrypted, letting staff access live and recorded feeds from customer cameras around the world. Reportedly, the only information needed to gain access was a customer’s email address.

The company failed to control or monitor access by its staff, with multiple employees fired for unauthorized viewing of customer videos. In one case, an employee was said to have viewed thousands of hours of sensitive footage of female Ring owners.

“One employee over several months viewed thousands of video recordings belonging to female users of Ring cameras that surveilled intimate spaces in their homes such as their bathrooms or bedrooms. The employee wasn’t stopped until another employee discovered the misconduct,” the FTC alleged. 

The company finally started offering end-to-end encryption last year, to render footage inaccessible to employees, though this did come with some significant compromises.

Second, Ring provided customer email addresses to police departments seeking footage to help them solve crimes.

Footage from doorbell and other security videos can often play an important role in identifying criminals, and providing evidence that helps to convict them. For example, motion sensors might trigger video recordings when someone breaks into a neighboring property.

However, the concern here was that by allowing police to make direct contact with doorbell owners, there was no transparency around the number or nature of these requests. Footage may include uninvolved neighbours and passersby, and video of them may then end up being held indefinitely on police systems.

Amazon subsequently changed its policy in the US, giving greater transparency, and checking that such requests are not overly broad.

Amazon fined $5.8M

CNET reports that the FTC has now fined Amazon $5.8M for these privacy breaches.

The FTC on Wednesday leveled a $5.8 million penalty against Amazon’s Ring. Ring, which was acquired by Amazon in 2018, sells video doorbells, indoor and outdoor cameras and home security services. It has long been criticized for its privacy practices, including sharing doorbell footage with police departments across the US. The settlement announced Wednesday related to allegedly failing to restrict access to customers’ videos across its employees and contractors and using those videos to train its algorithms without consent.

9to5Mac’s Take

Given the egregious nature of the company’s failings, a fine of less than $6M seems appallingly low.

Amazon not only allowed employees to view intrusive video footage inside and outside people’s homes, but its failure to even log such access means that the company couldn’t even tell the FTC how many employees accessed footage inappropriately.

That’s an utterly absurd failing for any company, let alone one the size of Amazon. The FTC should have levied a fine large enough to act as a genuine deterrent against future privacy lapses.

FTC: We use income earning auto affiliate links. More.

Source link

Leave a Reply

Your email address will not be published.