‘Ring employees could only watch a smart doorbell with an email address’ – update
Certain employees of the smart doorbell maker Ring only needed a customer’s email address to watch live video streams of the products, claims The Intercept. Ring denies the message.
The site writes based on information from sources that certain employees in the US were able to access the live feeds without it being necessary for their position. The sources do not know any examples of serious abuse of the authority, but do mention that the employees could see cameras of, for example, journalists or competitors.
The message follows a late December article by The Information about questionable access to CCTV footage within the company. Ring would give its Ukrainian research division, Ring Labs, near-unlimited access to a folder on Amazon S3 storage containing every video from every Ring camera worldwide. R&D staff would be able to view or download them with a single click.
The videos would be stored unencrypted and a database to which the research group also has access would contain data with which the videos are linked to the relevant customers. Ring Labs would have been given access, among other things, to train computer vision algorithms to recognize objects and people in the images. Ring has been owned by Amazon since last year.
Update, 11.00: Ring stated in a response to only view Ring recordings that have been publicly shared through the Neighbors app, which users have agreed to based on the terms and conditions. In addition, it would concern a small number of users who have given explicit permission for this.
“Ring employees do not have access to the live streams of Ring products,” the company said. Ring further reports that there are systems that prevent access to data and that misuse is punished.