Amazon Ring employees fired for snooping on private footage
Image credit: reuters
Amazon has admitted in a letter to US lawmakers that it has fired four employees for abusing their access to private home video footage.
In February 2018, Amazon acquired the company best known for the Ring Doorbell, a connected doorbell which features an HD camera, motion sensor, microphone and speaker. The device is integrated with an app to allow users to view real-time video and communicate directly with visitors. The product is facing increasing criticism as a surveillance tool: Amazon has objected to this characterisation.
Recently, Ring has been under scrutiny from a group of US Senators demanding an explanation for how the Amazon division is protecting user privacy, given the potentially intrusive nature of the service and the natural security implications of Ring data being acquired by hostile actors.
The Senators cited 2019 reports concerning possible security risks associated with Ring, including a report that its Ukraine-based R&D team had been given almost complete access to an Amazon server containing video footage from every active Ring Doorbell in the US, which already number in the millions.
A letter addressed to Amazon Ring submitted by the Senators in November included questions about the level of access employees had to customer videos.
“Over the last four years, Ring has received four complaints or inquiries regarding a team member’s access to Ring video data,” its response said. “Although each of the individuals involved in these incidents was authorised to view video data, the attempted access to that data exceeded what was necessary for their job functions.
"In each instance, once Ring was made aware of the alleged conduct, Ring promptly investigated the incident, and after determining that the individual violated company policy, terminated the individual.”
Referring to reports of the R&D team’s privileged access to customer footage, Amazon denied that the team had such intimate access, but admitted that three employees can access stored customer footage to help maintain Ring’s AWS infrastructure.
Amazon Ring – which has also faced criticism over its failure to secure the devices and the data they collect – said that it was not aware of any breach of identifying information which would require its reporting to government agencies.
However, Amazon said that it had observed login information stolen from other platforms being used to access the devices and that it was now encouraging two-factor authentication to tackle the issue, although not all existing users have been switched over to two-factor authentication.
“Requiring two-factor [authentication] for new accounts is a step in the right direction, but there are millions of consumers who already have a Ring camera in their homes who remain needlessly vulnerable,” Senator Ron Wyden, who has been scrutinising Ring, said in a statement. “Amazon needs to go further, by protecting Ring devices with two-factor authentication.”
Amazon Ring has used CES 2020 in Las Vegas as an opportunity to announce the rollout of two-factor authentication. Amazon also revealed that it is teaming up with ExxonMobil and Fiserv to let its customers pay for petrol using virtual assistant Alexa via voice-based transactions.
Sign up to the E&T News e-mail to get great stories like this delivered to your inbox every day.