(ConcernedPatriot.com) – Even when it wasn’t necessary for their work, every Amazon Ring employee had access to every customer video.
In addition, before July 2017, all of those movies could be downloaded by employees and staffers from a third-party contractor in Ukraine, who could then save and distribute them as they pleased.
The Federal Trade Commission (FTC) made that accusation in a recent complaint. As a result, Amazon may have to pay a $5.8 million settlement.
Unsurprisingly, some employees exploited their right to access information.
The FTC claims that a Ring employee saw thousands of recordings from at least 81 different female users in one instance. The worker allegedly searched for video feeds with titles like “Master Bedroom,” “Master Bathroom,” and “Spy cam” that suggested they may have been used in the most intimate settings.
The employee watched videos for at least an hour every day for hundreds of days between June and August 2017. The supervisor was informed by another employee who had seen it that it was “normal” for an engineer to view so many accounts.
The FTC’s complaint states:
“Only after the supervisor noticed that the male employee was only viewing videos of “pretty girls” did the supervisor escalate the report of misconduct. Only at that point did Ring review a portion of the employee’s activity and, ultimately, terminate his employment.”
Following that event, Ring restricted employee access in September 2017, so clients had to permit customer care representatives to view their footage.
However, Ring continued to give access to all video data to additional staff members and independent contractors, regardless of whether they truly needed it to do their jobs.
More misuse of that access consequently took place. In January 2018, a male employee looked for a female coworker using her email address and exploited his access privileges to watch her recordings.
Do you have a Ring camera? Do you know who's watching you?
Amazon's Ring just reached a $5.8-million settlement with the FTC over allegations that employees were spying on customers. @CevallosLaw breaks down the case for us pic.twitter.com/pvex3mSD95
— Ana Cabrera (@AnaCabrera) June 1, 2023
Engineers (including employees and independent contractors) were only permitted access to customer films if there was a business requirement in February 2018, when employee access permissions were further restricted.
Only videos that consumers had uploaded to Ring’s Neighbors app and those that employees, contractors, and their friends and family had given their written authorization for such use were used for research and development.
Ring modified its access policies again in February 2019 so that most of its workers and contractors could only view a customer’s private video with their permission.
The FTC provides other instances of access abuse and surveillance. Because there were no detection procedures in place, Ring allegedly has no idea how much-unauthorized access occurred:
“Importantly, because Ring failed to implement basic measures to monitor and detect inappropriate access before February 2019, Ring has no idea how many instances of inappropriate access to customers’ sensitive video data actually occurred.”
Aside from a few bad apples, Ring failed to provide staff privacy or data security training before May 2018 despite the company’s massive collection of extremely sensitive data.
It didn’t even inform staff members or outside contractors that customer video data was delicate and needed to be handled with care.
“In the middle of lengthy terms dense with legalese, Ring merely described the company’s right to use recordings obtained in connection with Ring’s (then called Doorbot’s) cloud service for product improvement and development.”
The FTC claims Ring failed to implement multi-factor authentication (MFA) until May 2019, far after many rivals had done so. It also ignored employee and outside security researcher warnings to protect users from threats like credential stuffing and brute force attacks.
These unethical tactics caused Ring to have multiple security issues. The FTC claims that over 55,000 users had their Ring devices compromised between January 2019 and March 2020.
Cybercriminals have occasionally exploited two-way conversation to terrorize Ring consumers, as if from a horror film:
- In bed, several ladies overheard hackers berating them.
- Several kids were called racial epithets.
- A senior citizen living in an assisted living facility was made to feel uncomfortable and threatened physically.
- Through her camera, a digital invader informed a woman that they had slain her mother before telling her: “Tonight you die.”
- A woman was informed that her device was self-destructing at the end of a countdown and that her whereabouts were being traced. Before the timer expired, she turned the device off.
The Ring has been forced to destroy any client recordings and “face embeddings”—data taken from a person’s face—that Ring acquired before 2018. Additionally, Ring must destroy any work products it created using the videos.
Privacy of Children
Amazon agreed to pay $25 million in a second settlement made public on the same day for failing to protect children’s privacy.
The Department of Justice filed the complaint and settlement proposal on behalf of the FTC. Amazon was accused of violating the Children’s Online Privacy Protection Act (COPPA) rule by retaining Alexa voice and geolocation data linked with young users for years while prohibiting parents from exercising their right to request the deletion of their children’s data.
In a blog post, the FTC stated that because children’s speech patterns are different from adults, they may have been particularly beneficial to Amazon:
“Children’s speech patterns are markedly different from adults, so Alexa’s voice recordings gave Amazon a valuable data set for training the Alexa algorithm and further Amazon’s commercial interest in developing new products.”
Along with the $25 million settlement, Amazon will be prohibited from exploiting geolocation and speech data collected from children to develop or enhance data products.
Additionally, it must remove dormant kid accounts from Alexa and inform consumers of the government’s action against the business and its retention and deletion policies.
Amazon’s Ring camera company agreed to pay out $5.8 mln after it was accused by the US govt of privacy violations. The main charge was ‘failing to restrict employees’ and contractors’ access to its customers’ videos,’ a policy which ‘exposed consumers to spying and harassment.’ pic.twitter.com/xF36YnTCPn
— RT (@RT_com) June 5, 2023
Amazon must also implement a privacy program to control geolocation data use.
Copyright 2023, FamilyConservationPAC.com