Security
Headlines
HeadlinesLatestCVEs

Headline

Ring shares data with police without consent (but it’s in good faith), says Amazon

Amazon’s Ring is in hot water after revealing in a letter to Senator Ed Markey that it shared data without permission 11 times this year. The post Ring shares data with police without consent (but it’s in good faith), says Amazon appeared first on Malwarebytes Labs.

Malwarebytes
#amazon

Ring, the Amazon-owned company behind the popular smart doorbells, has admitted to giving doorbell data to law enforcement willy-nilly. All they have to do is fill out a form called the Amazon Law Enforcement Request Tracker—no need to ask for the data owner’s consent, give a warrant or court order. The company revealed this in response to a letter Senator Edward Markey (D-Mass.) sent Amazon in June 2022.

Senator Markey’s letter contains a request for updates regarding the steps Ring has taken “to remove private policing agencies from its Neighbors Public Safety Service (NPSS), reduce the potential for its products to be misused in harmful ways, and protect individuals’ right to privacy.” The NPSS is a means for public safety agencies, which include law enforcement, to connect with their local communities that can publicly share posts or video recordings to the Neighbors App feed.

Amazon responded in writing to Senator Markey’s letter, but the response was only revealed to the public recently. Below are some takeaway points from the response:

  • Ring refuses to change the default setting of automatically recording audio when recording videos via its doorbell camera.
  • Ring currently doesn’t have a voice recognition feature. But that doesn’t mean it won’t in the future.
  • There are currently 2,161 law enforcement agencies and 455 fire departments on the NPSS platform.
  • Ring generally doesn’t allow private security companies on NPSS, and it will only onboard such companies “if they are peace officers under state law and subject to constitutional restrictions.”
  • Ring affirms its right to respond immediately to law enforcement requests under emergency circumstances involving imminent danger of death or serious bodily harm. At times like these, it says, it will share details without asking for consent. And it has done so in 11 incidents this year.

Brendan Daley, Ring’s spokesperson, told Politico that although Ring doesn’t need user consent when handing footage to law enforcement with warrants, it does notify the owners of the video footages.

Speaking with Ars Technica, Policy Analyst for Electronic Frontier Foundation (EFF) Matthew Guariglia said, “There are always going to be situations in which it might be expedient for public safety to be able to get around some of the usual infrastructure and be able to get footage very quickly.”

But the problem is that the people who are deciding what constitutes exigent circumstances and what constitutes the type of emergency, all of these very important safeguards, are Ring and the police, both of whom, as far as I know, don’t have a great reputation when it comes to deciding when it’s appropriate to acquire a person’s data.

~ Matthew Guariglia, EFF

The Policing Project at New York University (NYU) School of Law recently concluded its two year audit of Ring to improve its products and services, focusing on NPSS. Ring admitted to making more than 100 changes to its products, policies, and legal practices. This includes the introduction of Requests for Assistance, which ensures transparency on the part of public safety agencies when asking for assistance from communities in the form of information or video as part of ongoing investigations. The company deliberately created Requests for Assistance to keep control of owners’ hands, not the requesting agencies.

When it comes to sharing private data, both the NYU and Guariglia have landed on the same conclusion: Policymakers need to lay more ground rules on how much private surveillance data police can rely on.

Malwarebytes: Latest News

8 security tips for small businesses