Amazon’s Ring Fired at Least Four Staffers Who Tried to Access Customer Data

January 9, 2020, 1:00 AM UTC
Doorbell-Camera Company Ring Partners With Over 400 Police Departments, Raising Surveillance Concerns
SILVER SPRING, MARYLAND - AUGUST 28: A doorbell device with a built-in camera made by home security company Ring is seen on August 28, 2019 in Silver Spring, Maryland. These devices allow users to see video footage of who is at their front door when the bell is pressed or when motion activates the camera. According to reports, Ring has made video-sharing partnerships with more than 400 police forces across the United States, granting them access to camera footage with the homeowners’ permission in what the company calls the nation’s 'new neighborhood watch.' (Photo by Chip Somodevilla/Getty Images)
Chip Somodevilla—Getty Images

Amazon said its Ring subsidiary fired at least four employees for improperly seeking access to customer data over the last four years, the latest privacy headache for the video doorbell maker it acquired in 2018.

“Although each of the individuals involved in these incidents was authorized to view video data, the attempted access to that data exceeded what was necessary for their job functions,” Brian Huseman, Amazon’s vice president of public policy, wrote in response to an inquiry from five Democratic senators about the company’s privacy and data security practices.

The letter doesn’t specify what customer data the employees involved in four separate incidents sought, how many employees were involved, or how many of them successfully gained access to it. In addition to investigating and firing the employees, Ring has taken “multiple actions” to limit data access to a smaller pool of employees, Huseman said.

Ring has been beset by allegations of privacy flubs in the last year, from a report that employees had previously passed around unencrypted footage captured by doorbells, to claims from civil liberties groups that Ring’s partnerships with law enforcement, which allow police departments to ask that doorbell owners turn over footage to aid investigations, risk enabling a government surveillance network.

The company also faces a lawsuit brought by a man who claims someone took control of a video camera installed on his garage and spoke to his children, one among a set of similar incidents that reportedly relied on stolen passwords.

In an interview with CNET, Ring founder and Chief Executive Officer Jamie Siminoff said watching a widely shared video of a similar experience “made me cry. And every time I think about it makes me sad.”

In November, Democratic Senator Ron Wyden of Oregon and four colleagues wrote to Amazon Chief Executive Officer Jeff Bezos to express concern about reports of vulnerabilities to systems holding “a vast amount of deeply sensitive data and video footage detailing the lives of millions of Americans in and near their homes.”

The senators asked about policies on deleting users’ footage, security policies, and ambitions on facial recognition. In addition, they focused on reports that developers in Ukraine had “unrestricted access to Ring’s entire camera database in unencrypted form, with each video file reportedly linked to a specific Ring user.”

“If hackers or foreign actors were to gain access to this data, it would not only threaten the privacy and safety of the impacted Americans; it could also threaten U.S. national security,” the lawmakers wrote.

Huseman’s response said that no Ring employees or contractors, including those in the company’s Ukrainian research and development offices, have unrestricted access to customer camera data.

On Monday, in an announcement timed to coincide with the massive CES technology trade show, Ring announced a new feature of its smartphone app designed to centralize privacy and security settings. A Ring spokeswoman said the company planned to enable two-factor authentication, a more secure password protocol, on customer accounts by default.

Senator Edward Markey, of Massachusetts, said Ring’s privacy tools announced this week don’t go far enough. “Ring’s privacy and security problems won’t be solved with a new privacy dashboard,” he said in a statement.

The Ring spokeswoman declined to comment on the terminated employees beyond the details in the letter, which was provided by Wyden’s office. “Privacy, security and user control will always be paramount as we pursue and improve technologies that help achieve our mission of helping to make neighborhoods safer,“ she said in an emailed statement. “We take the protection of customer data very seriously and are always looking for ways to improve our security measures.”

More must-read stories from Fortune:

7 companies founded in the last 10 years that you now can’t live without
—Electronic health records are creating a ‘new era’ of health care fraud
—Apple, Amazon, and Google want to create a smart home standard
—What a $1,000 investment in 10 top stocks a decade ago would be worth today
Amazon is on a collision course with employee activists outraged by the climate crisis
Catch up with Data Sheet, Fortune’s daily digest on the business of tech.

Subscribe to Well Adjusted, our newsletter full of simple strategies to work smarter and live better, from the Fortune Well team. Sign up today.

Read More

Artificial IntelligenceCryptocurrencyMetaverseCybersecurityTech Forward