
Ring fired employees for watching customer videos - rahuldottech
https://www.vice.com/en_us/article/y3mdvk/ring-fired-employees-abusing-video-data
======
chrisballinger
Whenever end-to-end encryption is not used, scenarios like these are bound to
happen eventually.

As far as I know, the only home surveillance products that use E2EE are ones
that support HomeKit Secure Video [1].

1\. [https://support.apple.com/en-us/HT210538](https://support.apple.com/en-
us/HT210538)

~~~
izacus
These kind of scenarios can happen with workers in government offices,
archives and medical institutions as well. And yet the paper documents are not
E2E encrypted.

Maybe... just maybe... technology is not really what should be the core issue
here? But we should perhaps look at our policies and legislation? Adding
proper liability there will make technology come by itself. The magic of free
market doesn't seem to be working here.

~~~
coralreef
The easiest way to keep someone out is to lock the door.

You can create penalties, punishments, hire security guards to watch the door.
But the most efficient and effective way is just a lock.

~~~
TeMPOraL
That's absolutely not true. Most doors are trivial to pick and as easy to
break down.

The main, and usually only, real reason for the lock on the door is to serve
as a physical symbol which establishes a particular legal status of the
property behind the doors, with associated consequences for unlawful entry.
The legal apparatus - penalties, punishments - is what deters crime. Lock is
an XML tag made of matter.

(The additional, secondary role of a lock is being a trivial inconvenience.
Not enough to deter a thief determined to rob _your_ place, but enough for a
thief determined to rob _a_ place to skip yours and pick a different one.)

~~~
michaelmrose
Forget the analogies having to explicitly misuse the system to violate
customers privacy creates a strong disincentive.

All accesses to customers data should require multiple people not by policy
but by mandatory access controls.

The fact that employees could hack their employer is true and not meaningful.

The number willing to commit felonies is less than the number willing to risk
termination.

~~~
hinkley
I feel like I asked this before and then didn't bookmark the answers.

What systems are out there for requiring consensus for access? I know about K
of N protocols for hardware cryptography, but I'm fuzzy on such systems for,
say, admin functionality or data retrieval. Are they all in-house at this
point?

I've found over and over again in my work that it's much easier to spout
rhetoric about process change when I have provided tools to facilitate those
changes. Maybe it's time for us to collaborate on some tooling in this space.

~~~
nicoburns
I can't remember which company it was, but I once read an article about a
company who implemented their own version of `sudo`. Their version required
another developer to approve your session before granting root privileges, and
then allowed them to watch everything you did.

------
cabaalis
> It says three employees can currently access stored customer videos.

I can't think of a legitimate reason for 1 employee at Ring to have the
capability of viewing customer videos.

1\. Law enforcement requests? Blind-forward what the warrant asks for.

2\. Verifying service is functioning? Canary devices utilizing the normal
application workflow. Login to your canary account and make sure the video is
working.

3\. Customer asks you to review something? Just say you can't. The world will
be happier.

~~~
michaelt
In an ideal world, sure. But it's easy enough to imagine how you'd end up with
this situation.

For example, you have a customer support phone number, and you want your call
centre workers to be able to see exactly what the user sees, and help the user
do anything the user can do through the website. After all, if you're keeping
your support costs down, the website should be able to do 99% of what users
call support for already.

So you give your call centre workers a 'log in as customer' option. And you
justify to yourself that there's access logging, and staff are under strict
orders. Maybe it's before you've released any indoor cameras, and it's not
like people are putting doorbells in their showers.

Sure, it'd be a sensible extra feature if log-in-as-customer was a special
mode that didn't show videos. But is that really a minimum viable product?
We'll put that on the backlog to attend to later.

Et voilà, your call centre workers can watch customer videos.

~~~
bluejekyll
Even if you offered a “log-in as customer” feature, that could incorporate a
notification and/or authorization request to the user so that it can’t be
abused.

~~~
james_pm
We implemented this at my work. In order to sign in as the customer, the
customer must first explicitly consent to this and can withdraw that consent
(and the ability to sign in as the customer) at any time. Without the consent,
the sign in as customer function in our support tools doesn't work.

There are some agents/admins with override abilities but the overrides are
logged and reason (with ticket number) is required to create the override.

------
mi100hael
I was always skeptical of cloud-based camera solutions due to privacy &
bandwidth concerns, but now that those concerns are being proven true and
reported in mainstream outlets I can’t imagine any reason to purchase them
now. Long-term prospects for Ring can’t be looking good.

~~~
gbrown
You vastly underestimate the complacency of average consumers.

~~~
jiveturkey
Yep, and Ring has already proven its model. If privacy were an actual problem,
Ring would not have made it this far.

~~~
bluejekyll
This might be an education gap. That is, people really like the cameras and
the way they work/ease of use, but they may not be aware of how non-private
the recordings are. If they were, their opinion might be very different.

~~~
criddell
For some portion of their customer base, I'm sure that's true.

Ring's biggest product is their doorbell and I'd be willing to bet that a big
chunk of their customer base isn't that concerned if somebody accesses their
doorbell video. I'm not sure I'd care...

------
ogre_codes
My big problem with IoT devices is trust. When a third party has control of my
data, I have to trust the company is going be a responsible steward for my
data. This is particularly telling since few of them (none?) have binding
terms of service which protect the rights of the buyer. So you have situations
like this where abuse happens or companies like Canary which made a rather big
and infuriating change to their policies on storing data. To make things more
complicated, if it's a small company you have to worry about it getting
acquired. I've had multiple occasions where products I've purchased have
shifted from having decent terms to terms which make me want to toss the
product in the trash.

As a result, I'm extremely cautious about purchasing IoT products. I haven't
given up smart devices entirely, but I avoid the ones that require an account
to sign in or rely heavily on cloud services. Smart cameras are particularly
tricky since they reveal so much about you, particularly combined with machine
learning and face identification.

~~~
reaperducer
_I avoid the ones that require an account to sign in or rely heavily on cloud
services._

This is the best IoT advice I can give anyone. I've had at least a dozen
"smart" lightbulbs orphaned by two different companies. One went out of
business, the other just decided not to support them anymore.

The amazing thing is with the first group of bulbs, the IoT company actually
pushed out a software update bricking the controller box before it went out of
business. This was a box that could have functioned forever because there were
several tinkerers who had reverse-engineered the protocol and seemed close to
releasing open source integrations.

Naturally, there was no notice. The only way I found out was when the bulbs
wouldn't respond anymore and I went to the company's web site where there was
a notice.

You know what doesn't always work? Smart light bulbs.

You know what always works? Dumb light bulbs.

~~~
w0m
that's also why sometimes it's worth a little more for the name brand/larger
company. I paid a little more for Hue, but my first bulb still functions the
same or better than the day I bought it.

~~~
reaperducer
Agreed, but at the time there were no big brands. Now if I buy IoT, I buy
Homekit simply because I think Apple is the least likely company to go out of
business or abandon the kit.

------
nullc
The only thing surprising is that they were _caught_ , this time.

Keep your camera footage local or demand end to end encryption.

------
crmrc114
I have a couple of these devices outside along with some more traditional
hardware going to a local DVR. I wanted cloud video storage in the event
someone stole my dvr. I accept that someone someone may have access to this
footage. I trust Amazon/Ring more than I trust some random Chinese company.

~~~
JohnFen
> I trust Amazon/Ring more than I trust some random Chinese company.

Really? Why?

~~~
crmrc114
Because I worked at Amazon and I know how seriously they take data security.

~~~
dmitrygr
And yet, literally, this article shows that you cannot.

~~~
Kocrachon
Huge difference... Chinese company wouldn't fire them, it would give all of
that data to a whole bunch of people in the government.

------
awinter-py
At least the homeowner has a choice to upload their video to ring.

Street-facing doorbell cameras on public sidewalks are in my opinion the worse
problem. Pedestrians didn't opt-in. Operators of these cameras (both the buyer
and the vendor) should be subject to the same legal obligations as other data
collectors.

~~~
booleanbetrayal
My neighbor, across the street, has a Ring camera aimed directly at my house,
since that is where their front door faces. What is my recourse for preventing
my private property from being recorded?

~~~
hooande
You have none. a tv crew could set up outside your house and record
indefinitely. or even go through your trash. People are allowed to record
public spaces. It's just bad behavior and the consequences are social

~~~
ChuckNorris89
Sounds super illegal and not GDPR compliant. You're not allowed to tape my
private property without my consent. At least in Europe.

~~~
jahlove
OP lives in the US.

------
Darkphibre
What's a good cloudless setup? I've got a couple zwave devices, and have been
looking into OpenHab. Win10 compatibility would be a bonus, as well as the
ability to run my own OpenCV video analysis and voice recognition stacks...

~~~
rbritton
Ubiquiti’s offerings can all run 100% locally. I have my entire setup using
PoE so each only needs a single cable.

~~~
drone
You can also access it remotely, too, which is nice. If you don't have a fixed
IP/don't want to manage firewall rules, they have a central service that
creates the handshake between your remote device and your NVR to facilitate
the connection.

------
doc_gunthrop
It seems odd to automatically trust some surveillance equipment company to not
spy on your video footage when they have that access. Not to say that these
companies are all untrustworthy, but rather that it would be imprudent to
assume trustworthiness by default.

There are other solutions out there, like using a Raspberry Pi Zero [1] with
some OSS[2]. The caveat here is that it requires a greater time investment
from the consumer.

1: [https://www.raspberrypi-spy.co.uk/2017/04/raspberry-pi-
zero-...](https://www.raspberrypi-spy.co.uk/2017/04/raspberry-pi-zero-w-cctv-
camera-with-motioneyeos/) 2:
[https://github.com/ccrisan/motioneyeos/wiki](https://github.com/ccrisan/motioneyeos/wiki)

------
dmitrygr
How is this even possible? I know that at Google, there was no way to access
customer data directly. So this couldn't happen. That seems like a saner
design

~~~
ciabattabread
Where you there in 2010?

[https://techcrunch.com/2010/09/14/google-engineer-spying-
fir...](https://techcrunch.com/2010/09/14/google-engineer-spying-fired/)

~~~
dmitrygr
nope, joined in 2012

------
_Codemonkeyism
How is this even possible?

~~~
Jamwinner
Well, people who are unaware, or uncaring of the fallout, decided to install
peep holes in their homes, with the implicit belif that no creep would be so
vile as to actully look in. Now we have a quarter billion of those holes
installed. Neat huh?

~~~
jrace
But peep holes are one-way, and the manufacture does not have the ability to
remotely view the peep-hole.

------
mtgx
I'm willing to bet this is a PR attempt showing something along of the lines
of "look, we protect your data by firing the people that look at your videos!"

Which is absolute nonsense if this is their data protection policy. They'll
only ever catch maybe 5% of the people doing it. This is also likely meant to
hide the fact that their Ring security is extremely porous and they may want
to keep it like that because that may also be how law enforcement gets access
to those videos right now. Changing this may mean disrupting the police's
access to them for a while.

[https://www.wired.com/story/ces-2020-amazon-defends-ring-
pol...](https://www.wired.com/story/ces-2020-amazon-defends-ring-police-
partnerships/)

Combine this with all the security issues AWS buckets have had, along with
employees also accessing Alexa recordings, and it's almost starting to look
like Amazon doesn't care all that much about securing your data...

~~~
AmericanChopper
> They'll only ever catch maybe 5% of the people doing it

I wouldn’t be so confident about that. I’ve worked with a few large
organisations where customer service staff needed to have access to sensitive
customer data, and they usually had pretty good systems for detecting improper
access to data, and would monitor it quite actively. I have no idea what
monitoring systems Amazon has in place, but they could easily be doing quite a
good job of it.

------
lowdose
On a tangent, does Apple already have a solution to their Spanish problem?

Siri is apparently activated at every mention of the word "si" and
specifically even more during bed room conversations.

[https://www.google.com/amp/s/nypost.com/2019/07/29/apples-
si...](https://www.google.com/amp/s/nypost.com/2019/07/29/apples-siri-
routinely-records-you-having-sex/amp/)

------
chance_state
It's the 2020 version of NSA employees using their vast surveillance apparatus
to spy on their ex's[1]. Except this time people willingly let a for-profit
company have streaming video access to their home.

What's next, people installing microphones in their home that stream audio to
Google or Amazon?

[1] [https://www.reuters.com/article/us-usa-surveil-lance-
watchdo...](https://www.reuters.com/article/us-usa-surveil-lance-watchdog/nsa-
staff-used-spy-tools-on-spouses-ex-lovers-watchdog-idUSBRE98Q14G20130927)

~~~
cabaalis
If a local home security surveillance company rolling up in a van installed
cameras that they then used to spy on their customers, it's very likely the
owner would be prosecuted. What puts Ring/Google/Amazon/etc above that
standard? Just being large?

