Five U.S. Senators are demanding answers from Amazon about the data security practices of its Ring brand of home security cameras and video doorbells. In a letter addressed to Amazon CEO Jeff Bezos, the senators noted that Amazon “holds a vast amount of deeply sensitive data and video footage detailing the lives of millions of Americans” and raised concerns about its potential to be compromised by bad actors.
“If hackers or foreign actors were to gain access to this data, it would not only threaten the privacy and safety of the impacted Americans; it could also threaten U.S. national security,” the senators wrote. “Personal data can be exploited by foreign intelligence services to amplify the impact of espionage and influence operations.”
In the letter, Sens. Ron Wyden of Oregon, Chris Van Hollen of Maryland, Ed Markey of Massachusetts, Chris Coons of Delaware, and Gary Peters of Michigan cite a Ring doorbell vulnerability researchers revealed earlier this month that exposed users’ Wi-Fi login credentials during the setup process. They also reference “a number of vulnerabilities in Ring products that, though since patched, left customer video feeds vulnerable to eavesdropping and manipulation by malicious actors.”
The Senators also expressed concern about a report by The Intercept earlier this year that alleged Ring employees in Ukraine were provided with “virtually unfettered access” to a folder on Amazon’s S3 cloud storage service containing every video created by every Ring camera around the world, and that Ring unnecessarily provided U.S. executives and engineers with “highly privileged access” to live feeds from some customer cameras whether or not it was relevant to their jobs.
“These reports raise serious questions about Ring’s internal cybersecurity and privacy safeguards, particularly if employees and contractors in foreign countries have access to American consumers’ data,” the senators wrote.
Included in the letter is a list of questions regarding Ring’s business and security practices such as “Does Ring delete users’ video footage generated by Ring devices?” and “How is employee access to customer video data controlled, logged, and audited?” The senators have requested Bezos provide answers by January 6, 2020.
A Ring spokesperson said the company is currently reviewing the letter from the senators, but had no comment at this time.
The letter came one day after Sen. Markey announced the findings of his investigation into Ring’s partnerships with more than 600 law enforcement agencies across the U.S. He found that the company had few, if any, policies and protections for video collected by their devices.
“Amazon Ring’s policies are an open door for privacy and civil liberty violations,” he said in a statement. “If you’re an adult walking your dog or a child playing on the sidewalk, you shouldn’t have to worry that Ring’s products are amassing footage of you and that law enforcement may hold that footage indefinitely or share that footage with any third parties. Amazon’s Ring is marketed to help keep families safe, but privacy rights are in real danger as a result of company policies. Amazon is not doing enough to ensure that its products and practices do not run afoul of our civil liberties.”
TechHive has no reason to believe that Ring has acted in bad faith, and many of the site’s editors have placed enough trust in Ring—and its competitors—to install their security cameras, video doorbells, peephole cameras, and other security devices in our own homes. That said, we’re happy to hear that our government representatives are conducting oversight on our behalf, and we call on them to look beyond just Ring to ensure that our faith in all of these companies is warranted.