Share this article on:
Amazon is set to be slapped with a US$30 million (over $46 million) fine after it was alleged that its Ring video doorbell subsidiary failed to properly secure the privacy of its customers.
Ring, which develops video doorbells and home security cameras, was accused by the US Federal Trade Commission (FTC) of the illegitimate and unauthorised surveillance of its customers by allowing its employees and contractors to access their private videos.
According to court documents, the FTC found that Ring failed to limit the access to private customer videos to those that were required to view them and allowed hundreds of staff and Ukraine-based government contractors full access.
“Not only could every Ring employee and Ukraine-based third-party contractor access every customer’s videos (all of which were stored unencrypted on Ring’s network), but they could also readily download any customer’s videos and then view, share, or disclose those videos at will,” said the FTC in the document.
“Before July 2017, Ring did not impose any technical or procedural restrictions on employees’ ability to download, save, or transfer customers’ videos.”
The document also named one specific instance where a Ring employee viewed video recordings of women in private settings, such as bathrooms and bedrooms.
Ring was also accused of failing to keep its cameras secure from threat actors and cyber criminals.
According to the complaint, the FTC ruled that Ring’s advertising “implied to reasonable consumers that Ring devices are a secure means to monitor the private spaces of consumers’ homes”.
“Reasonable consumers have understood that Ring’s security claims have implied, in part, a claim of digital security, because a lack of digital security would impede the devices’ basic function: their ability to ‘protect [the] home’, ‘[b]ring protection inside’, and allow customers to ‘[s]ee your home ... [a]way from home’, as Ring’s website promises,” the FTC said.
The FTC said that with the ability for a threat actor to compromise a device and access its surveillance function, the camera “would have no value as the security monitoring product that the consumer purchased”.
Ring will be required to provide customers with US$5.8 million (just under $9 million) in refunds and will be prevented from profiting from any consumer videos which were deemed illegally obtained.
The fine comes just as the FTC has ruled that Amazon will need to pay a separate US$25 million (roughly $38.5 million) fine for violating children’s privacy laws.
The FTC and the US Department of Justice (DOJ) found that Amazon failed to meet requests from parents to delete vocal and geolocation data of children and violated the Children’s Online Privacy Protection Act Rule (COPPA Rule).
“Amazon also failed for a significant period of time to honor parents’ requests that it delete their children’s voice recordings by continuing to retain the transcripts of those recordings and failing to disclose that it was doing so, also in violation of COPPA,” said the FTC complaint.
“Finally, Amazon failed to delete users’ voice information and geolocation information upon request and instead retained that data for its own potential use.”
In addition to the fine, Amazon will need to delete all the data that was requested to be removed.