back to article Ring of fired: Amazon axes multiple workers who secretly snooped on netizens' surveillance camera footage

Amazon's Ring home security camera biz says it has fired four or more employees caught covertly watching video feeds from customer devices. The admission came in a letter [PDF] sent in response to questions raised by US Senators critical of Ring's privacy practices. Ring recounted how, on four separate occasions, workers were …

  1. Anonymous Coward
    Anonymous Coward

    In none of the reports about this have I seen mentioned how their access of the data was identified. Was it internal auditing, or did customers somehow detect it ?...

    1. diodesign (Written by Reg staff) Silver badge

      Source of complaints

      I could be going out on a limb, but I read "regarding a team member’s access to Ring video data" in the letter as someone internally raising a concern.

      We'll try to prize any other info out of Amazon.

      C.

      1. BillG
        Megaphone

        Re: Source of complaints

        Ring Wrote: "Although each of the individuals involved in these incidents was authorized to view video data, the attempted access to that data exceeded what was necessary for their job functions.

        Thinking like the corporate wonk that I am, based on the above corporate-speak I'm going to SWAG¹ that Ring monitors the total amount of video data used by each employee as well as the total number of videos they view. Probably while most employees look at a few dozen personal videos per month, these four employees total data exceeded some threshold and reached a point where it could not be kept quiet. The usage must have been open and obvious, possibly exposed in a requested PowerPoint presentation by an upper-manager that requested a security audit - PowerPoint, being a battle axe of corporate warfare, is a great way to expose embarrassing information to reluctant co-workers.

        So they fire these employees and then make the firings public to create the image they actually monitor and care.

        .

        ¹ Silly Wild-Ass Guess

    2. fwthinks

      The article references an internal policy which I suspect gives employees little or no option but to agree to allow their videos to be shared. While this may give Ring a good stream of data to analyze, it is probably very stupid from a security perspective, as it means people who have authority to look at the data, very likely know the people who's data it is. I also see no reference to anonymization.

      .

      Who would have thought that people would like to know what their co-workers were up to outside of work?

    3. phuzz Silver badge

      I read the phrase "once Ring was made aware of the alleged conduct" (emph mine) to imply that it was an outside complaint, that Ring was 'made aware' of.

      There's also the thought experiment "what would the scummy company likely do?".

      Would they fire someone if it was an internal audit and they could otherwise cover the whole matter up?

      If it was an external complaint, would they fire someone so that they could show they were "taking complaints seriously"?

      1. Danny 2 Silver badge

        "what would the scummy company likely do?"

        I think it is a legal necessity that all companies have to be be scummy. Prioritise profits over anything else within other laws.

        There are lurking lawyers who post here on occasion, hopefully one of them will contribute now.

        Whatever, whenever there is a corporate blunder there is always a sacrifice made to the gods - sometimes the babies, sometimes the elders. I've never even seen a goat.

    4. cb7

      Maybe the perps were stalkers / ex's and somehow let on to the victims that they'd been watching them?

  2. jake Silver badge

    Why did they do it?

    Because they could. Human nature, innit.

    Hands up everybody who didn't see this coming.

    Remind me again why, exactly, the manufacturer of my home so-called "security" equipment needs to have a feed from that equipment?

    Sheeple are stupid. Dyed in the wool idiots. And the marketards know it ...

    1. Splurg The Barbarian

      Re: Why did they do it?

      I think the reason is the usual isn't it? The old they need access to data so that

      "...we can improve our.service to you and make your website experience more personal to you"

      Which translates as

      "... We couldn't be arsed testing this product properly like companies used to do, so.we'd like to use our free testing system, ie the users, to see that it actually works as it should. We'd also like to access data and video so when can analyse it and sell off what ever we can find a buyer for because it makes us a ton of money"

      Transfer that to almost every product or service these days, its an absolute joke.

    2. Anonymous Coward
      Anonymous Coward

      Re: Why did they do it?

      Recently wanted to turn an old Android phone into a CCTV camera (only need local access for playing around with it).

      Decided not to, as every app needed a cloud registration to work. I think a few did not, so I might go back to looking at those ones. But rather irritating when I really only need some basic functions.

    3. Andy Non Silver badge

      Re: Why did they do it?

      It must have been very dull footage to watch; folks outside coming and going from a door. Not like the camera was inside their home or bedroom for the employees to perve over.

      Not that it is acceptable to watch any footage without very good reason and authorisation of course.

      1. Patched Out

        Re: Why did they do it?

        Ring makes more than video door bells. They also make security cameras which could be viewing the inside of the home, obviously.

    4. Stuart Castle

      Re: Why did they do it?

      "Remind me again why, exactly, the manufacturer of my home so-called "security" equipment needs to have a feed from that equipment?"

      Two reasons I can think of.

      1) To minimise size and therefore cost of manufacture. The video needs to be stored somewhere. A locally hosted device (probably a separate box somewhere in the home, as bunging a HDD or SSD in the doorbell would make it rather larger) costs money. Much cheaper to bung in a Wifi chipset then shove the video on to a server that you probably already own or rent.

      2) Monetization. You have access to terabytes of data showing people coming and going that could potentially be worth something.

      Neither is good from a user point of view.. Personally, I would like to see any device that offers any kind of home security or surveillance to at least offer the choice of storing data on a box locally, with the option to upload it to a cloud. I'd like to see this happen even if it means I lose the convenience of accessing the video from my doorbell or CCTV system from outside the house, or via an app.

      I don't have a smart doorbell, because I can't see the point. If I am not in the house, what, really is the point of me being able to answer the doorbell? Even if I get a delivery, unless I have just popped to the neighbours, the delivery driver won't be there by the time I get home (even if he or she was, I could just open the door). I might be interested in the video doorbell aspect, but I think any data stored by the system should stay local. Same with CCTV.

      1. Korev Silver badge
        Terminator

        Re: Why did they do it?

        Personally I'd prefer the CCTV footage to be backed up externally in case my NAS gets pinched.

        I wouldn't want to grant access to the typical vendors because of the events in this story though and/or they'd use the data to help advertisers to sell junk to me.

        1. jake Silver badge

          Re: Why did they do it?

          "Personally I'd prefer the CCTV footage to be backed up externally in case my NAS gets pinched."

          So send it to the server you have hanging off your Great Aunt Ruth's DSL line in Duluth. Shirley all of us commentards have a personal remote file server or three, right?

          1. quxinot Silver badge

            Re: Why did they do it?

            Personally, I'd want the option, mostly. If i'm too cheap or otherwise CBA to set up my own storage box, I can use theirs; fine. But when theirs inevitably goes down, or they decide to kill the service entirely (Here's looking at you, Google!), or my internet provider decides to take a week off?

            I'm genuinely baffled why the manufacturers are trying to sell devices to people who are obviously security-concious and/or paranoid--and then not baking in secure options. You'd think that'd be like selling cars for people interested in personal transportation that cannot be started without having two neighbors and a representative from the company seated within?

        2. 's water music Silver badge

          Re: Why did they do it?

          I wouldn't want to grant access to the typical vendors because of the events in this story though and/or they'd use the data to help advertisers to sell junk to me.

          Indeed. If I wanted to view an advertiser's junk, I'm sure I could find one who has a Ring camera and then just identify a cooperative Amazon employee

    5. Bendacious

      Re: Why did they do it?

      El Reg previously explained partly why they need a feed of your video to the mothership. They provide access to the video feeds to the police and the police act as sales staff encouraging everyone to buy one. The evil brilliance is quite impressive, if you forget about ethics.

  3. Anonymous Coward
    Anonymous Coward

    One Ring

    to bind them.

    1. Che van der Showa

      Re: One Ring

      The ring of fire?

      1. J. Cook Silver badge
        Coat

        Re: One Ring

        Well, for some people it burned, burned burned...

  4. Alumoi
    Trollface

    Punishment seems too extreme

    ...and after determining that the individual violated company policy, terminated the individual."

    Maybe it's just me, not being a native English speaker, but terminating the poor sod seems a bit too harsh. After all he was not marketing/HR.

    1. thosrtanner

      Re: Punishment seems too extreme

      I was going to say 'beat me to it' but given the topic, I thought that might be open to misinterpretation

    2. Drew Scriver Bronze badge

      Re: Punishment seems too extreme

      Hey, at least they didn't use the newspeak term "redeployed". That seems to be the term of choice for some companies that don't have the spine to say "lay-offs" or "fired".

      Funny anecdote. When I had just started working for such a company my manager told me his friend had been "redeployed". Knowing that lay-offs were being considered I replied that I was glad to hear that his friend had been redeployed. I have a lot of friends in the military so I only knew the term as "being sent back to another battle zone". In other words, the organization they worked for utilized them elsewhere.

      It took a while to untangle the confusion and convince my boss that I was not mean-spirited...

      1. Korev Silver badge

        Re: Punishment seems too extreme

        Or "let go" or "outplacement"

      2. A K Stiles Silver badge
        Coat

        Re: Punishment seems too extreme

        I've never heard redeployed to mean given the boot.

        It fits in well with the recent right-pondian politician-speak of 'more' meaning 'not losing the ones we've already got' though...

        1. John Brown (no body) Silver badge

          Re: Punishment seems too extreme

          "It fits in well with the recent right-pondian politician-speak of 'more' meaning 'not losing the ones we've already got' though..."

          Yes, that was a bit weird. It did actually make a kind of sense, but when she was confronted on it, managed to splutter a lot and make it seem much worse than it actually was. After all, if you normally lose 10% of your workforce every year through reasons other than retirement and can't easily replace them, then changing things such that many of those leavers now stay on and don't leave, that reduces the amount of new recruitment needed and retains experience as well as reducing the amount of work needed to increase staffing levels from a limited pool.

      3. Anonymous Coward
        Anonymous Coward

        Re: Punishment seems too extreme

        With respect to your manager of the time, "redeployed" means moved internally within a division or within the same parent company.

        If they are leaving the company they are being let go

        • Or pursuing opportunities elsewhere
        • Or given their P45 (UK form when you leave)
        • Or being made redundant
        • Or being given his marching orders
        • Or being put on gardening duty
        • Or sent home
        • Or laid off
        • Or going for a job interview (at the job centre)
        • Or being fired
        • Or being loaded into the shit-plated redundo-cannon.

        It was confusing because the manager was being confusing to avoid bad words when layoffs are in progress. It's a shame when language is impoverished, although understandable sometimes.

      4. Doctor Syntax Silver badge

        Re: Punishment seems too extreme

        Redeployed was Harold Wilson-speak for unemployed back in the '60s.

  5. Anonymous Coward
    Anonymous Coward

    "Only 3 with access..."

    NSA

    CIA

    FBI

  6. Admiral Grace Hopper
    Black Helicopters

    Could be worse

    Imagine if they had an always-on microphone in everyone's house.

    1. Patched Out
      Trollface

      Re: Could be worse

      You mean like a cell phone? Most houses have multiple.

  7. Drew Scriver Bronze badge

    Admission that they're in fact routinely view the video footage?

    "the attempted access to that data exceeded what was necessary for their job functions"

    Looks like they still can't quite admit their guilt. "Attempted" access? Most people won't use that term when they in fact succeeded.

    However, what's most glaring is the seeming admission that they are in fact 1) able to view the videos and 2) that it may be routine if it is "necessary for their job functions".

    I'd love to see the internal documents that detail when the company deems it acceptable to view the video footage.

  8. Steve Davies 3 Silver badge
    Big Brother

    Brings a whole new meaning to those ads

    for the "Postcode Lottery"

    Don't they use the like 'Ring that Bell' and awful lot.

    My advice is... don't play the postcode lottery if you have a Ring device. Otherwise there might be some people at Amazone viewing you getting the prize and sending around some mates to relieve you of it if you get my meaning.

    [see icon]

  9. arthoss

    sue them too!

    people need to be taught a lesson, amazon should sue them on breaching the rights of those persons. Firing them is too lenient.

  10. teebie

    So 4 times they have received a 'complaint or inquiry' from someone who had reason to suspect that someone is watching their Ring.

    And 0 times has their internal auditing flagged up people accessing a user's Ring without permission.

    I'm willing to bet that most unauthourised accesses couldn't possibly be detected by the end user (which is when the innuendo falls down), so their auditing processes must be terrible. (As most non-existent auditing processes are)

    1. Anonymous Coward
      Anonymous Coward

      "someone is watching their Ring."

      I don't know if that's too dirty or the right amount of dirty to make the point.

  11. tiggity Silver badge

    Data not that innocuous

    Even though footage would only be of people ringing bell (& presumably some street background data) then it could be data you don't want people seeing.

    e.g. if people visited the address for something they may want to keep private / limited disclosure e.g. abortion centre, mental health clinic etc *

    * Obviously if you have that type of premises you should really not be using something that stores client images off site.

    1. Patched Out
      Black Helicopters

      Re: Data not that innocuous

      Even worse, Ring may have started with a video doorbell, but they also sell general security cameras which can be placed inside the home. There is no way I would own one.

      The black helicopter icon is because commercial companies have more of them than the governments!

  12. Mo'Fo B'dass
    Joke

    My guess is Prince Andrew. He's had access to a number of people Ring's (allegedly without permission) and he's also been "relieved of his duties". Is there a connection? We deserve to know the truth.

  13. Archivist

    With apologies to Tolkien

    Ash nazg durbatulûk, ash nazg gimbatul, ash nazg thrakatulûk, agh burzum-ishi krimpatul

    One Ring to rule them all, One Ring to find them, One Ring to bring them all, and in the darkness bind them

  14. Milton Silver badge

    First Law of Cloud

    If your sensitive data, either as plaintext or encrypted using a key not exclusively accessible to you, is secured on a device or system that neither belongs to you nor is controlled by you...

    ... it is no longer your data; it is not private; it is not secure; and you do not have control.

    1. J. Cook Silver badge
      Go

      Laws of Cloud...

      I propose additional Laws:

      Second Law of Cloud:

      A cloud application is only as good as your connection to it.

      Third Law of Cloud:

      Data Stored in the Cloud only lasts as long as the provider stays in business, or as long as you continue to pay the bill.

      I welcome the commentards to add additional Laws or expand on at least the two I've put here.

  15. Anonymous Coward
    Anonymous Coward

    multiple employees

    pretty high ratio of what is probably not hundreds or thousands...

  16. Anonymous Coward
    Anonymous Coward

    millions of consumers who already have a Ring camera in their homes

    millions of idiots who already have a Ring camera in their homes

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020