The Washington PostDemocracy Dies in Darkness

Ring has terminated employees for abusing access to people’s video data, Amazon tells lawmakers

Admission is a reminder that privacy violations can come from within

Amazon-owned Ring displayed several products in its security line during the CES tech show this week in Las Vegas. (Ross D. Franklin/AP)

The doorbell-camera giant Ring has terminated employees in recent years for improperly accessing users’ video data, parent company Amazon told lawmakers this week, an admission that could increase pressure on the firm to prove it protects customer privacy.

The company has investigated four complaints regarding employees abusing their access to camera data over the past four years, Brian Huseman, a vice president of public policy at Amazon, wrote in a letter to five senators this week.

The employees were authorized to view data but attempted to access it in a way that “exceeded what was necessary for their job functions,” Huseman said. In each case, the employees were fired for violating company policy.

The news highlights the potential privacy vulnerabilities for the millions of U.S. homeowners who have installed the Internet-connected, motion-detecting cameras in their doorbells, living spaces and bedrooms.

She installed a Ring camera in her children’s room for ‘peace of mind.’ A hacker accessed it and harassed her 8-year-old daughter.

In a statement Wednesday, a Ring spokeswoman said the company takes “the protection of customer data very seriously.” But she declined to provide any further detail, including what kinds of video data the employees accessed or when the investigations occurred.

Amazon founder Jeff Bezos owns The Washington Post.

The company says it has taken steps to limit video-data access to a smaller group of employees. In recent weeks, it has also implemented security features to help prevent strangers or hackers from accessing a Ring user’s videos.

Three employees currently have the ability to access customers’ stored videos for the purpose of maintaining Ring’s data infrastructure, Huseman said. Employees can gain access to users’ live video feeds only when the customer specifically consents. The company, he added, logs and monitors all access of customer video data.

Doorbell-camera firm Ring has partnered with 400 police forces, extending surveillance concerns

The Intercept reported last year that a team of Ring researchers and developers in Ukraine had also been given access to user video in recent years. That team, Huseman said, can view only publicly available videos.

The response comes amid a series of hacks and privacy breaches that compromised access to homeowners’ video feeds. In one case, hackers used a Mississippi family’s Ring camera, microphone and speaker to harass an 8-year-old girl in her bedroom.

The company’s response this week follows questions from lawmakers over the company’s privacy and security measures, as well as its growing number of data-sharing partnerships with hundreds of police forces across the United States. In a November letter, the company said police officers who downloaded videos from homeowners’ indoor or outdoor cameras could keep them forever and share them with whomever they’d like.

Police can keep Ring camera video forever and share with whomever they’d like, Amazon tells senator

In the letter this week to Democratic Sens. Ron Wyden (Ore.), Chris Van Hollen (Md.), Edward J. Markey (Mass.), Christopher A. Coons (Del.), and Gary C. Peters (Mich.), Huseman said the camera devices had been successful in helping police track down criminal suspects, find missing people and reduce package theft. “When communities work together, safer homes and safer neighborhoods become a reality,” he wrote.

Wyden said in a statement Wednesday that Amazon needed to go further to protect Americans’ privacy. “There are millions of consumers who already have a Ring camera in their homes who remain needlessly vulnerable to hackers,” he said.