The 21st century ‘smart home’ is no longer a far fetched science fiction concept – it is a very real and is quickly becoming a cornerstone of our daily lives. This reality opens the door to a wealth of ways to make our day-to-day activities more convenient and an improved sense of protection and security…at least that is what is implied. One of the central pillars to this vast web of internet-connected devices – or the Internet of Things (IoT) as it has come to be known – is the security camera. Amazon Ring and their security cameras are a prime example of how the intended sense of enhanced protection and security are only one side of the coin. On the other side is the very real possibility of having ones individual privacy infringed upon, or very well breached, by the very device meant to secure and protect.
Ring, which was acquired by Amazon in April 2018, has a track record of less than pristine oversight when it comes to who exactly has permission to access a rather personal and intimate trove of data: a real-time, high-definition video stream featuring the area around and quite possibly inside an individual’s private home. Ring’s lineup of miniature cameras are designed to be mounted as doorbells and throughout the home affixed to just about any surface or location you can dream up. The intended function of the Ring cameras is to provide a means to keep tabs on your home while away or even create a privatized neighborhood watch by developing a web of overlapping feeds to aid your local police detect and apprehend burglars.
Ring’s ultimate goal is to provide an affordable and effective means to keep people and their personal property safe from potential dangers lurking in the shadows. However, Ring’s handling and general practices pertaining to customer video feeds. The Information did a deep dive into one particular glaring security breach. The focus of this deep dive reveals that Jamie Siminoff (Ring’s CEO) had granted 100% unrestricted and unchecked administrative access to Ring’s web-based interface to the companies recently formed development team based in Kiev, Ukraine.
The first and most prominent issue stemming from Siminoff’s snap decision is that his actions all but rolled out the red carpet to Ring’s digital cornucopia of data, including, but not limited to both the real-time live video feeds and the corresponding archived recordings. In the most simple terms possible, Siminoff made it so the Ukraine based team could not only access, but also download and share, sensitive private customer video files with a simple mouse click. This blatant breach of privacy was further exacerbated by the leadership team and their decision to leave the video files unencrypted since they (Ring leadership) felt that “encryption would make the company less valuable” since encrypting the files could limit product development opportunities acut into their margins.</span
This may be hard to believe, but the free flowing and relaxed customer privacy practices were not isolated to the Ukraine based development team. Ring executives and engineers based in the United States were more often than not granted access privileges to the company’s technical support video portal well above their paygrade. These over-the-top privileges to the tech support video portal provided the Ring employees with unfiltered 24/7 access to live feeds streaming from the cameras of unknowing customers—regardless of whether each employee truly needed such vast access to the technical support video portal.
One of the primary driving forces behind Siminoff’s less than selective granting of access to the technical support video portal was the current sub-standard state of the company’s internal facial and object recognition software. Neighbors is Ring’s residential surveillance platform that has gained popularity for its proactive approach to the timeless neighborhood watch. The main hurdle that Ring has yet to overcome is the inability to process what each household video stream is seeing both quickly and at massive scale. Ring’s software has struggled for a while now with the industry standard task of object recognition.
While computer vision has made massive strides in recent years, it is still a challenging, not to mention expensive and time-consuming, task to generate software from the ground-up that is capable of categorizing objects. Ring hoped to bypass some of the growing pains by tasking their Ukrainian ‘data operators’ as a temporary fix for their less than stellar artificial intelligence efforts. The ‘data operators’ primary role is to manually tag and label objects in their assigned video stream. This training process of sorts doubled as a means to hopefully provide their budding software with the necessary knowledge and know-how to eventually detect such objects on its own in the near future.