Amazon’s Ring line of cloud-connected home surveillance equipment has for several months faced steep criticism not only for its nearly 900 “partnerships” with law enforcement agencies but also for lax account protections that put users’ privacy at risk. Now, the company is hoping to assuage concerns from civil rights advocates, privacy advocates, lawmakers, and some users with a slate of updates.
Ring a few days ago began pushing an update to all users that creates a new “control center” in the Ring app. The control center adds several account and camera privacy settings to Ring and brings them all together into one area.
Among the new settings is an option to check for or enable two-factor authentication on one’s Ring account. Ring did not previously require users to set up two-factor authentication on setup or prompt them to do so later. The lack of heavy two-factor usage was implicated in a wave of Ring camera hacks that began late last year.
Ring now asks new users setting up an account to enable two-factor authentication by default, requiring an opt-out instead of asking users to go digging through menus to opt in. The control center also lets Ring users see a list of all devices connected to their Ring account and disconnect any of them at any time—another feature that could have ameliorated the attack spree on users’ accounts, in which devices were remotely taken over.
The company is also now giving users the ability to fully opt out of receiving any requests from police for camera footage as a blanket setting rather than having to refuse police requests for data on a case-by-case basis. “While you have always had the ability to opt out of these requests after you received your first one, Control Center now ensures that you don’t have to wait for that first request—you can easily opt out from the star,” the company wrote in its announcement.
These police partnerships are the backbone of Ring’s current success. Several media outlets last summer published reports estimating there to be 200-300 such agreements before Ring in late August admitted there were 405 such deals and agreed to publish a list of participating agencies regularly. As of February 4, Ring’s map of partnerships lists 897 police and sheriff departments.
The map listing all local agreements will also be available to users through the app, Ring said—a small but significant step toward transparency in a process that has previously been kept deliberately opaque to individuals. Media reports have found that Amazon not only mandates how police can and cannot advertise these agreements to local residents, but it also asks participating law enforcement agencies not to explain to the public how the backend works.
The company used to share maps of local cameras with police, as well as data “about the number of times residents had refused police access to their cameras or ignored their requests altogether.” (Ring in late August 2019 said it no longer provides that information to its police partners.)
However, even with the additional controls, Ring users may still be sharing more data than they intend. A report from December found that footage uploaded to the Neighbors app was sharing geographic information detailed enough to pinpoint a camera location to the square inch. Reporters were able to grab precise locations of 20,000 Ring cameras in nine-square-mile zones of 15 different US cities to put together their own heat map. They also spoke with a researcher at the Massachusetts Institute of Technology who has used several years’ worth of video posted to Neighbors to pinpoint the locations of about 440,000 Ring cameras.
In January, the Electronic Frontier Foundation published research finding that the Ring app itself shares an abundance of information from users’ devices with several marketing and analytics firms, including Facebook.