Amazon denies FTC allegations
In a statement provided to Ars, an Amazon spokesperson said that “Ring promptly addressed the issues at hand on its own years ago, well before the FTC began its inquiry. Our focus has been and remains on delivering products and features our customers love, while upholding our commitment to protect their privacy and security.”
Ring published a blog post that claimed the FTC complaint “mischaracterizes our security practices” and “ignores the many protections we have in place for our customers. While we disagree with the FTC’s allegations and deny violating the law, this settlement resolves this matter so we can focus on innovating on behalf of our customers.”
Amazon also denied violating the children’s privacy law. “We built Alexa with strong privacy protections and customer controls, designed Amazon Kids to comply with COPPA, and collaborated with the FTC before expanding Amazon Kids to include Alexa,” a company statement said. “As part of the settlement, we agreed to make a small modification to our already strong practices, and will remove child profiles that have been inactive for more than 18 months unless a parent or guardian chooses to keep them.”
FTC: Ring spying could occur “entirely undetected”
Amazon completed its purchase of Ring in April 2018. The FTC complaint says that in August 2020, “a whistleblower notified Ring that between March 2018 and September 2019, a former employee had provided Ring devices to numerous individuals and then accessed their videos without their knowledge or consent.”
The complaint continued:
When the employee left Ring in September 2019, the whistleblower alleged that he took copies of these videos with him—without the knowledge or consent of his unsuspecting victims and without Ring noticing that anything was amiss. In February 2019, Ring changed its access practices so that most Ring employees or contractors could only access a customer’s private video with that customer’s consent.
“Importantly, because Ring failed to implement basic measures to monitor and detect inappropriate access before February 2019, Ring has no idea how many instances of inappropriate access to customers’ sensitive video data actually occurred,” the FTC said. “Indeed, Ring only discovered the incidents described above through the good fortune of employee reporting, despite having given employees zero security training and no responsibility to engage in such reporting. It is highly likely that numerous other incidents of spying, prurient behavior, and other inappropriate access occurred entirely undetected.”