Today, the Federal Trade Commission released an announcement warning Ring home security devices were invading customers’ privacy and posing a serious security risk.
The Ring home security system offers video-enabled security cameras, doorbells, and other devices connected to the internet for real-time surveillance.
The Federal Trade Commission has charged Ring with “compromising its customers’ privacy by allowing any employee or contractor to access consumers’ private videos and by failing to implement basic privacy and security protections, enabling hackers to take control of consumers’ accounts, cameras, and videos.”
Along with Ring employees, “hundred of Ukraine-based third-party contractors” had the capability to peak into customers’ homes without consent wherever the Ring devices were installed, including bedrooms.
The lawsuit outlines a number of privacy and security violations that have already taken place, including an employee who had viewed thousands of videos from women’s bedrooms and bathrooms over the course of several months without their knowledge.
There have been several other occurrences of this voyeuristic behavior within the company, some even bringing videos home with them, which has yet to implement protocols to eliminate the ability to do so.
The Federal Trade Commission states that Ring’s terms and conditions stealthfully included granting permissions to view footage to improve services, but that is at best a tricky way to gain consumer consent.
“Ring’s disregard for privacy and security exposed consumers to spying and harassment. The FTC’s order makes it clear that putting profit over privacy doesn’t pay,” said Samuel Levine, Director of the Federal Trade Commission’s Bureau of Consumer Protection.
The Federal Trade Commission’s proposed settlement totals $5.8 million in addition to requiring Ring to delete data, models, and algorithms related to unlawfully obtained information and videos. Another stipulation is Ring must include newly upgraded safeguards regarding “human review of videos as well as other stringent security controls, such as multi-factor authentication for both employee and customer accounts.”
The lawsuit also claims that Ring was the source of several internal and external security threats to consumers’ accounts through security breaches affecting over 55,000 U.S. Ring customers. Some were spied on while others had the two-way communication feature turned against them, experiencing traumatizing verbal harassment.
Here is an incomplete list of incidents reported by the Federal Trade Commission:
- An 87-year-old woman in an assisted living facility was sexually propositioned and physically threatened
- Several kids were the object of hackers’ racist slurs
- A teenager was sexually propositioned
- Hackers cursed at women in the privacy of their bedrooms
- A hacker threatened a family with physical harm if they didn’t pay a ransom in Bitcoin
- A hacker told a customer they had killed the person’s mother and issued the bone-chilling warning “Tonight you die.”