By selling customers on the idea of increased safety through video surveillance, Ring has grown into one of America's largest security companies. There is little hard evidence that doorbell and house security cameras deter crime, and the company has had a string of privacy and network security issues, yet Ring, which Amazon bought for $1 billion, and its app called Neighbors, in which users post videos and report things they see, continues to spread its reach across Central Florida.
In mid-2018, Ring took what's essentially a ready-made network of street-facing cameras and began forming partnerships with law enforcement agencies all over the country. In October, Ring had over 400 such partnerships. As of January, the company has at least 770.
Users can deny police requests, and the police need their consent to access video – but not a warrant. Ring has made it clear it will hand over footage if ordered to by a court or somehow otherwise legally obligated.
Civil liberties advocates like the ACLU and Human Rights Watch have spoken up, unsettled by the potential that the nonstop streaming video and hyper-vigilant chatroom might turn neighbors into snitches. Police already have known issues with excessive responses to neighbors' tips; law enforcement access to a patchwork of cameras pointed at people's front yards and into the street sounds like a privacy nightmare.
Decades ago, the police had to get a warrant to take a videotape from someone's security system. Now, that video is on the Amazon cloud.
People who buy into the "internet of things," like phones and security cameras and virtual assistants that are connected to the internet, "have to worry about three things," says Jay Stanley, a senior policy analyst from the ACLU's D.C. office and editor of their Free Future Blog. "Hackers; whether devices will be exposed to hackers; and law enforcement getting access. And I think all three things are on display with Ring."
Central Florida law enforcement agencies teaming up with Ring include the Orlando Police Department, Winter Park Police Department, Ocoee Police Department, Davenport Police Department and the Osceola County Sheriff's Office.
As Ring partnership numbers continue to climb, the company has suffered a string of data leak incidents. In November, a network vulnerability issue (which was later resolved) allowed nearby hackers access to Ring users' WiFi credentials, which left them open to a larger attack. In December, podcasters hacked into a family's Ring system and documented the entire thing on a livestream; and a data leak released the personal information of over 3,000 users.
The latest incident comes this month. An investigation by the San Francisco-based nonprofit tech watchdog group Electronic Frontier Foundation finds that the Ring app is packed with third-party data trackers, and that some of them have access to personal user info like full names and email addresses.
Ring provides users a privacy notice with a list of third-party trackers on the app. The company says the four tracking companies – Mixpanel, HotJar, Optimizely and Google Analytics – help evaluate the use of the website and app.
In a statement, a Ring spokesperson says, "Ring ensures that service providers' use of the data provided is contractually limited to appropriate purposes such as performing these services on our behalf and not for other purposes." Ring says it's still investigating the camera hacks from the end of last year but maintains that the security issue was not "related to a breach or compromise of Ring's system or network."
"It is not uncommon for bad actors to harvest data from other company's data breaches and create lists so that other bad actors can attempt to gain access to other services," reads the statement.
But EFF senior staff technologist Bill Budington says he also found Ring sending user data directly to other analytics and marketing companies, like Facebook, Branch and AppsFlyer. Info sent to the companies includes what time zone a user is in, the device model they're using, and sensor info from their device.
Mixpanel is listed as one of Ring's third-party trackers, notes Budington, but the amount of info Ring gives Mixpanel is not disclosed. It's also the company that EFF found to have access to most information, including names and email addresses.
The apparent deceit, Budington tells Orlando Weekly, means Ring is "not following best practices."
Stanley notes that technology is in an era in which it's much easier to make an attack than stop one – it's easier to be a hacker than to stop a hacker – especially for large companies with huge networks like Ring. He says that, ultimately, individual people are making the decision to have Ring cameras and agree to sharing video and info with police.
"I would say that anybody considering to buy a camera should think hard whether you really want a camera, if it's something that might end up getting flipped on its head against you," Stanley says. He adds that there are security systems that aren't connected to the internet, and that security camera consumers should be especially deliberate "when those cameras are so tightly woven into police networks."
Police in Orlando and Winter Park both tell OW that they have had no problems with their Ring partnerships. In fact, shortly after teaming up with the security company last year, both departments report the partnership helped close a few cases.
As for the recent data leak issues, Orlando public information officer Sgt. David Baker says the department doesn't share any information with Ring and that the company doesn't have any access to police servers.
"Nothing that happened on a Ring computer would affect our computers or data," Baker said in an email.
Winter Park Police Chief Michael Deal, whose department participated in a promotional video with Ring about law enforcement partnerships, says he has "no concerns" about the Ring deal going forward.–This story appears in the Feb. 12, 2020, print issue of Orlando Weekly. Stay on top of Orlando news and views with our weekly Headlines newsletter.