Amazon Gave Ring Footage To Police Without Consent Raising Serious Privacy Concerns
US Senators have responded to these concerning revelations in the past by sending letters to Amazon, asking the company to clarify and explain Ring’s policies and data security practices. More recently, Ring has come under scrutiny for its agreements with police departments across America that give members of law enforcement access to customer video and audio recordings. Senator Edward Markey sent Amazon a letter last month asking the company about these agreements and Ring’s handling of customer data. Amazon’s vice president of public policy, Brian Huseman, responded to the Senator’s question in a letter obtained by The Intercept this week.
Asked to clarify this third condition, Huseman wrote that “Ring reserves the right to respond immediately to urgent law enforcement requests for information in cases involving imminent danger of death or serious physical injury to any person.” The vice president of public policy went on to say that members of law enforcement are required to submit an emergency request form describing the situation, and Ring “makes a good-faith determination whether the request meets the well-known standard, grounded in federal law, that there is imminent danger of death or serious physical injury to any person requiring disclosure of information without delay.”
In practice, this policy means that Ring can decide to let law enforcement side-step the customer consent or warrant requirement and access customers’ video and audio. According to Huseman, Ring provided customer footage to members of law enforcement eleven times so far this year. The company does offer end-to-end encryption (E2EE), which, if implemented properly, should prevent both Ring and any third party, including law enforcement, from accessing customer video. However, at present, this feature is not enabled by default.
Huseman explained this decision in his letter (PDF) by calling E2EE an “advanced feature” that “may not be right for all customers” because it disables certain other features. At least in our view, we would rather that Ring err on the side of user privacy and data sovereignty by making E2EE standard, and letting customers disable it to gain access to additional features if desired.