Ring of fired: Amazon axes multiple workers who secretly snooped on netizens' surveillance camera footage Amazon's Ring home security camera biz says it has fired four or more employees caught covertly watching video feeds from customer devices. The admission came in a letter [PDF] sent in response to questions raised by US Senators critical of Ring's privacy practices. Ring recounted how, on four separate occasions, workers were …
Ring Wrote: "Although each of the individuals involved in these incidents was authorized to view video data, the attempted access to that data exceeded what was necessary for their job functions.
Thinking like the corporate wonk that I am, based on the above corporate-speak I'm going to SWAG¹ that Ring monitors the total amount of video data used by each employee as well as the total number of videos they view. Probably while most employees look at a few dozen personal videos per month, these four employees total data exceeded some threshold and reached a point where it could not be kept quiet. The usage must have been open and obvious, possibly exposed in a requested PowerPoint presentation by an upper-manager that requested a security audit - PowerPoint, being a battle axe of corporate warfare, is a great way to expose embarrassing information to reluctant co-workers.
So they fire these employees and then make the firings public to create the image they actually monitor and care.
.
¹ Silly Wild-Ass Guess
The article references an internal policy which I suspect gives employees little or no option but to agree to allow their videos to be shared. While this may give Ring a good stream of data to analyze, it is probably very stupid from a security perspective, as it means people who have authority to look at the data, very likely know the people who's data it is. I also see no reference to anonymization.
.
Who would have thought that people would like to know what their co-workers were up to outside of work?
I read the phrase "once Ring was made aware of the alleged conduct" (emph mine) to imply that it was an outside complaint, that Ring was 'made aware' of.
There's also the thought experiment "what would the scummy company likely do?".
Would they fire someone if it was an internal audit and they could otherwise cover the whole matter up?
If it was an external complaint, would they fire someone so that they could show they were "taking complaints seriously"?
"what would the scummy company likely do?"
I think it is a legal necessity that all companies have to be be scummy. Prioritise profits over anything else within other laws.
There are lurking lawyers who post here on occasion, hopefully one of them will contribute now.
Whatever, whenever there is a corporate blunder there is always a sacrifice made to the gods - sometimes the babies, sometimes the elders. I've never even seen a goat.
Because they could. Human nature, innit.
Hands up everybody who didn't see this coming.
Remind me again why, exactly, the manufacturer of my home so-called "security" equipment needs to have a feed from that equipment?
Sheeple are stupid. Dyed in the wool idiots. And the marketards know it ...
I think the reason is the usual isn't it? The old they need access to data so that
"...we can improve our.service to you and make your website experience more personal to you"
Which translates as
"... We couldn't be arsed testing this product properly like companies used to do, so.we'd like to use our free testing system, ie the users, to see that it actually works as it should. We'd also like to access data and video so when can analyse it and sell off what ever we can find a buyer for because it makes us a ton of money"
Transfer that to almost every product or service these days, its an absolute joke.
Recently wanted to turn an old Android phone into a CCTV camera (only need local access for playing around with it).
Decided not to, as every app needed a cloud registration to work. I think a few did not, so I might go back to looking at those ones. But rather irritating when I really only need some basic functions.
It must have been very dull footage to watch; folks outside coming and going from a door. Not like the camera was inside their home or bedroom for the employees to perve over.
Not that it is acceptable to watch any footage without very good reason and authorisation of course.
"Remind me again why, exactly, the manufacturer of my home so-called "security" equipment needs to have a feed from that equipment?"
Two reasons I can think of.
1) To minimise size and therefore cost of manufacture. The video needs to be stored somewhere. A locally hosted device (probably a separate box somewhere in the home, as bunging a HDD or SSD in the doorbell would make it rather larger) costs money. Much cheaper to bung in a Wifi chipset then shove the video on to a server that you probably already own or rent.
2) Monetization. You have access to terabytes of data showing people coming and going that could potentially be worth something.
Neither is good from a user point of view.. Personally, I would like to see any device that offers any kind of home security or surveillance to at least offer the choice of storing data on a box locally, with the option to upload it to a cloud. I'd like to see this happen even if it means I lose the convenience of accessing the video from my doorbell or CCTV system from outside the house, or via an app.
I don't have a smart doorbell, because I can't see the point. If I am not in the house, what, really is the point of me being able to answer the doorbell? Even if I get a delivery, unless I have just popped to the neighbours, the delivery driver won't be there by the time I get home (even if he or she was, I could just open the door). I might be interested in the video doorbell aspect, but I think any data stored by the system should stay local. Same with CCTV.
"Personally I'd prefer the CCTV footage to be backed up externally in case my NAS gets pinched."
So send it to the server you have hanging off your Great Aunt Ruth's DSL line in Duluth. Shirley all of us commentards have a personal remote file server or three, right?
Personally, I'd want the option, mostly. If i'm too cheap or otherwise CBA to set up my own storage box, I can use theirs; fine. But when theirs inevitably goes down, or they decide to kill the service entirely (Here's looking at you, Google!), or my internet provider decides to take a week off?
I'm genuinely baffled why the manufacturers are trying to sell devices to people who are obviously security-concious and/or paranoid--and then not baking in secure options. You'd think that'd be like selling cars for people interested in personal transportation that cannot be started without having two neighbors and a representative from the company seated within?
I wouldn't want to grant access to the typical vendors because of the events in this story though and/or they'd use the data to help advertisers to sell junk to me.
Indeed. If I wanted to view an advertiser's junk, I'm sure I could find one who has a Ring camera and then just identify a cooperative Amazon employee
El Reg previously explained partly why they need a feed of your video to the mothership. They provide access to the video feeds to the police and the police act as sales staff encouraging everyone to buy one. The evil brilliance is quite impressive, if you forget about ethics.
Hey, at least they didn't use the newspeak term "redeployed". That seems to be the term of choice for some companies that don't have the spine to say "lay-offs" or "fired".
Funny anecdote. When I had just started working for such a company my manager told me his friend had been "redeployed". Knowing that lay-offs were being considered I replied that I was glad to hear that his friend had been redeployed. I have a lot of friends in the military so I only knew the term as "being sent back to another battle zone". In other words, the organization they worked for utilized them elsewhere.
It took a while to untangle the confusion and convince my boss that I was not mean-spirited...
"It fits in well with the recent right-pondian politician-speak of 'more' meaning 'not losing the ones we've already got' though..."
Yes, that was a bit weird. It did actually make a kind of sense, but when she was confronted on it, managed to splutter a lot and make it seem much worse than it actually was. After all, if you normally lose 10% of your workforce every year through reasons other than retirement and can't easily replace them, then changing things such that many of those leavers now stay on and don't leave, that reduces the amount of new recruitment needed and retains experience as well as reducing the amount of work needed to increase staffing levels from a limited pool.
With respect to your manager of the time, "redeployed" means moved internally within a division or within the same parent company.
If they are leaving the company they are being let go
It was confusing because the manager was being confusing to avoid bad words when layoffs are in progress. It's a shame when language is impoverished, although understandable sometimes.
"the attempted access to that data exceeded what was necessary for their job functions"
Looks like they still can't quite admit their guilt. "Attempted" access? Most people won't use that term when they in fact succeeded.
However, what's most glaring is the seeming admission that they are in fact 1) able to view the videos and 2) that it may be routine if it is "necessary for their job functions".
I'd love to see the internal documents that detail when the company deems it acceptable to view the video footage.
for the "Postcode Lottery"
Don't they use the like 'Ring that Bell' and awful lot.
My advice is... don't play the postcode lottery if you have a Ring device. Otherwise there might be some people at Amazone viewing you getting the prize and sending around some mates to relieve you of it if you get my meaning.
[see icon]
So 4 times they have received a 'complaint or inquiry' from someone who had reason to suspect that someone is watching their Ring.
And 0 times has their internal auditing flagged up people accessing a user's Ring without permission.
I'm willing to bet that most unauthourised accesses couldn't possibly be detected by the end user (which is when the innuendo falls down), so their auditing processes must be terrible. (As most non-existent auditing processes are)
Even though footage would only be of people ringing bell (& presumably some street background data) then it could be data you don't want people seeing.
e.g. if people visited the address for something they may want to keep private / limited disclosure e.g. abortion centre, mental health clinic etc *
* Obviously if you have that type of premises you should really not be using something that stores client images off site.
Even worse, Ring may have started with a video doorbell, but they also sell general security cameras which can be placed inside the home. There is no way I would own one.
The black helicopter icon is because commercial companies have more of them than the governments!
If your sensitive data, either as plaintext or encrypted using a key not exclusively accessible to you, is secured on a device or system that neither belongs to you nor is controlled by you...
... it is no longer your data; it is not private; it is not secure; and you do not have control.
I propose additional Laws:
Second Law of Cloud:
A cloud application is only as good as your connection to it.
Third Law of Cloud:
Data Stored in the Cloud only lasts as long as the provider stays in business, or as long as you continue to pay the bill.
I welcome the commentards to add additional Laws or expand on at least the two I've put here.
Hmmm
The hypocrisy and sheer chutzpah of a massive multi-national like Amazon firing workers for doing what Amazon itself does to literally millions of customers every say (spying on consumers), is indicative of the us vs. them mentality that exists in the corporate world between upper management and what the rank and file. In short, the message being sent out here is that its just fine for Amazon to vacuum up petabytes of data related to anything that consumers do online who visit their website-even if they don't buy a thing and are therefore not "customers". (unless you are well protected and perform daily cleaning of your storage devices you will find that Amazon and affiliates like just about every single other corporation with a presence on the web, have dumped all manner of persistent tracking cookies and other nefarious little critters onto your devices which allow them to track/record your activities after you leave Amazon.com)
Here is the bottom line: It is not just those employees that are violating the privacy of visitors to Amazon's website(s) Basically, we have the world's largest online shopping corporation and of course the de facto operating system used by about a Billion people world wide in Windows 10 between them violating consumer privacy literally millions of times every second of every day and the Media says NOTHING. But, let a couple of enterprising "employees" try and get in on the action and its the old heave ho for them. (rightfully so of course) The bottom line here is that both Bozo and Gates along with the officers of thousands of other corporations should have been behind bars years ago and their respective "corporations" shut down in the interests of the public good and safety. Put another way, if you or I got caught spying on either of these corporations in the same manner in which they do to us, we would face immediate arrest, prosecution and a long, long jail sentence. Never forget, in the world of multi-national CEO's and World leaders "do as I say, not as I do" is actively being enforced by the rule of law....(laws written and paid for by the CEO's corporations and enacted and enforced by the leaders taking their money)
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
