How secure is Ring from Amazon?

Ring, a wholly owned subsidiary of Amazon, has established itself as a popular option for home security systems. Smart doorbells are sold, which inform homeowners via video stream and push notification when someone approaches the front door. But the surveillance technology has questionable side effects. And that doesn't just apply to data storage in the Ring cloud.

Where do the video clips and audio recordings end up?

When using the Ring smart doorbell, vast amounts of data are generated. Ring devices continuously create video recordings and audio clips to provide users with a comprehensive monitoring experience. This data is usually stored in the Ring cloud, where it can be accessed by users.

Data protectionists have long voiced concerns about the extensive data collection. They fear that the data collected could be misused for advertising purposes or passed on to third parties. Cases from the USA prove that they are right.

Data transfer to investigative authorities

In the USA, more than 10 million households use Amazon's smart doorbell Ring. When someone approaches the entrance, the recording function is activated and the system starts recording video. At this moment, the owners are informed and they can watch the events on their own doorstep live in the video stream. So far, so comfortable.

In the summer of 2022, a case in the USA caused a stir when it was revealed that Amazon had set up an interface that allowed authorities to access stored video footage. Politico magazine reported on a case in which an Ohio man refused to provide Ring recordings to police. The police investigated the neighbor for a criminal offense.

Without further ado, the investigating authorities turned to Amazon and served the company with a court order to obtain the recordings. As ordered, the Internet giant delivered the video recordings from all the cameras the man had installed. This was made possible because the recordings are stored on the Ring servers for 180 days.

In the meantime, it has come to light that Amazon has repeatedly passed on data to the investigating authorities in the USA, even without a court order. The US civil rights organization EFF spoke in this context of the "largest surveillance apparatus in the country".

Sharing of data also in Germany?

Ring is silent on whether and to what extent data is passed on to law enforcement agencies in Germany. Company spokespeople note that data is shared "when law enforcement can prove an imminent threat and time is of the essence." The company provided this nebulous explanation to the "Handelsblatt" when asked. Furthermore, Ring pointed out that cases of urgency are rare in practice and are examined closely.

Plus for more security: Enable end-to-end encryption

An important issue when evaluating Ring's security is end-to-end encryption. End-to-end encryption (E2EE) means that the data between the devices involved is encrypted and cannot be read by anyone else. Ring does not have end-to-end encryption enabled by default for video recordings. The videos are encrypted while they are stored in the Ring Cloud, but can be decrypted by Ring itself to enable the features like sharing videos with other users. The only way to prevent this is to enable end-to-end encryption yourself. The company provides instructions on its support pages.

Conclusion

Ring security is a complex issue. The collection and sharing of data has been criticized by data protectionists for years. It is important to note that Ring has publicly stated that it will not share user data without consent, only to do the exact opposite in practice. To what extent this approach has an impact on the trustworthiness of the company, each user must decide for themselves.