news

Amazon to Pay FTC Over $30 Million for Ring, Alexa Privacy Violations

Amazon's Ring doorbell unit will pay the Federal Trade Commission $5.8 million in a settlement over privacy violations

Smith Collection/Gado | Archive Photos | Getty Images

Amazon will pay the Federal Trade Commission more than $30 million as part of settlement agreements related to its Alexa and Ring divisions, according to filings on Wednesday.

The agency filed a lawsuit alleging Amazon's Ring doorbell unit violated a portion of the FTC Act that prohibits unfair or deceptive business practices. A separate suit alleges Amazon violated the FTC Act and Children's Online Privacy Protection Act by illegally retaining thousands of children's information through their profiles with the Alexa voice assistant.

While Ring has claimed its products help keep customers safer with its doorbell security cameras, the FTC alleged that Ring instead comprised customer information by giving third-party contractors access to customer videos, even when it was unnecessary to perform their jobs.

Ring employees and those who worked for a third-party contractor in Ukraine could access and download every customer's videos, with no technical or procedural restrictions on the practice before July 2017, the FTC alleged.

The agency claims Ring did not have any privacy or data security training before 2018, even as the company's employee handbook prohibited misuse of customer data.

In one instance, a Ring employee allegedly viewed thousands of videos from at least 81 different female users from cameras labeled for use in intimate spaces, like "Master Bedroom," "Master Bathroom" and "Spy Cam." Between June and August 2017, the FTC alleged, the employee looked through the videos for often at least an hour a day on hundreds of occasions.

Another employee who reported the alleged inappropriate access was told by a supervisor that it was "'normal' for an engineer to view so many accounts," according to the complaint."Only after the supervisor noticed that the male employee was only viewing videos of 'pretty girls' did the supervisor escalate the report of misconduct," the complaint alleges, and the employee was ultimately fired.

Ring narrowed employee access to customer videos in September 2017, the complaint says, so that customers had to consent to customer service agents accessing their videos. But even then, the FTC alleged, Ring allowed hundreds of employees and Ukraine-based contractors to continue accessing all video data.

"Importantly, because Ring failed to implement basic measures to monitor and detect inappropriate access before February 2019, Ring has no idea how many instances of inappropriate access to customers' sensitive video data actually occurred," the complaint alleges.

As part of the agreement with the FTC, Ring must for the next 20 years have in place a comprehensive privacy and data security program that involves disclosing to users

Amazon acquired Ring for a reported $1 billion in 2018 and the company now operates as a subsidiary of Amazon. The deal has helped Amazon grow its presence in the smart home and home security categories. But Ring has also been a source of major scrutiny for Amazon as advocacy groups alleged the devices threaten users' privacy and civil liberties. Ring also established controversial partnerships with police departments.

Ring's security protocols have been criticized previously. In 2020, Ring said it fired four employees for peeping into customer video feeds after reports from The Intercept and The Information found that Ring staffers in Ukraine were given unfettered access to videos from Ring cameras around the world.

The company strengthened its security measures after a series of incidents wherein hackers gained access to a number of users' cameras. In one case, hackers were able to watch and communicate with an 8-year old girl. Ring blamed the issue on users reusing their passwords.

This is breaking news. Please check back for updates.

Copyright CNBC
Contact Us