Ring is rejecting the request of a U.S. senator to introduce privacy-enhancing changes to its flagship doorbell video camera after product testing showed the device capable of recording conversations well beyond the doorsteps of its many millions of customers. Security and privacy experts expressed alarm at the quality of the distant recordings, raising concerns about the potential for blackmail, stalking, and other forms of invasion.
In a letter to the company last month, Sen. Ed Markey, a Democrat of Massachusetts, said Ring was capturing “significant amounts of audio on private and public property adjacent to dwellings with Ring doorbells,” putting the right to “assemble, move, and converse without being tracked” at risk.
Markey did not asked the company to adjust the range of the device, but adjust the doorbell’s settings so audio wouldn’t be recorded by default. Ring, which was acquired by retail giant Amazon in 2018, rejected the idea, arguing that doing so would be a “negative experience” for customers, who might easily get confused by the settings “in an emergency situation.” What’s more, Ring appeared to reject a request never to link the devices to voice recognition software, offering only that it hasn’t done so thus far.
Experts such as Matthew Guariglia, a policy analyst at the Electronic Frontier Foundation, have said the device is particularly harmful to the privacy of individuals who live in close quarters — think apartment buildings and condos — where they may be unknowingly recorded the moment they open their doors.
Ring also disclosed that it’s given police access to camera footage this year without user consent or a warrant on 11 occasions. According to Ring, officers claimed exigent circumstances in these cases, meaning there was a risk that someone could be killed or physically harmed before a warrant could be obtained. Ring did not indicate whether it has ever denied such a request.
Ring is obligated to provide police with certain business records in response to a subpoena. Business records may include a user’s real name, home address, email address, IP address, and payment information, among other details. (In the realm of electronic data, “business records” is sometimes synonymous with the term “metadata”.)
Ring is not required to turn over actual content, such as recorded video, audio, or the text of messages, unless it receives a warrant.
To obtain a warrant, police need probable cause. This requires a judge to be convinced, based on some articulable, credible information, that the content they seek is likely evidence of a crime. Conversely, probable cause is not needed to obtain a subpoena, which is a tool police use to gather facts believed relevant to an investigation. Because of their lower evidentiary threshold, subpoenas are expected to be narrowly drawn, describing with reasonable specificity the records they’re after. Higher courts generally frown on police using subpoenas to conduct “fishing expeditions.”
A company may move to quash a subpoena on the basis that it’s overly broad or unduly burdensome, due to the volume of records requested or the amount of time and effort it will take to produce them. Ring claims to do so when requests are “overbroad or inappropriate,” and as an example says it would not comply with a request to “list of all Ring device locations in a city.”
The FBI has another tool in its arsenal for cases of suspected terrorism or espionage known as a national security letter. Authorized under the Stored Communications Act, national security letters allow the FBI to demand access to business records and metadata without a judge’s approval. The letters are accompanied by gag orders, which forbid the companies or individuals that receive them from acknowledging their existence. (The FBI has a documented history of abusing this power.)
A bi-annual report published by Ring shows the company received over 2,600 warrant-based requests and roughly 400 subpoenas. This is in addition more than 2,700 preservation requests in 2021 alone. A preservation request can require certain records or data be retained by the company, even if a customers seeks to delete it. Fewer than half of all the requests were content-related, according to the report. It’s unclear how often, if ever, Ring goes to court to challenge government demands.
In a statement to Politico, which first reported Ring’s letter, the company claimed its policy is to notify users whenever it receives a warrant for their footage.
Emails obtained by Gizmodo in 2019 showed that Ring had assembled what it called a “subpoena team,” which works to advise police on how to submit requests for footage without user consent. Jay Stanley, a senior policy analyst at the American Civil Liberties Union, said this practice is commonplace at most tech companies. The businesses often see a benefit in guiding police through the process, rather than be forced to repeatedly reject requests that are improperly submitted, he said.
Ring has previously claimed that police are unable to access footage unless the footage is directly supplied by customers, but that policy applies strictly to the company’s crime-alert app, Neighbors, and does not extend to government demands and other legally binding orders.
Neighbors, which has millions of users, is advertised as a way to receive “real-time crime and safety alerts” from local law enforcement and other users nearby. Controversially, Ring has sought out partnerships with thousands of U.S. police departments, offering them access to a special platform through which customers can be directly contacted.
Officers using the Neighbors platform are able to solicit footage by selected a date, time, and location. Users with corresponding footage are notified of the requests. Ring says departments aren’t notified when users decline to help.
No fewer than 2,1oo agencies are currently signed up, which, as Markey noted, is five times as many compared to 2019.
Ring, which recently saw an increase in subscription prices, said it recently implemented more than 100 changes to its products following an audit by researchers from New York University School of Law studying the device’s impact on civil liberties.
Among the changes, the company said it introduced new transparency measures in response to questions raised by the auditors regarding its willingness to hand over user data.
Ring also said its made efforts to reduce the chance of content on Neighbors being used for racial profiling, adding staff to moderate content before it’s uploaded. In 2019, Gizmodo examined more than 65,000 posts shared by Ring users across the app. More than 830 posts explicitly mentioned skin color. More than two-thirds contained references to individuals perceived to be Black.
The company has refused to commit fully to encryption, saying such “advanced features may not be right for all customers.” What’s more, Markey pointed out that the company previously declined to say if it would ever introduce facial recognition.
“It has become increasingly difficult for the public to move, assemble, and converse in public without being tracked and recorded,” Markey said, advocating for the passage of the Facial Recognition and Biometric Technology Moratorium Act, a bill designed to impose limits on law enforcement’s collection of biometric data and use of technology such as facial recognition.