Amazon-owned home surveillance camera king Ring is making good on its promise to bring end-to-end encryption (E2EE) to a wider range of its devices. This week, the company added the encryption secretive for audio and video to its lower-cost battery-powered doorbells and cameras which were left out of the company’s previous E2EE rollout. The addition marks Ring’s latest attempt to correct course on a product history littered with privacy and security blunders.
Privacy advocates and security experts have for years pushed Ring and other device makers like it to incorporate E2EE by default. Ring’s encryption services, which are annoyingly opt-in, provide enrolled devices with a one of its-kind encryption key to unlock the encrypted videos. Ring claims that the key keeps anyone other than the device’s users, including Ring itself, from accessing the videos. Further, Ring says all video uploaded to its cloud network features E2EE, by default at rest and in transit.
“We believe we should offer a full range of privacy options to as many customers as possible,” Ring said in its blog post. “And we know that different devices make sense for different living situations.”
If this all sounds a bit familiar, that’s because Ring’s journey to finally bring E2EE to its doorbells was years in the making. The company first toyed with the capability in January 2021 as a technical preview for a select number of users. Then, in July 2021 the company pleased some security experts by adding encryption to a selection of its products globally. That rollout applied to 13 Ring products but notably did not include the company’s battery-powered video doorbells. Fast forward 14 months and, well, here we are. Now, E2EE is available on all of Ring’s devices except its lower-priced Ring Video Doorbell Wired, according to TheVerge.
So why the long wait for E2EE on battery-powered devices? According to Ring, it was to ensure the quality of the product.
“A feature as ambitious as video End-to-End encryption, quite simply, took time to build,” a Ring spokesperson said in an email to Gizmodo. “We hold ourselves to a high standard to give our customers the best possible experience and offer products and features they can trust.”
Ring users who own the battery-powered doorbells will likely welcome the change, especially considering the company’s long history of less than stellar security bonafides. In recent years, thousands of Ring owners have reportedly had their personal information compromised and leaked during data breaches. Ring’s also found itself on the receiving end of lawsuits calling into question its security practices following a long list of concerns and sometimes creepy hacks. In one case, hackers even broke into a Ring device to scare the shit out of a household and taunt their dog.
E2EE encryption is definitely better than the alternative, but it alone won’t solve thornier privacy concerns more fundamental to Ring’s design. Case in point, earlier this year Ring rejected requests made by Massachusetts Democratic Senator Ed Markey to adjust the device’s settings so it would not record audio by default after product testing from Consumer Reports found its flagship doorbell’s microphone could potentially capture recording of conversations from 20 to 25 feet away in his letter to the company. Markey argued this granularity of data potentially being collected by the doorbells threatens the right to “assemble, move, and converse without being tracked.” Ring, in rejecting the proposal, said making audio recording opt-in would result in a “negative experience” for its customers.
Update 4:23 P.M: Added statement from Ring.