The "smart home" of the 21st century is not only supposed to be a monument to convenience, we are told, but also to protection, a bubble of vigilant algorithms and sensors connected to the Internet, like that of Tony Stark, working tirelessly to to watch us. However, according to some sources alarmed by Ring's disappointing privacy practices, monitoring algorithms through the lens are not limited to algorithms.

Ring has a long tradition of lax and neglected surveillance when it comes to deciding who has access to some of the most valuable and intimate data belonging to anyone: a high definition live stream coming from the home – and maybe even from the inside. The company has marketed its range of miniature cameras, designed to be installed as doorbells, in garages and on bookshelves, not only as a way to keep an eye on your home while you're away, but to create a kind of privatized ward surveillance. , a constellation of overlapping camera feeds that will help the police detect and apprehend burglars (and even worse) as they approach. "Our mission to reduce neighborhood crime is at the heart of everything we do at Ring," said Jamie Siminoff, founder and CEO, last spring to commemorate the $ 1 billion buyout of the company by Amazon, a company that recently has facial recognition practices. Marketing works. Ring is a hit with consumers and a darling press.

Despite its mission of securing people and their assets, the treatment of customer video streams by the company is something else, but people familiar with the company's practices told The Intercept. Starting in 2016, according to a source, Ring provided its Ukrainian-based research and development team with virtually unlimited access to a folder of Amazon's S3 cloud storage service containing all the videos created by all the Ring's cameras. whole world. This would be tantamount to a huge list of extremely sensitive files that could be easily viewed and viewed. Downloading and sharing these client video files would only require one more click. The information, which aggressively covered Ring's security holes, reported on these practices last month.

By the time Ukrainian access was provided, the video files were left unencrypted, said the source, due to Ring's "belief in leadership that encryption would make the company less valuable," because costs associated with the implementation of encryption and loss of revenue access. The Ukrainian team also received a corresponding database that linked each specific video file to the corresponding Ring clients.

"Yes [someone] knew the email address of a journalist or a competitor, [they] could see all their cameras. ""

At the same time, the source said, Ring has unnecessarily provided US executives and engineers with highly privileged access to the company's technical support video portal, allowing their customers to receive live, unfiltered live feeds based on their needs. access to this extremely sensitive data to do their job. For those who have been granted this high-level access – comparable to Uber's famous "Divine Mode" card revealing the movements of all passengers, only the email address of a Ring customer was needed to watch cameras from his home. Although the source claimed to have never personally witnessed blatant abuses, she did however declare to The Intercept "if [someone] knew the email address of a journalist or a competitor, [they] could see all their cameras. "The source also recounted cases of Ring engineers who" teased themselves about who they had brought home "after dating. Although the engineers in question knew that they were being monitored by their colleagues in real time, the source asked if their companions were informed in the same way.

Ring's decision to grant this access to his Ukrainian team was motivated in part by the weaknesses of his internal face and object recognition software. Neighbor, the company's disarming name for its distributed home monitoring platform, is now a flagship feature for Ring's cameras, touted as "proactive" neighborhood surveillance. This fight against real-time crime requires more than raw video – it requires the ability to quickly understand, on a large scale, what is really happening in these home video streams. Is it a dog or your husband? Is it a burglar or a tree? Ring's software has been struggling for years with these fundamental principles of object recognition. According to the latest information report, "Users have consistently complained to customer support to receive alerts when nothing notable was happening outside their door. the system seemed to detect a car passing in the street or a leaf falling from a tree in the front yard. "

Computer vision has made incredible progress in recent years, but creating software to categorize objects from scratch is often expensive and time consuming. To revive the process, Ring has used its Ukrainian "data operators" as the cradle for its dull artificial intelligence efforts, manually tagging and tagging objects in a given video as part of a process of "Training" to teach software in the hope might be able to detect such things on its own in the near future. Apparently, this process is still going on years later: Ring Labs, the name of the Ukrainian operation, still employs people as data operators, according to LinkedIn, and publishes vacancy listings for concerts of Vacant video tagging: "You must be able to recognize and properly label all moving objects in the video with great accuracy," reads an offer of employment. "Be prepared to cope with quick changes in tasks, just as you are ready for monotonous, long-term work."

ring-redacted-1547070465

Image: Ring

An image never before published of an internal document Ring contains the veil of high ambitions of society in terms of security: behind all the computer sophistication was hiding a team of people tracing boxes around strangers, day after day, then that they strove to grant a semblance of human judgment to an algorithm. (The interception has expurgated a face from the picture.)

Another source, directly familiar with Ring's video tagging efforts, said the video annotation team viewed images not only of popular models of outdoor and doorbell cameras, but also of household interiors. The source stated that Ring employees sometimes showed videos that they annotated and described some of the things they had witnessed, including people kissing, shooting and stealing. .

Ring's spokesperson, Yassi Shahmiri, did not want to answer questions about the company's previous data policies and how they might be different today, instead choosing to provide the following statement:

We take the privacy and security of our customers' personal information very seriously. In order to improve our service, we watch and annotate some videos of Ring. These videos come exclusively from publicly shared Ring videos of the Neighbors application (in accordance with our terms of use) and a small fraction of Ring users who have given their explicit written consent to allow us to Access their videos and use them for this purpose. purposes.

We have strict policies in place for all members of our team. We implement systems to limit and audit access to information. Members of our team are subject to high ethical standards and anyone in violation of our policies faces disciplinary action, including dismissals and potential criminal and legal sanctions. In addition, we have a zero tolerance for abuse of our systems and if we find bad actors who have engaged in this behavior, we will act quickly against them.

It is not clear that the current standards for access to Ring's videos in Ukraine, as described in the Ring Statement, have always been in place, and there is no indication of how (or if) they are applied. According to information cited by former employees, The Information did not always comply with the standards in force, but only last May, efforts for stricter control of the video had been set up by Amazon after Amazon's visit to the Ukrainian office. Even then, says The Information, staff members in Ukraine have bypassed the controls.

In addition, the Ring Neighbors overview does not mention any image or facial recognition, and does not indicate that those who use it choose to leave their homes under surveillance by people in a Ukrainian research and development laboratory. of development. Ring's facial recognition practices are included in its privacy policy, which states simply that "you can choose to use additional features in your Ring product that, thanks to the video data on your device, can recognize the facial features of your device." usual visitors ". Neither the service nor its privacy policy mentions human-made manual video annotations, and none of the documents mention the possibility that Ring staff members can access this video. Even if the policies in place are sufficiently firm, the question of whether Ring owners should trust a company that has already considered the above possibility will remain open.