And The FTC Have Gone With The Wrist Slap Again
You may have some concerns about the security of two of the more popular Amazon IoT products, Ring and Alexa but as it turns out you were nowhere near worried enough. Recent investigations by the US FTC have revealed rather terrifying facts about what is done with the recordings made by Amazon as well as the utter lack of any of the security protocols you likely assumed they followed.
Instead it seems that your Ring recordings, which are not encrypted on Amazon’s servers, were treated like YouTube videos and shared among employees. Anyone working with Ring can access any stored video to watch and to share with employees, and yes that most certainly includes recordings from inside user’s homes and not just the doorbell. Even when some employees reported the rather lurid videos being swapped around, management informed them it was perfectly acceptable behaviour and required to offer proper support.
As for Alexa, well anything you said around it is kept, up to and including recordings of children. There was no retention policy in place to delete the recordings after a certain amount of time, and they were even used to train Alexa to improve it’s language recognition skills with no thought as to the content. While parents could contact Amazon to specifically request recordings of their children were deleted, the FTC found numerous instances where the recordings were only deleted from certain databases after a request was made, they were still kept in others.
The total fines levied were US$30.8 million, which The Register points out is less than a single day’s profit for Amazon. Amazon also does not admit any wrongdoing, but were happy to toss some spare change at the FTC to make the complaints go away.