Cybersecurity experts still wary of Amazon devices after FTC settlements
Amazon must pay more than $30 million from two different settlements reached with the Federal Trade Commission. One settlement, totaling $5.8 million, concerns the Amazon-owned smart doorbell company Ring.
The FTC alleged that Amazon committed privacy violations when it gave Ring employees access to customer videos.
According to a complaint filed in federal court last week, a former Ring employee reportedly spied on female customers for months in 2017, watching recorded videos from Ring products placed in bedrooms and bathrooms.
“Only after the supervisor noticed that the male employee was only viewing videos of ‘pretty girls’ did the supervisor escalate the report of misconduct,” the FTC noted. “Only at that point did Ring review a portion of the employee’s activity and, ultimately, terminate his employment.”
According to the complaint, an employee gave a customer’s ex-husband a Ring device recording from that customer in May 2018, without obtaining their consent. Additionally, the FTC found another employee provided Ring devices to individuals and surreptitiously watched their videos without their knowledge.
The violations follow a probe conducted last year by Sen. Ed Markey that found evidence indicating that Amazon had been sharing footage from Ring doorbells with law enforcement authorities without obtaining consent from the camera owners.
“Ring promptly addressed these issues on its own years ago, well before the FTC began its inquiry,” a Ring spokesperson told Business Insider. “While we disagree with the FTC’s allegations and deny violating the law, this settlement resolves this matter so we can focus on innovating on behalf of our customers.”
Amazon has also agreed to pay $25 million in a separate FTC settlement alleging that the online retailer violated children’s privacy rights by retaining Alexa recordings – an Amazon smart speaker device – beyond the necessary period and failing to delete them upon parental request.
“I’m disappointed,” said cybersecurity expert Scott Spiro in an interview with ABC News on Thursday. “I feel like Amazon has broken their word and their promise to parents and consumers.”
“If you’re a technology company and you’re telling consumers that you’re going to hold their data private, that’s the expectation,” he said.
Denise Bergstrom, the cybersecurity program chair at Franklin University, believes that Amazon “should have known better.”
In an interview with NBC4 Columbus, Bergstrom said big companies like Amazon should have layers of accountability in place to protect user data because there are still real safety concerns if the data ends up in the wrong hands.
“That could allow someone to stalk your child if it got out,” she said. “If those pieces of information are put together, they’re breadcrumbs that could help a perpetrator to identify and target your kid.”
In a press release, Amazon pointed to its privacy settings on the Alexa app for parents to delete recordings and manage their kids’ profiles. But Bergstrom argues that it’s not that simple to navigate.
“That’s one of biggest frustrations,” she said. “The problem is that those safeguards […] tend to be buried,” and is not intuitive for a user to immediately understand what certain options are called and what it means.
The biggest thing parents can do to protect their kids’ privacy right now is to be aware that this information is out there, emphasized Bergstrom. “And when you have the opportunity to limit that access, do so,” she said. “It’s better to then go back and modify those choices later to allow additional access if a situation changes than it is to try to take it back.”