The latest example involves Ring failing to adequately secure users information when they share to the Ring "Neighbors" portion of the Ring app. Journalists had already showcased how Ring's security standards were hot garbage. And while Amazon has taken some steps to address those concerns (like making two-factor authentication mandatory), this week it was revealed that Ring’s Neighbors app was exposing the precise locations and home addresses of users who had posted to the app:

"While users’ posts are public, the app doesn’t display names or precise locations — though most include video taken by Ring doorbells and security cameras. The bug made it possible to retrieve the location data on users who posted to the app, including those who are reporting crimes."

Whoops-a-daisy!

The disclosure comes on the heels of a similar report from Gizmodo last year that found it wasn't too difficult to ferret out hidden data allowing journalists (and anybody else) to map the location of Ring users nationwide:

"Examining the network traffic of the Neighbors app produced unexpected data, including hidden geographic coordinates that are connected to each post—latitude and longitude with up to six decimal points of precision, accurate enough to pinpoint roughly a square inch of ground."

Neat! Ring's already facing a class action lawsuit from users not particularly happy about receiving death threats and racist slurs after their Ring smart cameras were hacked.

Purportedly, Ring's Neighborhood functionality is generally supposed to help communities band together and discuss potential security threats. Kind of a neighborhood watch for the modern era. More often, however, the functionality results in people engaging in paranoid hyperventilation about minorities or homeless people getting a skosh too close to the azaleas.

If you're going to be earning additional billions from selling access to consumer residential cameras to intelligence and law enforcement every year, it seems like the very least you can do is invest a little bit more in taking consumer privacy and security seriously, even if "caring about consumers" and "selling their camera surveillance and location data to any nitwit with a nickel" operate somewhat discordantly.

So, it's hilarious to find out the FBI is concerned about Ring cameras, considering the company's unabashed love for all things law enforcement. The Intercept -- diving back into the "Blue Leaks" stash of exfiltrated law enforcement documents -- has posted an FBI "Technical Analysis Bulletin" [PDF] warning cops about the threat Ring cameras pose to cops. After celebrating the golden age of surveillance the Internet of Things has ushered in, the FBI notes that doorbell cameras see everyone who comes to someone's door -- even if it's people who'd rather the absent resident remained unaware of.

The document describes a 2017 incident in which FBI agents approached a New Orleans home to serve a search warrant and were caught on video. “Through the Wi-Fi doorbell system, the subject of the warrant remotely viewed the activity at his residence from another location and contacted his neighbor and landlord regarding the FBI’s presence there,” it states.

Ratted out by home security tech -- the kind often pushed on residents by law enforcement officers hoping to expand their surveillance networks by deputizing doorbells. Ring's cameras aren't just mute witnesses. Owners receive notifications when someone comes to their door and, depending on model, are able to hold conversations with them using built-in mics and speakers.

This means the sneak-and-peek feds might have been overhead discussing their tactical plans or specifics about the investigation. Hilarious. And this is how another FBI document on the subject of doorbells puts it, turning a normal home security device into a devious tool to be wielded against law enforcement:

“[S]ubject was able to see and hear everything happening at his residence” and possibly “covertly monitor law enforcement activity while law enforcement was on the premises…"

Covert monitoring is the best monitoring, as these FBI agents are well-aware. Sucks when it's the alleged perps doing the covert monitoring, I guess. And it sucks when the FBI decides now is the time to be hot and bothered when security cameras have been catching cops visiting/raiding properties for years. Audio recording isn't some new technology either, so if cops haven't been clued into this possibility already, they have no one to blame but themselves.

The documents are fascinating, and not just because they appear to turn Ring into a co-conspirator in crimes after so many years of being besties with law enforcement. It also shows how much goes unnoticed by people who routinely cite their years of training and experience when applying for search warrants. This should have been obvious from day one.

But now is not the best time to be trotting out new facial recognition products. Cities and one entire state have enacted bans or moratoriums on facial recognition tech use by government agencies. Even the leader in law enforcement body cams (Axon, formerly Taser) has pulled back from adding this tech to its products. So, Ring is playing it safe even if it's inevitably going to add this feature in as soon as it can justify it.

And it's looking for ways to justify it. Just like it promised Congress, it will continue to "innovate" by adding features customers say they want -- even if it's tech many feel is untrustworthy, if not possibly dangerous. A document obtained by Ars Technica shows the company is feeling out its newest customers on several potential features, including facial recognition.

Ring last week distributed a confidential survey to beta testers weighing sentiment and demand for several potential new features in future versions of its software. According to screenshots shared with Ars, potential new features for Ring include options for enabling or disabling the camera both physically and remotely, both visual and audible alarms to ward off "would-be criminals," and potential object, facial, and license plate detection.

The survey actually suggests two possible facial recognition tech uses: one alert for "familiar faces" and another for "unfamiliar." This feature would presumably be tied to a user-generated whitelist of "familiar" faces, rather than something maintained by Ring. But just as presumably, Ring would have access to user selections and recorded footage. Law enforcement agencies are already running obtained Ring footage through their own facial recognition programs, so this addition would just save them a little bit of time.

And, as noted above, Ring is pitching something new -- at least for its line of products: license plate recognition. This is a new development.

The company has also not publicly discussed any plans for potentially deploying object detection or license plate scanning technology. In the same letter, lawmakers asked Amazon if employees had access to "any previously tagged information in video feeds that specifically identify a person or vehicle," including specific license plate data; to that question, Amazon answered simply "no."

The survey doesn't actually call this "recognition." It calls it "license plate detection." This feature would send an alert to users if a vehicle's license plate is detected and readable by the camera. Again, this wouldn't be linked to any license plate database and would rely on whitelisting for "recognition," but it's still somewhat surprising to see a home security system offer this functionality.

It's not that license plate readers are unheard of in the residential sector. It's just that they're usually included in more expensive systems tied to lucrative 24/7 monitoring contracts. This would put some of that power in a doorbell camera, allowing Ring users to operate not-so-automatic license plate readers during their downtime.

Ring continues to claim it's just engaging in blue-skying with beta testers and has no immediate plans to implement either of these features. But it's not denying it has an interest in being a market leader in domestic surveillance tech and will follow the market wherever it's led… or wherever it nudges the market towards.

First, it employs a "Head of Facial Recognition Tech" at its Ukraine office. A company that isn't planning to add facial recognition doesn't need anyone in charge of tech it's not planning on using.

Second, its lengthy answers to Congressional questions stated that the company would continue to develop and explore other options in response to "customer demand." If enough customers express an interest in facial recognition, Ring would be stupid not to add that to its list of features, even if it has spent months denying it ever plans to do so.

Third, its answers to direct questions about facial recognition software are anything but direct. Cyrus Farivar of NBC News asked Ring about this feature after receiving something that indicated otherwise from a public records request. The response sounds firm but really isn't.

Morgan Culbertson, Ring spox, emailed:

"The features described are not in development or in use, and Ring does not use facial recognition technology…"

This sounds definitive but Ring's pitch to cops -- obtained by Farivar -- says something different:

At the 1:30 mark, the video says the company is working on future versions that will include "suspicious activity detection and person recognition."

How does the company reconcile this pitch to law enforcement with its public statements on the subject? It can't. So, it doesn't. Farivar's questions to Ring about this video went unanswered.

Maybe the explanation is that Ring isn't planning to add it to its consumer products but is developing something for law enforcement to apply to footage via its portal. This would allow Ring to continue to claim it's not adding facial recognition software to its cameras while still making use of its "Head of Facial Recognition" person.

But there's also no reason to believe Ring is being honest about any of this. Like any company under the x-ray, it will say what serves it best right now even if it means rolling back those quasi-promises the minute Ring feels it can get away with making its products even more problematic.

Ring drives this particularly questionable engagement by insinuating people who've received free or cheap cameras will become part of a surveillance network overseen by cops, who will be able to solve tons of crimes and receive tons of footage from compliant recipients without a warrant.

None of this appears to be happening. While homes with Ring cameras are arguably more secure, the same could be said for any consumer camera -- most of which aren't handed to homeowners by law enforcement. A recent report by Cyrus Farivar for NBC News shows there's not much crime being solved by the vast network of Ring cameras and the company's hundreds of law enforcement partners. (via Jeffrey Nonken in the Techdirt chat window)

Thirteen of the 40 jurisdictions reached, including Winter Park, said they had made zero arrests as a result of Ring footage. Thirteen were able to confirm arrests made after reviewing Ring footage, while two offered estimates. The rest, including large cities like Phoenix, Miami, and Kansas City, Missouri, said that they don’t know how many arrests had been made as a result of their relationship with Ring — and therefore could not evaluate its effectiveness — even though they had been working with the company for well over a year.

The extensive agreements with Ring -- ones that allow the company to write press releases and veto law enforcement statements it doesn't like -- apparently don't require any sort of data gathering or reporting that would tie Ring cameras to arrests. The report says none of the 40 departments contacted collect data that might indicate whether or not the increased installation of cameras has reduced crime or resulted in more arrests.

Ring cameras may be everywhere, but their contribution to combating crime is apparently no greater than its competitors. Any other camera company could boast it's contributed just as much as Ring has, all without blurring the line between public and private by aggressively courting law enforcement agencies. The list of criminals taken down by Ring footage reads like a small town paper's police blotter:

Of the arrests that police connected to Ring, most were for low-level non-violent property crimes, according to interviews and police records reviewed by NBC. These arrests detailed the theft of a $13 book, the theft of a Nintendo Switch video game console (and several items, including two coffee mugs, purchased from the Home Shopping Network valued at $175. In Parker County, Texas, two people were arrested for allegedly stealing a dachshund named Rufus Junior, valued at $200.

These are the success stories. And that's from agencies that actually have success stories to relate. Most don't have anything to talk about or are only reporting a very small number of arrests in relation to their cities' overall property crime rate.

But it has opened a dialog of sorts between citizens and law enforcement. Some people view their cameras and the law enforcement portal as a "may I speak to the manager" connection.

Ring makes it so frictionless to share footage with police that some residents submit videos of anything they find displeasing, even when there is no indication that a crime has been committed, Lt. Santos, of Winter Park, said.

“We’ve gotten videos of racoons in the yard, with people saying, ‘Hey, can you deal with these racoons?’” he said. “That’s the type of people we’re dealing with. They’re constantly sending us video clips.”

Ring continues to insist its hundreds of law enforcement partnerships makes citizens safer. But outside of a handful of arrests related to small property crimes, there's nothing in the data that suggests the thousands of cameras and hundreds of partnerships has actually increased public safety.

Trying to have it all, Ring welcomed police departments into the fold, offering steep discounts on cameras to agencies that played along with its PR pitches and distribution tactics. Citizens could get cameras for almost nothing from local cops with the implicit suggestion they share their recordings with cops whenever law enforcement asked.

That was the initial wave of bad press: the co-opting of police departments to turn consumer security cameras into extensions of law enforcement surveillance networks. The second wave was almost worse. It involved the hijacking of Ring cameras by malicious jerks who used lists of credentials taken from security breaches to take control of the connected devices.

Ring shifted the blame for these hijackings to the end users. While Ring does encourage the use of "strong" passwords and two-factor authentication, it did not -- until recently -- make either of these the default. A recent update to its "privacy dashboard" finally allowed users to easily control access to their cameras by providing lists of all IP addresses/devices currently logged in. It also nudged users in the direction of 2FA a bit more firmly, making this opt-out, rather than opt-in.

The latest update goes further. And it must have been painful to implement, since it undercuts part of the company's sales pitches to law enforcement agencies. Ring has played up the advantages of cops handing cameras to citizens, creating portals that give officers maps of Ring camera locations and coaching cops on the finer points of obtaining footage without a warrant. This addition to Ring's privacy dashboard is going to make it a bit more difficult for cops to bypass the warrant process when seeking to obtain camera footage from Ring users.

In the new update, users will be able to see an "Active Law Enforcement Map" clarifying which local institutions are part of the Neighbor Portal network. They will also be able to disable requests for video from officials, whether or not they have received one in the past. (This feature was available previously, but an account had to have received one request for the opt-out option to appear.)

Ring's blog post on the dashboard update not-so-subtly hints that users shouldn't do this by telling readers about a couple of times the video request tool was used to solve crimes. Even if this PR nudge proves ineffective, cops aren't completely out of luck. Ring is happy to turn over footage stored in its cloud to law enforcement without notifying users, even as it claims this footage still belongs to the end users.

This is a move in the right direction for Ring. Unfortunately, it still seems focused on becoming an appendage of law enforcement, rather than a producer of consumer goods. As long as it spends more time trying to figure out how it can best assist government middlemen, it's going to keep disappointing the actual users of its cameras.

More disturbing news surfaced earlier this month, when it was discovered this office had allowed its employees to view Ring camera footage uploaded by users. Ring doesn't just produce doorbell cameras. It also sells in-home cameras, making this revelation particularly worrying.

Beginning in 2016, according to one source, Ring provided its Ukraine-based research and development team virtually unfettered access to a folder on Amazon’s S3 cloud storage service that contained every video created by every Ring camera around the world. This would amount to an enormous list of highly sensitive files that could be easily browsed and viewed. Downloading and sharing these customer video files would have required little more than a click. The Information, which has aggressively covered Ring’s security lapses, reported on these practices last month.

Not only did the R&D team have complete access to customers' recordings, so did Ring's US-based engineers and executives. And who knows how many other people have accessed these recordings illicitly? When this access was granted to an untold number of Ring employees, Ring did not encrypt uploaded recordings. The company apparently felt encryption was too expensive to implement and would possibly limit revenue opportunities for the company as it aggressively moved into the home security market.

It turns out the company was using customers' footage to train its AI to recognize faces and other objects. This would be the same facial recognition Ring swears it isn't going to be implementing anytime soon.

Apparently, this abuse of trust has resulted in growth opportunities for Ring-Ukraine. A recent article by Ukranian publication Vector stated the office would be lending its expertise to other Amazon products, which possibly includes Rekognition, Amazon's homegrown facial recognition program.

But that story was buried by Amazon PR shortly after it appeared, according to Sam Biddle of The Intercept.

I asked multiple Amazon representatives and Ring’s head of communications about the Vector article, including specifically what were the “many other Amazon projects” Ring’s Ukrainian staff now worked on.

Although Amazon ignored repeated requests for comment and Ring refused to discuss the subject on the record, it seems that the company did take action: Within hours of my inquiries, the text of the Vector piece was quietly edited to remove references to Amazon. Most notably, the entire quoted sentence about the “many other Amazon projects” the Kyiv office was working on was excised.

The author of the story told The Intercept he had nothing to do with the belated deletion. In fact, he was not aware of any editing until The Intercept brought it to his attention. An email from Vector's editor-in-chief explained the situation, although not all that satisfactorily.

We published a news about rebranding, later pr-manager of Ring Ukraine called me and asked to take Amazon mention out from the article. Since I had a good relationship with manager, the article got just several dozens of views and I understood that everyone know that Ring is part of Amazon anyway, I didn’t even asked questions, said ok and took Amazon part out

It appears Amazon doesn't want people to know it has given a problematic division even more responsibility. It also may be trying to head off another Ring-related PR nightmare by removing any text that might suggest Ring customer recordings are being used to train facial recognition software used by government agencies.

But it's too late to change public perception. The scrubbing may keep Amazon from being linked to unfettered access to Ring camera recordings in search results, but there's no separating Amazon from Ring. And there's nothing here that suggests either company is moving away from leveraging user-generated content to fine-tune AI for the customers they really want: law enforcement agencies.

Ring owners recently discovered how easily their cameras could be hijacked by assholes with no moral compass and too much time on their hands. Using credentials harvested from security breaches, online forum members took control of people's cameras to entertain a podcast audience who listened along as hijackers verbally abused Ring owners and their children.

Ring is now being sued for selling such an easily-compromised product. Ring's response to the original reports of hijackings was to blame customers for not taking their own security more seriously. Ring does recommend two-factor authentication but that's about all it does. It does not inform users when login attempts are made from unrecognized IP addresses or devices, and does not put the system on lockdown after a certain number of failed attempts are made.

Yes, users should use strong passwords (and not reuse passwords), but blaming customers for engaging in behavior most customers will engage in is unproductive. Instead of making two-factor authentication a requirement before deployment, Ring has just repeatedly pointed to its prior statements about its "encouragement" of 2FA -- an "encouragement" that is mostly comprised of defensive statements issued in response to another negative news cycle.

Since it can't keep blaming its millions of customers for its own failings, Ring is taking a very, very small step in the direction of actually taking its customers' security seriously. [Please hold your tepid applause until the end of the announcement.]

Ring has announced that it is adding a new privacy dashboard to its mobile apps that will let Ring owners manage their connected devices, third-party services, and whether local police partnered with Ring can make requests to access video from the Ring cameras on the account. The company says that other privacy and security settings will be added to the dashboard in the future. This new Control Center will be available in the iOS and Android versions of the Ring app later this month.

It's barely enough to make any one feel whelmed, much less overly so. There are two small additions that put this ahead of what Ring offered prior to the newsworthy camera hijackings. First, the app will allow users to see who's logged in at any given time and logout unrecognized IP addresses or locations from within the app.

The second addition finally puts some (baby) teeth into Ring's 2FA recommendation:

[R]ing is continuing to inform its customers of the importance of two-factor authentication on their accounts and will be making it an “opt-out” thing for new account setups, as opposed to the opt-in setup it currently is.

Swell. So that's kind of… fixed. I guess. Now Ring just needs to work on all the other problematic things about itself, like the fact that it's still not going to notify users when new IP addresses, devices, or locations attempt to access their cameras. And it's not going to stop using cop shops as Ring marketing street teams. And for all of its insistence footage is never handed over to cops without the proper paperwork, it still deals from the bottom of the deck by claiming end users own all their footage even as it's handing this footage to law enforcement without the end user's permission or involvement.

Ring has a lot to fix if it's ever going to make its way out of the PR pit it's dug for itself. This is something, but it's just barely something. It's not enough. And it says Ring still isn't serious about protecting its customers -- not from law enforcement and not from malicious idiots who've found a new IoT toy to play with.

I realize this is beginning to resemble a beating that continues long past the point the victim has lapsed into unconsciousness. But if Ring hadn't made itself such an inviting punching bag, I would not continue to rain down printed blows on its oh so very soft body.

Ring first grabbed our attention by offering up a snitch app that encouraged neighbors to start talking about suspicious people in their neighborhood. This app also happened to be a portal for the voluntary sharing of footage captured by Ring cameras, most of which were built into Ring's "smart" doorbells.

From there, things went from bad to worse to godawful to horrendous to PR-team-on-constant-suicide-watch. It has been super-enjoyable for me (and hopefully for Techdirt readers) for two reasons:

1. Ring promiscuously got in bed with over 600 law enforcement agencies, selling them "free" cameras to hand out to homeowners with some implicit/not-so-implicit strings attached. In return, law enforcement agencies gave up their authority and autonomy, granting Ring permission to write their press releases and statements for them.

2. Ring does not care about its customers. It enjoys a commanding lead in the market, but it has produced yet another internet-connected thing that it does not bother to secure properly. When breaches happen -- and they are unimaginably horrifying breaches that involve hijacked cameras -- the company says customers should have done more to secure their devices, rather than accept any responsibility for doing as little as possible to prevent this sort of thing from happening.

So, the latest news is more fuel for the dumpster fire. It's not just cops grabbing footage without bothering with the Fourth Amendment niceties. There's also abuse happening internally -- the sort of abuse you'd expect when you give people access to a wealth of personal information.

The doorbell-camera giant Ring has terminated employees in recent years for improperly accessing users’ video data, parent company Amazon told lawmakers this week, an admission that could increase pressure on the firm to prove it protects customer privacy.

The company has investigated four complaints regarding employees abusing their access to camera data over the past four years, Brian Huseman, a vice president of public policy at Amazon, wrote in a letter to five senators this week.

The company did not provide any detail about the data that was improperly accessed, but considering how much data Ring collects -- along with footage from millions of cameras -- the imagination is free to run wild.

This is the latest unsurprising development for Ring. Give enough people access to intimate recordings and data, and abuse is bound to happen. Maybe the Ring employees were just following the lead of their law enforcement partners, who also have access to a great deal of personal info and abuse this access with alarming frequency.

I'm sure Ring will weather this news cycle as it has every other over the past 12 months: by claiming it takes everyone's security seriously and sending out tweets to anyone tagging the company with the latest bad news saying the coverage is inaccurate. But no one believes Ring, especially when its defensive tweets talk their way around direct questions and link to talking points delivered by Ring reps.

Ring is no longer just a dumpster fire d/b/a a security camera company. Its flaming dumpster existence is mounted to every flatbed car on a never ending train wreck. It can't pull the plug on its thousands of buddy cops. And it appears to be far more interested in market growth than properly serving the customers it already has. Things will get worse. That's it. There's no "before it gets better." At best, Ring can only hope to fade from the public eye before it alienates any more of its past and future customers.

Since it's not really in the customer service business anymore, the end users who thought they were buying some security and peace of mind have discovered they've actually become part of a law enforcement surveillance network run by a company that doesn't really seem to be in the security business.

A group of forum members found Ring cameras incredibly easy to hijack. Running scripts utilizing lists of credentials harvested from the web's many security breaches, some sociopathic idiots were able to brute force their way into taking control of devices. Their favorites were the ones equipped with mics, where they could verbally abuse and taunt unsuspecting Ring owners for the enjoyment of their podcast audience. (I really wish I were making that last part up but this is the internet we have.)

When the news cycle of "hacked" Ring cameras began, Ring was quick to point out this wasn't its fault. To a certain point, Ring is right. Ring says it encourages the use of two-factor authentication and strong passwords. Great. So do lots of IoT device makers. But very few are actually forcing their users to engage two-factor authentication prior to allowing the connected device to go "live" on the web. Ring isn't doing this either.

It's even worse in Ring's case. Ring says it's the customers that are wrong, but it does absolutely nothing to prevent this sort of hijacking. There's no lockout after a certain number of failed logins. No warnings are sent to owners about logins from unrecognized devices or IP addresses. Repeated failed login attempts aren't flagged as suspicious. For a company supposedly in the security business, this is a pretty insecure way to run a business.

It's this latest insecurity that's getting the company sued.

Amazon and its home security subsidiary Ring are facing a federal lawsuit in California over allegations that its "lax security standards" led to a series of invasive and frightening hacks over the past year.

The lawsuit, which alleges Ring security cameras have been hacked six times across the U.S., comes as Amazon's Ring faces a barrage of scrutiny from lawmakers, privacy advocates and the public over its cybersecurity standards and widespread partnerships with local police departments.

The lawsuit [PDF], filed by a victim of just such a "hacking" hopes to become a class action when it's all grown up and fully-represented. Until then, there's this incident, which happened to the plaintiff.

Plaintiff John Baker Orange is a resident of Jefferson County Alabama. He purchased a Ring outdoor camera for his house in July 2019 for approximately $249.00. The Ring camera was installed over his garage with a view of the driveway. Mr. Orange purchased the Ring camera to provide additional security for him and his family which include his wife and three children aged 7, 9, and 10. Recently, Mr. Orange’s children were playing basketball when a voice came on through the camera’s two-way speaker system. An unknown person engaged with Mr. Orange’s children commenting on their basketball play and encouraging them to get closer to the camera. Once Mr. Orange learned of the incident, he changed the password on the Ring camera and enabled two-factor authentication. Prior to changing his password, Mr. Orange protected his Ring camera with a medium-strong password.

Orange alleges that Ring did almost nothing to protect its customers while promising its products will protect its customers.

Unfortunately, Ring does not fulfill its core promise of providing privacy and security for its customers, as its camera systems are fatally flawed. The Ring system is Wi-Fi enabled, meaning that it will not work without internet connectivity. Once connected, however, any internet device can be seen by the on-line community, making it incumbent upon its manufacturer to design the device such that it can be properly secured for only intended use. This obligation is even more critical in instances where the device, like the Ring camera, is related to the safety and security of person and property.

Ring failed to meet this most basic obligation by not ensuring its Wi-Fi enabled cameras were protected against cyber-attack. Notably, Ring only required users enter a basic password and did not offer or did not compel two-factor authentication.

He's not wrong. Security is pretty much an afterthought for this security company. It likes to put its resources into pitching its products to cops, who can then hand the flawed products to citizens in exchange for possible glimpses of camera recordings in the future.

But is it enough to win a lawsuit? The plaintiff alleges negligence and a few other related torts, but he'll have to prove Ring deliberately sold a product it knew was insecure. Ring is probably aware of the lack of built-in security, but is it more deliberately negligent than any other IoT device maker that decides to dumb down security options to increase adoption and marketshare? And if it's just as terrible as its competitors, should that be enough to allow it to escape a lawsuit?

Maybe this one will hit Ring hard and force it and its competitors in the IoT marketplace to actually take the security of their customers seriously, rather than just saying that after their customers have already been compromised. Or maybe I just want Ring to get smacked around for pushing an insecure product on consumers with the assistance of over 600 law enforcement agencies. Ring has been an absentee landlord in its market, grabbing all the market share it can while leaving its millions of customers to fend for themselves when it comes to securing their devices properly.

• Engage in law enforcement stings that don't sting anyone
• Teach cops how to bypass warrant requirements
• Sign up a bunch of people for its snitch app
• Use said snitch app to generate "suspicious person" alerts
• Blame users for not securing their cameras properly
• Admit the company places no restrictions on sharing of subpoenaed footage by law enforcement agencies
• Let everyone know it's collecting images of children

The latest bad news for Ring -- via Caroline Haskins of BuzzFeed -- is another PR black eye inflicted on a company whose face that still hasn't healed from the last half-dozen black eyes.

The log-in credentials for 3,672 Ring camera owners were compromised this week, exposing log-in emails, passwords, time zones, and the names people give to specific Ring cameras, which are often the same as camera locations, such as “bedroom” or “front door.”

The compromised data plays right into the hands of the assholes who hang out in certain online forums solely for the purpose of hijacking people's Ring devices to hassle individuals who thought their homes would be more secure with the addition of an internet-connected camera.

Ring says this leak of personal data isn't its fault. The company claims there's been no breach. Maybe so, but the information is out there and presumably being exploited.

And it's kind of hard to take Ring's word for it. The company has been doing nothing but putting out PR fires ever since its law enforcement partnerships came to light earlier this year. And its explanation for where the sensitive data came from makes very little sense.

“Ring has not had a data breach. Our security team has investigated these incidents and we have no evidence of an unauthorized intrusion or compromise of Ring’s systems or network,” the spokesperson said. “It is not uncommon for bad actors to harvest data from other company's data breaches and create lists like this so that other bad actors can attempt to gain access to other services.”

Ring's spokesperson did not specify which other "companies" it suspected of carelessly handling device names given to Ring devices by Ring users. The spokesperson also failed to explain why Ring took no interest in this sensitive Ring user info until after the security researcher who discovered the compromised credentials discussed his findings on Reddit. "Unable to assist" is not a proper response to notification of a possible breach, but that's exactly what Ring reps told the researcher when he first informed them of what he had found.

Ring may have been quick to blame users for the commandeering of their cameras by a forum full of shitbirds, but the company does almost nothing to ensure users are protected from malicious activity. The only thing Ring does is recommend users utilize two-factor authentication and "strong passwords" (whatever that means). It does not alert users of attempted logins from unknown IP addresses or inform users how many users are logged in at any given time. Ring is doing less than the minimum to protect users but still seems to feel device hijackings are solely the fault of end users.

This is a garbage company. There's no way around it. Ring has prioritized market growth and law enforcement partnerships over the millions of citizens/customers who own its products. Rather than provide a secure product that makes people safer, it's selling a domestic surveillance product that comes with law enforcement strings attached. It has shown it will bend over backwards for the government but is only willing to deliver the most hollow of "we care about our customers" statements in response to news cycle after news cycle showing it absolutely gives zero fucks about its end users.

Hackers have created dedicated software for breaking into Ring security cameras, according to posts on hacking forums reviewed by Motherboard. The camera company is owned by Amazon, which has hundreds of partnerships with police departments around the country.

On Wednesday, local Tennessee media reported that a hacker broke into a Ring camera installed in the bedroom of three young girls in DeSoto County, Mississippi, and spoke through the device's speakers with one of the children.

The family said they had the camera for four days, during which time the hacker could have been watching the kids go about their day.

There's not much actual hacking going on. What appears to be happening is purchasers aren't choosing unique passwords when they set up their cameras. They also aren't using the two-factor authentication Ring recommends.

There are enough cameras out there (and more being installed every day) that there's an entire forum set up just for the hijacking of Ring cameras/doorbells. Forum members are selling exploit tools to each other which allow these jackasses to brute force Ring devices using credentials (usernames/email addresses and passwords) found elsewhere on the web.

The popular exploitables have even spawned a podcast featuring unsuspecting device owners being trolled by jerks who have gained access to Ring and Nest cameras. This is what's in store for device owners who haven't properly secured their new purchases.

A blaring siren suddenly rips through the Ring camera, startling the Florida family inside their own home.

"It's your boy Chance on Nulled," a voice says from the Ring camera, which a hacker has taken over. "How you doing? How you doing?"

"Welcome to the NulledCast," the voice says.

The NulledCast is a podcast livestreamed to Discord. It's a show in which hackers take over people's Ring and Nest smarthome cameras and use their speakers to talk to and harass their unsuspecting owners. In the example above, Chance blared noises and shouted racist comments at the Florida family.

Good times. Nulled forum members are starting to scatter, now that Joseph Cox has shined a light on their dirty little games. The Nulled admin has nailed an unbelievable statement to the top of the forum, saying that Nulled does not tolerate the "harassments of individuals over Ring cameras or any similar." This posting followed some "unscheduled maintenance," which occurred shortly after Motherboard's first article on Ring exploitation went live.

Panic has ensued. Cox reports the forum is in disarray, with members quitting or changing their usernames. Some appeared to be worried law enforcement is all over this. Others think the only ones going to jail are the members who participated in the podcasted Ring hijacking.

But it's not over yet. A few members appear to be willing to roll the dice on possible legal charges.

It doesn't seem the livestreaming of Ring hacking is going to end just yet, however.

"Podcast dead?" one user on the Nulled Discord asked Wednesday night.

Another user replied, "Nope. Tune in Friday. Like and subscribe."

Perhaps the focus of the podcast will change. Considering the channel's been dedicated to finding exploitable devices and exploiting them to create content, any pivot will likely be short lived.

In the meantime, Ring is doing about the only responsible thing it's ever done.

"As a precaution, we highly and openly encourage all Ring users to enable two-factor authentication on their Ring account, add Shared Users (instead of sharing login credentials), use strong passwords, and regularly change their passwords," [Ring] added.

Perhaps more education of consumers is in order. Security recommendations are great, but purchasers appear to feel installing the cameras is the end of the job. It's one thing to get your sidewalk-facing doorbell camera hacked. It's quite another to have your interior cameras turned against you. The Internet of Things continues to be awful. Ring's general awfulness kind of obscures the fact that this particular debacle isn't really Ring's fault. But it could be doing more. It could prevent deployment until two-factor authentication is engaged. And it could ease up a bit on its promises of home security when the default setup process allows outsiders to virtually enter the homes of Ring owners.

Ring doorbells have 95% of the doorbell camera market. That's a lot of "fuck you" market share. Ring says all doorbell camera footage belongs to homeowners, even as it renders homeowners extraneous by handing over footage stored in the cloud in response to subpoenas. Ring says it cares about the privacy of its customers, even as it tallies up doorbell rings and partners with law enforcement in sting operations.

The never ending negative news cycles continues for Ring with these details tucked away in another long, scathing report on the the doorbell company that wants so badly to be deputized, it's willing to cross lines most tech companies aren't willing to cross.

Caroline Haskins of Vice has been tracking Ring's incestuous relationship with law enforcement for several months now, using a slew of public records requests to make the things Ring and law enforcement don't want to discuss publicly public.

In her latest post -- one that should be read start to finish, especially if you haven't kept current with Ring's endless deluge of self-owns -- Haskins points out some more reprehensible behavior by the home security company that thinks it's a domestic surveillance contractor.

Being a good citizen involves more than flying an American flag over your driveway.

West Hollywood, CA distributed flyers advertising its Ring subsidy program at voter registration events, according to documents obtained by Motherboard. West Hollywood also sold subsidized Ring products “exclusively” to residents in areas moderated by neighborhood watches. Everyone who bought a discounted camera was added to a registry list with their name and address.

Ah, there's nothing more American than implicating the First and Fourth Amendments at the same time. The only way this would have been more American is if law enforcement asked citizens to turn over their weapons until troops were done staying at their homes.

Ask not what your [insert law enforcement agency name here] can do for you. Ask what you can do for [REDONDO BEACH POLICE DEPARTMENT].

Police from Redondo Beach, CA even used the pretense of camera registries to determine who should get a discount and who shouldn’t, according to a city council meeting memo obtained by Motherboard. Police said that they inspected the facades of homes of each applicant, and looked for who had the most “optimal viewpoints that could assist with criminal investigations.”

Kind of fucked up. What makes it really fucked up is the Redondo Beach PD offered steeper discounts to homeowners who agreed to place cameras in areas where they could capture footage "of the entire block" (60% stipend) or a "neighboring residence" (50% stipend).

Meanwhile, further north, Green Bay, WI police handed out cameras to residents under a "loan" program that predicated end user "ownership" on police ownership of all footage.

The implicit ask becomes explicit. Ring has partnered with 600+ law enforcement agencies. There's no reason to believe what's been revealed here is an anomaly.

Ring is swallowing up the doorbell camera market with aggressive marketing that includes the free use of taxpayer-funded services. It calls over 600 law enforcement agencies "partners." In exchange for agency autonomy and free cameras, police departments all over the nation are pushing cameras on citizens and asking them to upload anything interesting to Ring's "I saw someone brown in my neighborhood" app, Neighbors.

The company that has someone in charge of its facial recognition division Ring claims it's not using to implement facial recognition tech is handing out cameras like laced candy. Law enforcement agencies are snatching the cameras up. And they're snatching the footage up, using subpoenas to work around recalcitrant homeowners. Once they have the footage, they can keep it forever and share it with whoever they want.

They can also run the footage through whatever hardware or software they have laying around, as Caroline Haskins reports for BuzzFeed.

Amazon does not offer the ability to recognize faces in footage on its Ring doorbell cameras. But just one month after police in Chandler, Arizona, received 25 surveillance cameras for free from the company, the department's then–assistant chief discussed using its own facial recognition technology on Ring footage at a meeting of the International Association of Chiefs of Police, according to his slideshow obtained in a public records request.

In an April presentation titled “Leveraging Consumer Surveillance Systems,” Jason Zdilla discussed various consumer surveillance devices and platforms. Examples cited in the presentation included Ring cameras and the Neighbors app.

It's the perfect storm of unaccountability. Footage can be obtained from Ring with a subpoena. Ring hands it over with zero strings attached. Cop shop runs it through the Zoom Enhancer and any databases it has or has access to. Bingo: facial recognition in cameras supplied by a company that says it's not all that into facial recognition at the moment.

Now, you may be wondering why this is a big deal. Why does any of this matter when other surveillance systems with cloud storage are likely similarly responsive to subpoenas and place no restrictions on footage they hand over to law enforcement?

Well, two things: first, Ring claims all footage belongs to camera owners, but treats camera owners as if they're not a stakeholder when it comes to sharing their recordings with the government.

Second -- and far more importantly -- Ring aggressively courts police departments as "partners," turning consumer products into unofficial extensions of existing government camera networks. Ring hands out free cameras to cops and hands out even more freebies if cops convince homeowners to download the Neighbors app and share as much footage as possible. Ring also takes control of all PR efforts and official statements involving Ring doorbells that cops have given to citizens. And Ring coaches cops how to obtain footage without having to trouble the courts with a warrant.

This is unlike any other company in the home security business. Ring's assimilation of hundreds of law enforcement agencies blurs the line between public and private in the name of commerce. Taxpayers are contributing to their own co-opting into a surveillance mesh network propelled by one of the largest companies in the world. This isn't acceptable. But the longer Ring's expansion remains unchecked, the sooner its behavior will become normalized. And once it's normalized, it's over.

Documents obtained by The Intercept show Ring is still "innovating," even if there's no apparent customer demand for facial recognition tech. Sam Biddle has the details:

Ring, Amazon's crimefighting surveillance camera division, has crafted plans to use facial recognition software and its ever-expanding network of home security cameras to create AI-enabled neighborhood “watch lists,” according to internal documents reviewed by The Intercept.

The planning materials envision a seamless system whereby a Ring owner would be automatically alerted when an individual deemed “suspicious” was captured in their camera’s frame, something described as a “suspicious activity prompt.”

In the mockup seen by The Intercept, "suspicious" apparently translates to "shabbily dressed man." This person is shown walking past a garage-mounted camera (which the company says users shouldn't point at public areas like streets and sidewalks) with the alert "This person appears to be acting suspicious."

Dress better, citizens. Otherwise, your image might be uploaded to Ring's snitch app, Neighbors, where local randos can collectively gin up fear and sic the cops on you. Nowhere in the document does Ring define what triggers its "suspicion" sensors.

Here's where the facial recognition tech is pitched but never named specifically:

A third potentially invasive feature referenced in the Ring documents is the addition of a “proactive suspect matching” feature, described in a manner that strongly suggests the ability to automatically identify people suspected of criminal behavior — again, whether by police, Ring customers, or both is unclear — based on algorithmically monitored home surveillance footage. Ring is already very much in the business of providing — with a degree of customer consent — valuable, extrajudicial information to police through its police portal. A “proactive” approach to information sharing could mean flagging someone who happens to cross into a Ring video camera’s frame based on some cross-referenced list of “suspects,”

Ring may not have facial recognition tech built in (yet), but plenty of police departments utilize or have access to this software. Any images or footage shared with law enforcement agencies -- either voluntarily by Ring owners or acquired with a subpoena from the company -- can be subjected to facial recognition tech and placed on a Ring-enabled "watchlist."

Ring remains mostly a dump pipe in this scenario, but its aggressive marketing to law enforcement suggests it wants its 600+ government partners to take advantage of the tools they have on hand to make the most of footage cops are invited to download and hold onto indefinitely. Ring can then remain in a state of plausible deniability when being questioned by critics and/or Congress while still giving hundreds of law enforcement agencies all the reason they need to act as Ring brand ambassadors.

Since its introduction, Ring has been steadily increasing its market share -- both with homeowners and their public servants. At the beginning of August, this partnership included 200 law enforcement agencies. Three months later, that number has increased to 630.

What do police departments get in exchange for agreeing to be Ring lapdogs? Well, they get a portal that allows them to seek footage from Ring owners, hopefully without a warrant. They also get a built-in PR network that promotes law enforcement wins aided by Ring footage, provided the agencies are willing to let Ring write their press releases for them.

They also get instructions on how to bypass warrant requirements to obtain camera footage from private citizens. Some of this is just a nudge -- an unstated quid pro quo attached to the free cameras cops hand out to homeowners. Some of this is actual instructions on how to word requests so recipients are less likely to wonder about their Fourth Amendment rights. And some of this is Ring itself, which stores footage uploaded by users for law enforcement perusal.

If it seems like a warrant might slow things down -- or law enforcement lacks probable cause to demand footage -- Ring is more than happy to help out. Footage remains a subpoena away at Ring HQ. And, more disturbingly, anything turned over to police departments comes with no strings attached.

Statements given to Sen. Edward Markey by Amazon indicate footage turned over to cops is a gift that keeps on giving.

Police officers who download videos captured by homeowners’ Ring doorbell cameras can keep them forever and share them with whomever they’d like without providing evidence of a crime, the Amazon-owned firm told a lawmaker this month.

Brian Huseman, Amazon's VP of Public Policy, indicates the public is kind of an afterthought when it comes to Ring and its super-lax policies.

Police in those communities can use Ring software to request up to 12 hours of video from anyone within half a square mile of a suspected crime scene, covering a 45-day time span, Huseman wrote. Police are required to include a case number for the crime they are investigating, but not any other details or evidence related to the crime or their request.

Ring itself maintains that it's still very much into protecting users and their safety. Maybe not so much their privacy, though. The company says it takes the "responsibility" of "protecting homes and communities" very seriously. But when it comes to footage, well… that footage apparently belongs to whoever it ends up with.

Ring… "does not own or otherwise control users’ videos, and we intentionally designed the Neighbors Portal to ensure that users get to decide whether to voluntarily provide their videos to the police.”

It's obvious Ring does not "control" recordings. Otherwise, it would place a few more restrictions on the zero-guardrail "partnerships" with law enforcement agencies. But pretending Ring owners are OK with cops sharing their recordings with whoever just because they agreed to share the recording with one agency is disingenuous.

Ring's answers to Markey's pointed questions are simply inadequate. As the Washington Post article notes, Ring claims it makes users agree to install cameras so they won't record public areas like roads or sidewalks, but does nothing to police uploaded footage to ensure this rule is followed. It also claims its does not collect "personal information online from children under the age of 13," but still proudly let everyone know how many trick-or-treaters came to Ring users' doors on Halloween. And, again, it does not vet users' footage to ensure they're not harvesting recordings of children under the age of 13.

The company also hinted it's still looking at adding facial recognition capabilities to its cameras. Amazon's response pointed to competitors' products utilizing this tech and said it would "innovate" based on "customer demand."

While Ring's speedy expansion would have caused some concern, most of that would have been limited to its competitors. That it chose to use law enforcement agencies to boost its signal is vastly more concerning. It's no longer just a home security product. It's a surveillance tool law enforcement agencies can tap into seemingly at will.

Many users would be more than happy to welcome the services of law enforcement if their doorbell cameras captured footage of criminal act that affected them, but Ring's network of law enforcement partners makes camera owners almost extraneous. If cops want footage, Ring will give it to them. And then the cops can do whatever they want with it, even if it doesn't contribute to ongoing investigations.

These answers didn't make Sen. Markey happy. Hopefully, other legislators will find these responses unsatisfactory and start demanding more -- both from law enforcement agencies and Ring itself.

Ring is putting the "creep" back in the phrase "surveillance creep." While there's some value to keeping an eye on your front doorstep when you're expecting an expensive delivery, the downside is Ring might be letting cops know you've got a camera on your house. What it won't be letting you know is that it will part with your footage at the drop of a subpoena.

If you're not eyeballing your neighbors by proxy, you're not living right. That's the message of the Neighbors app, which is pushed by Ring and cops alike. Breaking down "sharing" barriers is the first step toward bypassing the warrant process. Ring is the grease and the wheel.

The pushback against Ring's law enforcement adoption offensive has had minimal effect on the company. It continues undeterred, even as it attempts to explain both its lack of interest in adding facial recognition software to its doorbells and its retention of a facial recognition division head. It's things like this that make one believe the public's opinion ultimately doesn't matter, not if Ring can convince enough cop shops to start pushing its offerings on the public.

Ring is back in the news again. And, again, it's not because it did anything right. Or competently.

First, Buzzfeed reports the doorbell company is as tone deaf as it is dominant in its market sector. What Ring thinks is cute and fun is actually just very, very creepy.

In a company blog and series of Instagram stories, posted Monday and Tuesday, the company showed that it collects, stores, and analyzes sensitive data about how, when, and where people use its doorbell cameras. Ring said that nationwide, its doorbell cameras were activated 15.8 million times on Halloween. The company makes several other types of surveillance cameras in addition to its doorbell camera.

As it has on other occasions, like Super Bowl Sunday, Ring turned Halloween into a marketing opportunity. As reported by Mashable, Ring circulated videos of children on Halloween on Twitter. Ring also promoted Halloween-themed skins to decorate doorbell cameras on its company blogs and Instagram. However, in promoting itself as a family-friendly company, Ring showed that it collects user data on a granular level.

Friends, neighbors, visitors… children -- nothing but data and footage to be used to promote Ring's version of everyday life in the United States. The information a Ring doorbell collects belongs to Ring, not its customers. And if it belongs to Ring, it can be had without a warrant in most cases. Ring knows how often customers' doorbells ring. It says it anonymizes this data, but first you have to trust that it actually did what it said it did. And then you have to believe anonymizing data actually anonymizes it, which it kind of doesn't.

But trading trick-or-treating kids for social media impressions isn't the only headline Ring made this past week. It also showed it's not immune to the IoT curse: connected "smart' things tend to be attack vectors. And if they're not actually being attacked, they're just giving info away to whoever wants it.

A vulnerability in the Amazon Ring doorbells could have exposed homes’ WiFi username and password to hackers.

Discovered earlier this year by Romanian cybersecurity firm Bitdefender, the issue caused users’ WiFi credentials to be transmitted unencrypted while they were setting up the internet-connected device.

“When entering configuration mode, the device receives the user’s network credentials from the smartphone app,” Bitdefender notes. “Data exchange is performed through plain HTTP, which means that the credentials are exposed to any nearby eavesdroppers.”

While this method requires a hacker to be near the doorbell or on the targeted WiFi network in order to intercept the credentials, this doesn't mean exploitation is only a crime of opportunity. As Bitdefender noted, hackers could flood the device with de-authentication messages which would kick the doorbell off the network. When Ring users try to reconnect their doorbell to their network, hackers could jump in and grab the credentials as they sail by in plaintext.

The good news is this issue has been fixed. The bad news is this is the second time Ring's doorbells have been caught handing out WiFi credentials. At least last time, malicious hackers needed physical access to the doorbell. The last misstep allowed hackers to stay in their cars.

The further bad news is Ring is still Ring and mainly interested in turning doorbells in spy cams that can be easily accessed by its hundreds of law enforcement "partners." It has never expressed any sincere desire to protect the privacy of its users. As far as it's concerned, every camera is just another eye it owns, feeding it footage and data it can use at will.

Amazon's Ring has nailed down 95% of the doorbell camera market. Some of this is due to name recognition. Amazon and doorsteps go together and who wouldn't want a passive eyeball "guarding" the front door to deter package thieves from walking off with a homeowner's purchased goods?

But Amazon has also received a lot of support from hundreds government agencies. Amazon gives local police departments discounts on the cameras in exchange for pushing residents to use Ring's snitch app, Neighbors. The app encourages users to post footage of suspicious happenings, further erasing the line between public and private, and making Ring owners more receptive to law enforcement requests for footage.

The wheels are further greased by law enforcement, which gives these cameras away to homeowners (sometimes even going so far as to help install them) with the implicit suggestion homeowners will return the favor when cops make warrantless requests for recordings. If law enforcement agencies feel uneasy about this public/private partnership, Ring is more than willing to handle agencies' PR work by issuing press releases and editing planned public statements.

Ring also provides a portal for officers to request footage from camera owners. There's nothing in the process that encourages the use of a warrant. If users reject the request, cops can just grab a subpoena and get it from Ring directly, bypassing warrant requirements completely.

The rollout continues unabated, with Ring receiving another PR black eye with every set of released public records. At some point, Ring was providing officers with a map of every installed Ring camera -- even those officers didn't hand out themselves. It also gave officers stats on how often their warrantless requests for recordings were rejected. Ring has also claimed it won't be adding facial recognition tech to its cameras (yet), but it also employs a "Head of Facial Recognition Tech."

Since Ring's not going to stop being Ring, a coalition of more than 30 civil rights groups is asking legislators to start paying attention to what's happening on millions of doorsteps in America. (via Boing Boing)

Today, 30+ civil rights organizations signed an open letter sounding the alarm about Amazon’s spreading Ring doorbell partnerships with police. The letter calls on local, state, and federal officials to use their power to investigate Amazon Ring’s business practices, put an end to Amazon-police partnerships, and pass oversight measures to deter such partnerships in the future.

Specifically, the letter asks city, state, and federal legislators to step into the regulatory void created by this new market -- one that expands government surveillance powers by tying law enforcement agencies to cameras owned by private citizens.

Amazon Ring partnerships with police departments threaten civil liberties, privacy and civil rights, and exist without oversight or accountability. Given its significant risks, no surveillance partnerships with Amazon Ring should have been established, or should be established in the future, without substantial community engagement and input and elected official approval. To that end, we call on mayors and city councils to require police departments to cancel any and all existing Amazon Ring partnerships, and to pass surveillance oversight ordinances that will deter police departments from entering into such agreements in the future. We further call on Congress to investigate Ring’s practices and demand more transparency from the company.

Fight for the Future points out footage obtained by law enforcement agencies can be held onto indefinitely. Once stored locally, agencies are free to apply facial recognition tech Ring hasn't added to its product yet. They can also turn this over to federal agencies like ICE and the FBI without needing to go through the hassle of receiving a judge's signature.

And if legislators aren't worried about police access to footage, maybe they'll show some concern about Ring's access to its cameras. Contractors employed by Ring have access to live footage as well as any recordings stored in its cloud.

Ring has cornered the market. It also has 400+ law enforcement agencies in its pocket. The expansion isn't slowing and Ring has shown it's willing to speak on behalf of the government through press releases and to edit the government's statements if it doesn't like what's being said. This isn't normal. And the potential downsides of allowing cops and private companies to coexist as equal partners in surveillance have just begun to be explored.

To date, the company that's already formed partnerships with nearly 400 law enforcement agencies has:

• Instructed cops on how to obtain doorbell footage without a warrant
• Provided cops with info on how often their requests are rejected by citizens
• Written/re-written public statements involving Ring cameras for law enforcement agencies
• Engaged in a heavily-publicized sting operation that failed to net any criminals
• Denied it wants to implement facial recognition technology while employing a "Head of Facial Recognition Technology"

Here's the latest PR coup by the expert self-maligners, as reported by Alfred Ng for CNET:

Ring considered building a tool that would use calls to the 911 emergency number to automatically activate the video cameras on its smart doorbells, according to emails obtained by CNET. The Amazon-owned company isn't currently working on the project, but it told a California police department in August 2018 that the function could be introduced in the "not-so-distant future."

One email obtained by CNET expressed the company's desire to implement a "call-for-service" trigger for recording. And not just recording. The cameras would start streaming footage to police departments partnering with Ring to give them a live feed of the affected (triggered?) area. Ring doorbell users would have to opt in, at least, but the pressure to do so would obviously be increased if the users got their doorbell cameras for free from their friendly local PD.

It appears this plan has been ditched, which will allow Ring to steer clear of at least one more terrible news cycle. That being said, everything else that's bad about this private/public partnership remains true, which isn't going to somehow start being less bad any time soon.

Ring's stated prioritization of customer privacy continues to ring (sorry) hollow. The company pushes users and police departments to gravitate towards its snitch app, where users can be encouraged to "share" footage of "suspicious" events, relieving cops of the burden of requesting footage from users or Ring itself. Investigators can still approach Ring directly for camera footage if residents aren't willing to cooperate. Ring says it only complies with "lawful demands" for recordings. What it doesn't say it that the "lawful demand" is usually a subpoena, not a warrant.

This is working out well for Ring. It's probably also working out fine for local law enforcement agencies. The latter seems very willing to cede creative control to Ring, so whatever relationship these parties have must be beneficial enough that cop shops don't mind taking a backseat to Ring's spin team. Ring seems willing to ride out these turbulent news cycles without making any changes to its business model. And why should it? It has claimed over 95% of the doorbell/camera market and is living rent-free in the hearts and minds of over 400 law enforcement agencies.

There has been no interplay between Amazon's Rekognition software and the Ring doorbell cameras its subsidiary is pushing to cops (who then push them to citizens). Yet. Maybe there will never be. But it's pretty much an inevitability that Ring cameras will, at some point, employ facial recognition tech.

There's probably no hurry at the moment. The doorbell camera company doesn't seem all that concerned about optics -- not after partnering with 400 law enforcement agencies en route to securing 97% of the doorbell camera market. When not writing press releases and social media posts for cop shops, Ring is waging a low-effort charm offensive with vapid blog posts meant to boost its reputation as a crime-fighting device while burying all the questionable aspects of its efforts -- like encouraging "sharing" of footage with law enforcement so they don't have to go through the hassle of obtaining a warrant.

Ring is toughening up a bit in the face of all this bad press. It's engaging directly with critics on Twitter to rebut points they haven't made and answer questions they didn't actually ask. It responded to the ACLU's post that theorized about Amazon's forays into surveillance tech, positing that the company's Rekognition software and Ring doorbell cameras make for a dynamic surveillance duo -- one that faces outwards from millions of private homes around the nation.

Ring says it does not use facial recognition tech in its doorbells. It has made this statement multiple times in the past couple of weeks. That's good news. But it's not the end of the story. Nicole Nguyen and Ryan Mac of BuzzFeed are countering Ring's PR push by pointing out that it's a little weird for a company that says it does not use facial recognition tech to employ someone directly tasked with exploring facial recognition opportunities. (via Boing Boing)

While Ring devices don’t currently use facial recognition technology, the company’s Ukraine arm appears to be working on it. “We develop semi-automated crime prevention and monitoring systems which are based on, but not limited to, face recognition,” reads Ring Ukraine’s website. BuzzFeed News also found a 2018 presentation from Ring Ukraine's "head of face recognition research" online and direct references to the technology on its website.

Maybe the stateside version isn't ready to mix in the tech, but its Ukraine arm seems poised to explore this option. The presentation BuzzFeed located was created by Oleksandr Obiednikov, who listed himself as Ring's "Head of Face Recognition Tech" in his presentation about "alignment-free face recognition."

Ring's US operations also indicate Ring is looking into this, even if it hasn't added the tech yet.

In November 2018, Ring filed two patent applications that describe technology with the ability to identify “suspicious people” and create a “database of suspicious persons.”

So, the company's assertions about facial recognition tech appear to be true, but only because it has added the qualifier "currently" to its statements. The pairing of doorbell cameras to unproven, often-inaccurate facial recognition tech is all but assured. Ring's denials would be a whole lot more palatable if it wasn't exploring this option elsewhere in the world.

We may only be on the outskirts of a corporation-enabled dystopia at the moment, but a future full of unblinking eyes containing biometric scanning capabilities is swiftly approaching. And this surveillance state won't be the product of the show of force by the government but the result of private companies using law enforcement to expand their user base with a series of "would you kindly?" requests.

What's the catch? There isn't one* -- not if you disregard the implications of accepting a free surveillance camera from law enforcement. Ring wants more end users and for more of those end users to download its Neighbors app. Neighbors accelerates the sharing of doorbell cam footage. It also accelerates bigotry, which tends to turn virtual meetups on Neighbors into a discussion about shady people of color wandering the neighborhood.

^{*Sometimes there's a catch.}

It's not enough for Ring to command nearly 100% of the market. It also spends its time vetting law enforcement statements and press releases to ensure cop shops stay on brand and push the Neighbors app. The more people cops can convince to use the app, the bigger the discount on the next order of Ring doorbells.

Sharing is what matters. Encouraging people to share footage of suspicious activity with their neighbors via the app breaks down reservations people might have about turning over footage to cops. Law enforcement requests are made through a portal provided by Ring, which includes a map that shows cops every residence that has a Ring doorbell installed.

The Guardian has obtained documents from two more of the 400+ law enforcement agencies currently partnering with Ring. These documents contain screenshots of Ring doorbell maps from the portal, as well as its template for warrantless footage requests.

The documents also contain a very heavily-edited press release from the Gwinnett County Police Department. Nearly the entire thing has been rewritten by Ring reps, excising mentions of Ring's donation of 80 cameras, as well as language that makes it clear law enforcement will have access to any footage uploaded to the Neighbors app. [Picture via The Guardian]

The end game is seamless access to recordings, with the wheels greased by social media interaction and the implicit suggestion that recipients of free doorbell cameras may want to repay the favor with a little footage.

But not everyone is willing to give cops warrantless access to footage. Well, Ring is on top of that as well, as Dell Cameron reports for Gizmodo. Upon request, it will hand over rejection stats to law enforcement, letting them know how often citizens (or "civilians" in Ring's PR language) aren't meeting their tacit obligations. Turns out it's most of them.

The request data acquired by Gizmodo, which covers a five-month period in 2018, showed that Ring customers in Fort Lauderdale, Florida, had largely ignored police requests for footage. Between May and September of 2018, the Fort Lauderdale Police Department issued 22 requests via Ring’s law enforcement portal. Those requests resulted in 319 emails being sent to residents asking them to hand over footage, a statistic that the company now says it keeps confidential.

Supposedly, Ring is no longer doing this. According to its spokesperson, it no longer makes this info available to law enforcement agencies. But this low hit rate has to be a concern. The requests come via the Neighbors app or via email. In some cases, people may not have seen the email. In many more cases, people probably just opted out by ignoring or deleting the request.

Police officers also do not know who they're sending requests to. A geofence of sorts narrows down what cameras might provide useful footage, but the portal does not identify the end users. This is a good way to handle this, ensuring there are no reprisals for refusals. But this siloing means nothing when cops are part of the installation team.

In Fort Lauderdale, police went to dozens of homes and helped residents install Ring cameras after holding raffles at neighborhood watch meetings and handing them out for free.

Given the amount of data that is available to law enforcement via the portal, it's pretty easy to narrow down who's been helpful and who should have their emergency call backburnered. Given enough rejections, officers may just decide these Ring owners don't care enough about the safety of their neighborhood to warrant a speedy response. But if these requests are headed to inboxes filled with other junk email, there's probably no malice intended. Hopefully, no one's treating these non-responses as antagonistic, but that's always a concern when the cop mindset tends to be "us vs. them" -- especially those who refer to work as engaging in a "war" against crime.

Every document obtained by journalists brings more bad Ring news to the discussion. The company has already decided it will back the blue. Those in blue seem to enjoy this partnership, even if it means they won't be obtaining much footage and all public-facing announcements must be run by the company before they can be released. Amazon is blurring the line between public and private to grow a private market. If cops want to get pissed off about anything, maybe it should be their demotion to Ring brand ambassadors.

Amazon's Ring doorbell -- which sports a handy camera to catch all those package thieves -- has swallowed up more than 200 police departments with its charm offensive. Cops get doorbell cams at a discount and hand them out for free to locals with the assumption residents will repay the favor by granting officers warrant-free access to footage any time they ask.

To decrease friction, Ring -- which has final edit approval on police publicity efforts -- nudges people towards its snitch app, Neighbors, which encourages users to post any suspicious footage they capture. Ring also nudges law enforcement towards more social media interaction with Ring users to blur the line between sharing with neighbors and sharing with government employees.

The push continues. Amazon sees a market worth cornering and cops see a handy way to turn multiple doorsteps into extensions of their existing surveillance network. Win-win for all involved, I guess, except those who want to secure their homes without feeling obligated to hand over footage whenever the government thinks it might be helpful.

The advantages for law enforcement are obvious. And that has led to more… um… proactive efforts by law enforcement to spread the good word about these doorbell cameras. Louise Matsakis reports for Wired that a California law enforcement agency recently offered Ring doorbells to citizens in exchange for some help with their cop work.

On June 21, Chris Williams, the captain of the El Monte Police Department in California, sent an email to staff reminding them about a new incentive for crime witnesses to share information with law enforcement. Rather than the cash reward used by some programs, El Monte gave out camera-equipped doorbells made by the home security company Ring, which retail starting at $99.

The asking price for a "free" $99 camera seems to be a bit steep. According to documents obtained by Caroline Haskins of Motherboard, the El Monte PD isn't interested in vague tips about somebody seeing somebody do something. This may be acceptable for confidential informants, but potential camera "winners" have a higher bar to hurdle. The tips must be specific, result in a prosecution, and -- here's the big one -- potential camera recipients must be willing to testify in court.

Since the PD is also sort of getting a free camera -- what with Ring's online portal that allows cops to locate any Ring owner and ask them directly for footage sans warrant -- this seems like a raw deal for the general public. While most people do want to help law enforcement put criminals behind bars, a decent percentage of those probably aren't willing to go so far as to get on the stand during a trial.

Ring says it doesn't encourage this sort of thing, nor does it craft scripts or write PR pitches suggesting cops offer free cameras in exchange for testimony. But Ring definitely encourages this sort of thing with its unending push to deploy more cameras and get more people using its Neighbors app.

A few weeks after Williams sent out a reminder about the rewards program, a Ring employee emailed him with a congratulatory note: “Since EMPD first onboarded on 5/1, you have all increased your Neighbors app users (El Monte residents) by 1,058 users! Great job!”

And there's even more encouragement where that came from.

Ring nominated the El Monte Police Department for Ring’s “Agency of the Year Award,” according to new emails obtained by Motherboard. One email from a Ring representative, dated July 2019, asks the police department to submit “a success story” that resulted from using the Law Enforcement Neighborhood Portal.

There's really no downside to the El Monte PD's exchange program, other than some negative press. If someone is willing to do all of this for a $99 camera, it's unlikely they'll push back at all when the PD starts asking for their doorbell footage.

At least 200 law enforcement agencies around the country have entered into partnerships with Amazon’s home surveillance company Ring, according to an email obtained by Motherboard via public record request.

Ring has never disclosed the exact number of partnerships that it maintains with law enforcement. However, the company has partnered with at least 200 law enforcement agencies, according to notes taken by a police officer during a Ring webinar, which he emailed to himself in April. It’s possible that the number of partnerships has changed since the day the email was sent.

Amazon is slowly but steadily building a surveillance network. It's not just building it for itself. It has Alexa for that. It's building a new one for US law enforcement agencies, free of charge, in exchange for free promotion and future long-term buy-in.

Ring's doorbell cameras are a consumer device, but many, many people are getting them for free from local PDs. The incentives work for everyone… except for those concerned about a private company turning people's houses into de facto police cameras. The police hand out the free cameras to citizens, implicitly suggesting end users could repay their debt to um... society[??] by providing camera footage on demand. Amazon gives these cameras to PDs for next to nothing, asking only that PDs promote Ring cameras and push camera recipients into downloading Amazon's snitch app, Neighbors.

Two hundred law enforcement agencies is a drop in the S3 bucket, considering there's almost 18,000 law enforcement agencies in the United States. But every market starts somewhere, and Amazon is aggressively pursuing this untapped arena with free doorbell cameras, a free law enforcement surveillance portal, and a bunch of incentives that skew heavily in favor of the watchers. Sooner or later, the other Amazon marketing push -- facial recognition -- will get folded in, giving cops the chance to determine who you're hanging out with by using your own doorbell against you.

If you would like a chance to die within seven days of reading them, Motherboard has posted its public records stash here. It adds to the wealth of information showing Amazon is steadily pursuing non-paying customers -- so long as they exhibit a bit of brand loyalty. Its paying customers -- the millions of Prime members -- are now just sting fodder to be used in a never-ending string of disappointing anti-package theft operations.

But Amazon's willingness to tie government agencies into contracts that demand final cut approval on press releases and a certain amount of free publicity blurs the line between public and private. That blurred line, unfortunately, runs right up to the doorsteps of suburban America, converting personal security into police surveillance.

The promise is a bit more security, in the form of a doorbell that watches your doorstep and the yard/driveway/street beyond. The implicit suggestion is that you repay this deep discount by allowing cops to access camera footage at will. Even if you demur, you'll be added to local law enforcement's Ring map, showing all the houses cops can approach to ask for camera footage.

The doorbells are also tied to an app, Neighbors -- one that Amazon markets with footage of doorstep thefts. Amazon likes this angle so much it's hiring staff to produce news coverage of criminal activities with a hyperlocal focus.

Cops like Ring. And Amazon/Ring likes cops. More tax dollars have headed Amazon's way in recent months, but documents obtained by Vice show this particular partnership -- which also roped in the US Postal Service -- failed to pay off for the citizens funding it. Caroline Haskins reports that a Christmas sting operation in Colorado utilized a lot of tech and government personnel, but failed to round up even the usual suspects.

New documents obtained by Motherboard using a Freedom of Information request show how Amazon, Ring, a GPS tracking company, and the U.S. Postal Inspection Service collaborated on a package sting operation with the Aurora, Colorado Police Department in December. The operation involved equipping fake Amazon packages with GPS trackers, and surveilling doorsteps with Ring doorbell cameras in an effort to catch someone stealing a package on tape.

The documents show the design and implementation of a highly elaborate public relations stunt, which was designed both to endear Amazon and Ring with local law enforcement, and to make local residents fear the place they live. The parties were disappointed when the operation didn’t result in any arrests.

Vice/Motherboard has posted the documents online so the public can retrace the fail trail. The sting operation involved two government agencies, two companies, 25 Amazon boxes, 15 Ring doorbell cameras, 15 GPS tracking devices, and seven Colorado zip codes. The most notable number, however, is the arrest total: zero.

During this driest of runs, the PR coordinator for Ring's snitch app (Neighbors), offered her sincere condolences to everyone involved:

"Unfortunate that none were apprehended this time around…"

Yeah, it sucks no one was out stealing packages from doorsteps. It would have made for a great demo reel when pitching Aurora residences doorbell cameras and their chance to participate in spying on their friends, neighbors, and acquaintances.

The documents also show Amazon coordinating most of the operation, starting with a training session provided by the maker of the GPS devices, all the way through to its final cut approval on Aurora PD press releases about the sting. They also show the police department asked citizens to be a part of the Ring-enabled surveillance network expansion project, doing business under the delightful name of "Operation Grinch Grab."

When reached by Motherboard for comment, officer Wells-Longshore said that the Aurora Police Department does not have access to a Ring law enforcement neighborhood portal, but they asked residents for Ring doorbell footage access, and offered to give some residents free Ring cameras.

Sure, you can take a free camera and refuse to grant law enforcement access to footage, but what kind of a citizen would do that? Probably the kind that won't pick up litter and put it in the trash when asked to by a uniformed officer. These free Ring cameras come with an implied access license few people will feel comfortable violating.

This sting operation's lack of success won't discourage other law enforcement agencies from partnering with Amazon in the future. Amazon has made it very clear it has zero problems selling surveillance tech to law enforcement, even while under the Congressional microscope. With Ring, it's expanding law enforcement's surveillance reach with cheap-to-free cameras that appeal to homeowners' pocketbooks and peace of mind.

If this all seems a bit too cozy, that's because it is. And what appears to be little more than an easy way to capture package thieves on tape is actually a convenient way for the government to keep an eye on people's comings and goings, as well as who they socialize with. For now, it's all about footage of crimes. But the access point is already there and the camera is always rolling.