After a successful rollout in the U.S. earlier this year, Amazon is expanding support for end-to-end encryption for video captured on its Ring products.
“By default, Ring already encrypts customer videos when they are uploaded to the cloud (in transit) and stored on Ring’s servers (at rest),” Ring CTO Josh Roth wrote in an Amazon blog Tuesday.
“Now,” he continued, “customers around the world, with eligible Ring devices, can opt into video end-to-end encryption, to add an extra layer of security that only allows their videos to be viewed on their enrolled mobile device.”
Jon Jarboe, a developer advocate at Accurics, a cyber resilience company in Pleasanton, Calif. explained that end-to-end encryption is a security best practice because it protects the confidentiality of communications — controlling who is able to see or hear the communication.
“Modern internet-connected systems typically send communications across many networks and devices, from the camera device over the air to a router, through the internet to a server, and back out to a viewing device,” he told TechNewsWorld.
“If the communication is not properly encrypted,” he continued, “anybody can view it, if they can intercept it at some point along that path.”
Compelling for Consumers
End-to-end encryption can be compelling for consumers, observed Mark N. Vena, senior director for smart home and strategy at Parks Associates in Addison, Texas.
“Our research indicates that privacy still remains a big concern about smart home devices with many customers,” he told TechNewsWorld. “Having encryption is a big deal. Amazon should be applauded for adding that capability with its Ring cameras.”
End-to-end encryption can also boost consumer confidence in a product, maintained Jonathan Collins, a research director at ABI Research.
“Improved and greater network security supported within smart home devices bring significant benefits, not just from the privacy aspects related to what can be personal or considered personal information, but also from growing consumer confidence that smart home purchases are for their benefit — and not for nefarious practices either by hackers or device and system suppliers and their partners looking to leverage data collection,” he told TechNewsWorld.
Adam Wright, the senior research analyst for the smart home at IDC, noted that end-to-end encryption is all about empowering consumers to take charge of their digital lives.
“In addition to the host of features that are already available to help protect consumers’ devices and digital content — things like two-factor authentication and mandatory use of complex passwords, among others — end-to-end encryption adds another option to a consumer’s toolbox of things they can do to minimize security and privacy threats,” he told TechNewsWorld.
Barrier to Police?
With the global rollout of Ring end-to-end encryption, Amazon may be buying good will in countries that have more rigorous data security and privacy laws than Uncle Sam.
“Part of what’s motivating this is probably setting a higher global standard so wherever Amazon goes, they will be welcome by satisfying stringent local standards,” said Brad Russell, vice president of Interpret, a global advisory company.
“There are a lot of big tech companies doing that now because there’s a patchwork of regulations out there,” he told TechNewsWorld. “It’s less problematic for them to create a product that can be used anywhere on the planet, rather than tailoring products for different locations.”
One concern about end-to-end encryption is how it will affect law enforcement seeking to use Ring video for its investigations. [*Correction – July 14, 2021]
According to the Electronic Frontier Foundation, law enforcement agencies can request, with a single click, video from Ring users within a designated area.
Compliance with that request is voluntary. But, as the EFF points out: Even if a user refuses to share their footage, police can still bring a warrant to Amazon to obtain it. That means users’ video and audio could end up contributing to investigations they wish they had not facilitated — like immigration cases or enabling police spying on protests — even without the users knowing this had happened.
“Ring receives legally binding requests, such as warrants, which every company is subject to, and we carefully review these requests,” an Amazon spokesperson told TechNewsWorld.
“We also transparently disclose the types of information requests received by Ring and how we responded to them on our blog,” she added.
“End-to-end encryption clearly impacts the ability of law enforcement to collect data from the end user and most importantly from Ring itself without the knowledge or consent of the camera owner,” ABI’s Collins said.
“While there are clear benefits for law enforcement to be able to leverage smart home data within the legal system, end-to-end encryption is a response born of a need for greater transparency and growing consumer concern over the use of personal data without their knowledge or permission,” he continued.
“It is also a signal of an evolving smart home user base less convinced of the benefit of data sharing,” he added. “In the long term, this should be seen as a step toward creating impetus for greater transparency and control in the support of access to such data.”
Collins noted that smart doorbells have been a stand out market within the smart home device market.
“As a smart home device it has immediate resonance with consumers who readily understand the value and usefulness of the device,” he said.
“Capturing video outside of the home is less sensitive than inside and the functionality builds on the already well understood home security market, extending control to the doorstep in an intuitive way,” he continued.
“Of course, the boom in online commerce and package delivery has also made the doorstep a key area of value that consumers want to secure,” Collins added.
In 2020, he said ABI Research found that the smart doorbell market in North America grew over 30 percent and in 2021, shipments in that region will surpass 2.8 million.
In addition to expanding the geographic reach of end-to-end encryption, Amazon also added support for authenticator apps, which can provide an additional factor for logging into Ring accounts, and support for Captcha in the Ring and Neighbors apps as an extra safeguard against automated login attacks user accounts.
Amazon is also making it easier to transfer ownership of Ring devices. Within the next few weeks, Roth noted, the company will launch an automated self-service process that obviates the need to call customer service. The new user can activate the Ring device as they set it up, while the old user is reminded to remove the device from their account.
Devices Supporting E2EE
Video end-to-end encryption works with the Ring app 5.34.0 and higher and Android 3.34.0 and above.
Mobile operating systems supported by the technology include iOS 12 and above and Android version 8 (Oreo) and higher.
Ring doorbells and cameras supporting video E2EE are as follows:
- Ring Video Doorbell Pro
- Ring Video Doorbell Pro 2
- Ring Video Doorbell Elite
- Ring Video Doorbell Wired
- Ring Spotlight Cam Wired
- Ring Spotlight Cam Mount
- Stick Up Cam Elite (2nd Gen)
- Stick Up Cam Wired (2nd Gen)
- Indoor Cam
- Ring Floodlight Cam (1st Gen)
- Ring Floodlight Cam Wired Pro
- Ring Floodlight Cam Wired Plus
- Ring Stick Up Cam Plug-In (3rd Gen)
Ring battery-powered video doorbells and cameras do not support E2EE.
*ECT News Network editor’s note – July 14, 2021: Our original published version of this story incorrectly stated, “Until recently, Ring freely gave police access to video stored on its servers by Ring users, without their knowledge, through its Neighbors program.”
Police can request assistance from Ring customers through a Request for Assistance post in the Ring Neighbors app. These posts are publicly viewable in the Neighbors feed, and logged on the public safety agency’s profile for added transparency. Prior to the Request for Assistance procedure, public safety officials could request video through a video request tool. However, this request was totally optional for customers, and police never had access to devices or livestreams. They never had access to videos, customer information, or device location until a customer viewed the video request and actively chose to share their videos and information.
– We regret the error.