by Karl Denninger, Market Ticker:
Amazon’s home security company, Ring, admitted to firing four employees for abusing their ability to view customers’ video feeds in a Jan. 6 letter to five Democratic U.S. senators.
The January letter came in response to a Nov. 2 letter from the five senators requesting Amazon founder Jeff Bezos to disclose information regarding Ring’s privacy practices given its ability to upload “video footage detailing the lives of millions of Americans in and near their homes” to its servers.
Now take a look at the excuse:
“Over the last four years, Ring has received four complaints or inquiries regarding a team member’s access to Ring video data,” Amazon Vice President of Public Policy Brian Huseman wrote in the letter. “Although each of the individuals involved in these incidents was authorized to view video data, the attempted access to that data exceeded what was necessary for their job functions,”
Why is anyone at Amazon able to look at any of that data?
Physically able, not “well, they don’t have a password.”
And this, friends, is also a lie:
Additionally, no Ring employee has complete access to a customer’s video footage. Ring only has three employees who currently “have the ability to access stored customer videos for the purpose of maintaining Ring’s AWS infrastructure,” Huseman said.
Every AWS employee who has hypervisor access can get at any of the guest instances — all of them. In addition any unencrypted data is accessible to anyone with administrative access on that cloud infrastructure. The number of people with that access, should they decide to try to use it, likely numbers in the thousands if not tens of thousands.
While it would be nice to believe that there is never a “bad guy” the facts are a different matter. And further, it was a conscious decision in the design of that system to transmit and store that data unencrypted, or effectively so (e.g. where the keys are on the infrastructure itself and thus an administrator can get at them.)
It is entirely possible to choose not to do that; that transmission never happens in unencrypted form and the only person with the key is the customer.
But exactly none of these systems are designed this way.
HomeDaemon-MCP is — on purpose. Now if you, as the end user, decide to store the data on an unencrypted volume that’s on you. But that decision is yours, and the transmission to your device (e.g. phone) is encrypted 100% of the time. Not just the authentication credentials (e.g. via a digest, etc) — the entire video and audio stream.
Why would you be so crazy as to use a system that by design makes possible the interception, viewing and disclosure of the inside of your home, plus the front door, plus whatever that camera can see from there to a nameless, faceless list of people who you have exactly no ability to discover in terms of their identity or vetting?