The video doorbell is by far one of the most ubiquitous smart home devices. In 2018 alone, consumers spent more than $530 million on a total of 3.4 million units, putting electronic eyes on the doorsteps of homes across the country.
In the interest of disclosure, I must admit that I own several smart home products, including a video doorbell, and am relatively happy with its performance and functionality. But like many consumers I am concerned about a rash of recent reports highlighting previously undisclosed privacy concerns associated with these devices.
It was recently reported that Ring has entered into surveillance partnerships with over 400 law enforcement agencies across the country. Participating jurisdictions are provided access to a “Law Enforcement Neighborhood Portal” that allows them to directly request video without a warrant, and then store it indefinitely. That raises serious questions about civil rights and liberties and understandably has elicited significant community opposition.
Andrew Ferguson, law professor at the University of the District of Columbia succinctly sums up the privacy dynamics at play with these partnerships:
“The pushback they [Amazon] are getting comes from a failure to recognize that there is a fundamental difference between empowering the consumer with information and empowering the government with information. The former enhances an individual’s freedom and choice, the latter limits an individual’s freedom and choice.”
When law enforcement agencies are the customers, he concludes, a company has an obligation to slow down.
To be clear, I have no problem with civic-minded citizens volunteering resources to help solve crimes and Ring doorbells may help modernize crime fighting. But these partnerships, as they currently exist, threaten to create a new level of government surveillance at the front door if oversight cannot keep up.
The use of facial recognition, a feature that is increasingly found in today’s smart camera and often goes hand in hand with many of these law enforcement efforts has also been receiving increased scrutiny.
Already used by a host of Google Nest products including their Hello Doorbell, the recently released Google Nest Hub Max for the first time has brought full facial recognition into the home. These cameras flag known users through its “familiar faces” which according to a Nest spokesperson is “not shared across users or used in other homes.” That’s for now, at least. When asked about future uses, Nest did not provide additional comment. As Google looks to expand their facial recognition offerings to private sector and government clients, more clarification needs to be provided about potential applications in the future.
While Ring cameras do not currently employ facial recognition technology, their parent company Amazon has filed a patent to put its proprietary video scanning software, Rekognition, into its doorbells. Ostensibly it would be used to identify “suspicious people” and alert users when these individuals are caught on camera. While a spokesperson for the company has said “the application was designed only to explore future possibilities,” Rekognition’s other applications indicate this development warrants further examination.
The software has been used by law enforcement to match suspects caught on surveillance footage against mugshot databases. More recently, Rekognition has been marketed to law enforcement as a way to identify people captured on video in real time. If this technology is connected to video doorbells in the future, this could raise some serious privacy concerns.
Will Ring use this as a way to create a visitor log, in real time, of all guests who visit your house? If a “suspicious person” on your doorstep is “face matched” will law enforcement be alerted or add you to some sort of a watch list? Given the software’s propensity for generating false positives, this latter point is especially concerning and must be addressed.
Privacy concerns also extend beyond civil liberties. Some of these products have been released without simple safeguards such as two-factor password authentication and end-to-end encryption of videos, leaving sensitive information vulnerable to cyber attacks, stalkers, and foreign governments. Other times it has resulted in software bugs that could be exploited to spy on users.
One company even has a team of workers that are watching hundreds of clips per day, some of which capture very intimate moments, to train artificial intelligence algorithms. The fact of the matter is the move fast and break things mentality of the tech world doesn’t work when such sensitive information is at stake.
In order to regain consumer trust these companies must move more deliberately, provide greater transparency over how data will be used, and offer greater user control over their products.
Google for one has issued a set of plain-English privacy commitments that tells users what kind of data is collected and how it is used. Amazon, in recognition of the ongoing privacy backlash to their cameras will roll out a “Home Mode” function this fall that will allow owners to turn off audio and video recording while they are home. Both companies, as well as a host of other tech companies have asked for clearer government regulation of facial recognition technology. These are steps in the right direction, but there is still a long way to go.
There does not need to be a false choice when it comes to the utility and privacy of smart home devices. Consumers are demanding more transparency over what data is collected and control over how their data is used. Policymakers at all levels should get involved and provide proper oversight. At the end of the day these products can be valuable tools, but it is incumbent on us to set the rules now that will prevent Big Doorbell in the future.
A Chinese company, Ant Financial, largely owned by the government of China, is intent on taking over MoneyGram, a leading US-based financial payments company. This planned acquisition raises serious questions as to whether ownership of MoneyGram would be part of China’s strategic plan to obtain sensitive personal and financial information of Americans and westerners worldwide as well as to undermine American economic strength. This acquisition should be stopped for that reason.
The Committee on Foreign Investment in the United States (CFIUS) exists to review the national security implications of foreign investments in US companies. CFIUS is comprised of representatives from a number of US agencies or departments — including the Departments of Defense, Homeland Security, State and Commerce. CFIUS can block foreign sales and investments that would result in a foreign power acquiring assets and intellectual property that would harm America’s national security.
There are a number of important national security and strategic reasons that CFIUS should reject Ant Financial’s proposed takeover of MoneyGram. Continue reading
Representative Chaffetz has been investigating the scandal-plagued protective agency — the habitual drunkenness and whoring of its agents, among other things — when Secret Service personnel improperly accessed his protected records in a hunt for dirt. The aim of this was made clear by assistant director Ed Lowery, who wrote to assistant director Faron Paramore: “Some information that he might find embarrassing needs to get out.”
Critics are saying that the agency’s brass — at least 18 of them were culpably aware of the plan, and 45 employees illegally viewed the congressman’s information — have violated the Privacy Act. They certainly have, but that is the least of it. They have illegally accessed protected federal records, which is fraud under federal law and carries a ten-year prison sentence. Continue reading
In the wake of a security breach last month that resulted in the theft of personal taxpayer data, experts are now raising concerns over a government data warehouse that keeps the information of Obamacare enrollees forever.
The system, known as the Multidimensional Insurance Data Analytics System, or MIDAS is vaguely described on the federal healthcare.gov as a “perpetual central repository.” When asked by the Associated Press how many people have direct access to the database, officials refused to say.
The decision to keep the personal information of enrollees forever has raised the ire of experts. Lee Tien, a senior staff attorney for the Electronic Frontier Foundation stated that it is irresponsible of the government to retain data any longer than is necessary. Similarly, Michael Astrue, a former Social Security Commissioner has argued that there is no justification for keeping this data permanently. In addition, he worries that the federal government is illegally expanding MIDAS by adding personal information from state-run Obamacare exchanges without proper privacy consent. Continue reading
Minnesota insurance broker Jim Koester was looking for information about assisting with Obamacare implementation; instead, what landed in his inbox was a document filled with the names, Social Security numbers and other pieces of personal information belonging to his fellow Minnesotans.
In one of the first breaches of the new Obamacare online marketplaces, an employee of the Minnesota marketplace, called MNsure, accidentally emailed Koester a document containing personally identifying information for more than 2,400 insurance agents, the Minnesota Star Tribune reported. MNsure was able to quickly undo the damage because Koester cooperated with them, but the incident left him unnerved.
“The more I thought about it, the more troubled I was,” Koester told the newspaper. “What if this had fallen into the wrong hands? It’s scary. If this is happening now, how can clients of MNsure be confident their data is safe?” Continue reading