Amazon is planning to use facial recognition software and its Ring smart home security devices to create an artificial-intelligence enabled “neighborhood watch list,” according to reports.
According to internal documents reviewed by The Intercept, the “watch list” would automatically alert a Ring owner with a “suspicious activity prompt” on their mobile phones when an individual that was deemed “suspicious” was captured in the camera frame.
The report, unveiled this week, said it remains unclear who would have access to these neighborhood watch lists or how they would be collected and compiled. However, the documents reviewed by The Intercept repeatedly refer to law enforcement – leading to speculation that it may involve Ring’s controversial partnership with more than 600 police departments across the country, to allow them to request access to camera footage from camera owners.
The report also leaves unclear what constitutes a “suspicious” individual, and how facial features of “suspicious” individuals could be collected in the first place. Earlier this year, Motherboard reported that Ring was offering product discounts to camera owners who could identify anyone who they considered to be “unusual” and report them to the police.
In addition to alerting users via an in-app notification when the “suspicious” individual appears near their Ring doorbell, the feature would also offer a “Notify Neighbors” button.
And, “a third potentially invasive feature referenced in the Ring documents is the addition of a ‘proactive suspect matching’ feature, described in a manner that strongly suggests the ability to automatically identify people suspected of criminal behavior — again, whether by police, Ring customers, or both is unclear — based on algorithmically monitored home surveillance footage,” according to The Intercept.
“The features described are not in development or in use, and Ring does not use facial recognition technology,” a Ring spokesperson told Threatpost. “Privacy is of the utmost importance to us, and any features we do develop will include strong privacy protections and put our customers in control.”
The Intercept report comes a week after senators penned a letter to Amazon CEO Jeff Bezos demanding that Amazon disclose how it’s securing Ring home-security device footage – and who is allowed to access that footage. Part of that letter mentioned that Ring had also applied for a “facial recognition patent” and employed a “head of facial recognition research.” Senators asked Amazon to describe its plans regarding facial recognition for Ring devices – including Amazon’s own platform, Rekognition (which has also sparked privacy concerns in the past).
With facial recognition in the mix, privacy concerns are peaking about how that type of data is also collected, stored and shared. Various privacy regulatory efforts around facial recognition has been proposed as well: In September, for instance, California Senate passed a bill that would ban the use by law enforcement of body cams that use facial recognition.
Ring Privacy Concerns
Other reports have drawn privacy concerns about the video footage collected by Ring doorbells.
Earlier this month, researchers discovered a (now-fixed) vulnerability in Ring doorbells that left Wi-Fi network passwords exposed. Previous vulnerabilities have been discovered over the past year, including a flaw reported in February that could allow an attacker to spy on families’ video and audio footage.
A separate report earlier this year alleged that Ring employees in Ukraine were provided with “virtually unfettered access” to a folder containing every video created by every Ring camera globally, and that same U.S. Ring executives and engineers were given “highly privileged access to the company’s technical support video portal, allowing unfiltered, round-the-clock live feeds from some customer cameras.”
“Americans who make the choice to install Ring products in and outside their homes do so under the assumption that they are – as your website proclaims – ‘making the neighborhood safer,'” said senators in their letter last week to Bezos. “As such, the American people have a right to know who else is looking at the data they provide to Ring, and if that data is secure from hackers.”
This story was updated on Dec. 2 with a statement from Ring.
Is MFA enough to protect modern enterprises in the peak era of data breaches? How can you truly secure consumer accounts? Prevent account takeover? Find out: Catch our free, on-demand Threatpost webinar, “Trends in Fortune 1000 Breach Exposure” to hear advice from breach expert Chip Witt of SpyCloud. Click here to register.