And the FTC is off with a slap on the wrist again
You may have some concerns about the security of two of Amazon’s most popular IoT products, Ring and Alexa, but apparently you weren’t concerned enough. Recent investigations by the US FTC have revealed some rather horrifying facts about what is done with recordings made by Amazon, as well as a complete lack of any of the security protocols you probably thought were being followed.
Instead, it appears that your Ring recordings, which are unencrypted on Amazon’s servers, have been treated like YouTube videos and shared among employees. Anyone who works with Ring can access any archived video to watch and share with employees, and yes, that definitely includes recordings from inside users’ homes and not just the doorbell. Even when some employees reported rather horrific videos being traded, management informed them that this was perfectly acceptable behavior and requested that they offer appropriate support.
As for Alexa, well, everything you’ve said around is preserved, including recordings of children. There was no retention policy to delete recordings after a certain amount of time, and they were even used to train Alexa to improve her language recognition skills without thinking about the content. While parents could contact Amazon to specifically request that their children’s recordings be deleted, the FTC has seen numerous instances where recordings were deleted from certain databases only after a request was made, while still held in others.
The total fines imposed were US$30.8 million, which The Register points out is less than a single day of profit for Amazon. Amazon also doesn’t admit to any wrongdoing, but was happy to throw some loose change at the FTC to make the complaints go away.
