In September, Amazon-owned Ring announced that it would bring end-to-end video encryption to its lineup of home security devices. While the company already encrypted videos in storage and during transmission, end-to-end encryption secures videos on-device, preventing third parties without special keys from decrypting and viewing the recordings. The feature launches today in technical preview for compatible Ring products.
The rollout of end-to-end encryption comes after dozens of plaintiffs filed a class action lawsuit against Ring, alleging they had been subjected to death threats, racial slurs, and blackmail after their Ring cameras were hacked. In 2019, a data leak exposed the personal information of over 3,000 Ring users, including log-in emails, passwords, time zones, and the names people give to specific Ring cameras. Following the breach, Ring began requiring two-step verification for user sign-ins and launched a compromised password check feature that cross-references login credentials against a list of known compromised passwords.
In a whitepaper, Ring explains that end-to-end encryption, which is available as a setting within the Ring app, is designed so users can view videos on enrolled smartphones only. Videos are encrypted with keys that are themselves encrypted with an algorithm that creates a public and private key. The public key encrypts, but the private key is required to decrypt. Only users have access to the private key, which is stored on their smartphone and decrypts the symmetric key, and by extension, encrypted videos.
When a user opts into end-to-end encryption, the Ring app presents a 10-word auto-generated passphrase used to secure the cryptographic keys. (Ring says these words are randomly selected from a dictionary of 7,776.) The passphrase, which can be used to enroll additional smartphones, is generated on-device. But the public portion of the instance key pair and the account data key pair are copied to the Ring cloud after signing by the account-signing key, as are the locally encrypted private portions of the account signing key pair and the account data key pair.
Ring notes that end-to-end encryption disables certain features, including AI-dependent features that decrypt videos for processing work like motion verification and people-only mode. However, Live View, which decrypts video locally on-device, will continue to run while end-to-end encryption is enabled. And users can share videos through Ring’s controversial Neighbors Public Safety Service, which connects residents with local law enforcement by downloading an end-to-end encrypted video to their smartphone, which saves it in decrypted form.
Users can switch off end-to-end encryption at any time, but any videos encrypted with end-to-end encryption can’t be decrypted; the keys to access those videos are removed permanently in the process. Conversely, turning on end-to-end encryption doesn’t encrypt any videos created before enrollment because the service only encrypts videos created post-enrollment.
Ring recently made headlines for a deal it reportedly struck with over 400 police departments nationwide, which would allow authorities to request that owners volunteer footage from Ring cameras within a specific time and location. Ring, which has said it would not hand over footage if confronted with a subpoena but would comply when given a search warrant, has law enforcement partnerships in more than 1,300 cities.
Advocacy groups like Fight for the Future and the Electronic Frontier Foundation have accused Ring of using its cameras and Neighbors app (which delivers safety alerts) to build a private surveillance network via police partnerships. The Electronic Frontier Foundation in particular has singled out Ring for marketing strategies that foster fear and promote a sale-spurring “vicious cycle,” and for “[facilitating] reporting of so-called ‘suspicious’ behavior that really amounts to racial profiling.”
- up-to-date information on the subjects of interest to you,
- our newsletters
- gated thought-leader content and discounted access to our prized events, such as Transform
- networking features, and more.
Source: Read Full Article