Ring’s new end-to-end encryption is a big step toward better privacy

By Michael Grothaus

Amazon subsidiary Ring has announced that it is beginning to roll out end-to-end encryption to many of the products in its lineup of smart home security devices. It’s a welcome move for the company, which previously has been called out for its cozy partnerships with police as well as other privacy and security concerns. And it’s a first among the big brand names in connected security cameras and related gear.

Initially, this end-to-end encryption rollout is part of a technology preview, with Ring looking to solicit feedback users about the feature. Starting today, users with the latest Ring app on Android 8 and above or iOS 12 and higher will see a new Video Encryption page in the app’s Control Center. From that page, they’ll be able to enable end-to-end encryption on their compatible Ring devices. Once end-to-end encryption is enabled, the only way to access the device’s video feeds will be to have access to the user’s mobile devices, which hold the encryption keys.

Ring devices that support the company’s new end-to-end encryption option include the Video Doorbell Pro, Video Doorbell Elite, Floodlight Cam, Spotlight Cam Wired, Spotlight Cam Mount, Stick Up Cam Plug-in, Stick Up Cam Elite, and the Indoor Cam.

For privacy, you need end-to-end encryption

Many companies tout encryption of any sort as a privacy feature. However, that’s not an entirely accurate description. When data that is stored on remote servers is encrypted, it means that the data is scrambled and can’t be read without a key. This encryption is primarily done for security purposes–it locks out those who don’t have the digital key from reading the data. And sure, if we’re being very charitable, this type of plain old encryption does provide some privacy, because if you don’t have the key you can’t read the data.

Ring’s new end-to-end encryption is a big step toward better privacy | DeviceDaily.com

[Photo: Ring]

However, this type of encryption doesn’t provide total privacy. In addition to the user who holds the key, the company offering the cloud storage of the data also holds a copy of the key. This means that it can read your data, too, if it so chooses. Worse, since the company also holds a copy of the key to your data, it could be compelled to turn your unscrambled data over to governments that want to have a look at it for themselves.

That’s where end-to-end encryption of the sort Ring is adding comes in. Like regular encryption, end-to-end encryption also provides security by scrambling your data in a way no one without the key can read it. However, with end-to-end encryption, the only person that holds the key is the user. Not even the service provider–Ring, in this case–gets a copy of it. This provides much greater privacy in addition to security, because no one else but the user can read data. Since service providers that offer end-to-end encryption don’t hold a key themselves, even if a government agency demanded they hand over a user’s data, the provider would be unable to do so–not in readable form,  anyway.

Now consider that Ring’s products are designed to surveil your property—with you and your loved ones possibly in view—and you can see why end-to-end encryption is such a big deal. It affords you the security Ring devices have always provided while adding a massive boost of privacy. Now not even Ring is able to see what you do in the seclusion of your own home.

Critics won’t be entirely placated

“With the launch of video End-to-End Encryption, I’m proud to continue delivering on our commitment to offering privacy and security features that keep customer control front and center,” said Ring president Leila Rouhi in the press release announcing the new feature. “We will continue to innovate and invest in features that empower our neighbors with the ability to easily view, understand, and manage how their videos and information stay secure with Ring.”

And she’s right to boast about it. All companies that claim to care about privacy should offer their users nothing less than end-to-end encryption.

However, Ring may still have a way to go to convince privacy advocates that its privacy commitment is entirely heartfelt given some of its partnerships and past controversies. Last year, in the wake of the Black Lives Matter movement, the Electronic Frontier Foundation called Ring’s partnerships with police departments “dangerous” and said the company was one of the “worst offenders” profiting from the fear of crime.

Specifically, the EFF—like other civil liberties and privacy advocated—took issue with Ring’s partnerships with 1,300 law enforcement agencies to promote the security advantages of Ring devices. In turn, the EFF says, Ring coached police how to “better pressure residents to share their videos.” The EFF concluded “Ring plays an active role in enabling and perpetuating police harassment of Black Americans. Ring’s surveillance doorbells and its accompanying Neighbors app have inflamed many residents’ worst instincts and urged them to spy on pedestrians, neighbors, and workers.”

As for past privacy concerns, Ring was widely criticized in the past for lackadaisical security practices which allowed people to log into a Ring account and access a user’s data from multiple locations and without informing the Ring user of the logins. In light of that controversy, Ring overhauled its security practices, introducing the Control Center privacy and security console in its app and enabling two-factor authentication for Ring accounts.

While Ring’s addition of end-to-end encryption on some of its devices doesn’t negate the EFF’s criticisms–after all, users can still share their video with police if they choose–it does show that Ring is willing to revise its privacy and security features to make its products more appealing to those who rightfully worry about privacy. When any company is willing to give up a little control over data and leave it firmly in the hands of users, it’s a step in the right direction.

Fast Company , Read Full Story

(13)