Ring Doorbell

1. The organization

⇒ The company for which I will be doing a short data ethical consultation is Ring Doorbell, a company providing internet-connected video doorbells and safety camera solutions. The company was founded in 2013 and purchased by Amazon in 2018. Since then, the company has reached the news a couple of times: when it came to light that doorbell footage was shared with the US government, and later when it emerged that Ring can share doorbell footage with the police without a warrant - and more importantly, sometimes without the knowledge or consent of Ring users. These strong links with external parties as well as their large inflow of possibly sensitive video footage makes Ring an interesting company for the ethical consultation. For further illustration, their website can be found via the following link: https://nl-nl.ring.com/

2. The AI technologies Employed

⇒ A few AI technologies are employed within the Ring video doorbells. More recently, Ring has rolled out the new function 'Custom Events Alerts', which allows the user to create customisable detectors. This function uses computer vision and machine learning technology to differentiate between two different states of an object in the same camera view (i.e. an open or closed door gate) so customers can receive alerts regarding their objects of interest. These alerts provide users with more specific and personal information regarding events happening on their property. The processing of this computer vision-driven feature will happen in the cloud, according to Ring spokespersons.
Besides computer vision, it also uses natural language processing (NLP) and speech synthesis techniques to communicate with visitors and alert home owners. This is intended to improve security and convenience for Ring users, as direct communication via the doorbell is facilitated.

3. Ethical concerns

⇒ Ring has sparked controversy several times, especially after being acquired by Amazon. It is evident that adequate data practices are on the agenda of Ring, as indicated by their substantial privacy policy. Ring currently already processes considerable personal data, which is likely to only further rise in the future. The data they obtain is divided into three subcategories: The first is data obtained about the user (contact and payment details, the location of the device, and data obtained by third parties such as Facebook or Paypal if the user chooses to link these platforms). This is already a serious amount of (possibly sensitive) data, but there are two other channels Ring uses to derive data: data obtained automatically (i.e. cookies or webserver logs that track a consumers online behaviour) and data they process on behalf of third parties. In short, a lot of data is passed through the Ring systems. This gives rise to some ethical concerns, especially when this data is paired with the aforementioned AI technologies. Three concerns will be discussed in some more detail.

Data storage and sharing

The Ring Doorbell systems have access to considerable amounts of personal data (mentioned above). Even though this data is valuable and can be useful for enhancing Ring performance, it must be handled with care to ensure privacy of the consumers. Ring stores video recordings on their own Amazon Web Services (AWS) servers. They have a clear policy when it comes to storing the video recordings. Videos are encrypted by default and by upgrading to a Ring-Protect subscription the videos are safely stored and can be deleted at any time. Furthermore, additional safety measures have been taken such as two-factor authentification. However, it has become evident over time that Ring does not always strictly adhere to these guidelines. An investigation found Ring doorbells are providing Facebook and Google with information such as names and IP addresses. Moreover, Ring has drawn controversy due to its video sharing between doorbell owners and criminal investigators without the use of warrants.
This unauthorized sharing of personal data, even if it's minimal, can result in tracking companies forming a unique picture of the user. This represents a fingerprint that follows the user and monitors what they are doing in their digital lives. Ultimately, unauthorized used of data can potentially result in harm such as identity theft or discriminatory practices. Techniques such as data anonymization or statistical safeguards can be employed to protect individual identities, while maintaining the details necessary for the beneficial analyses.

Public surveillance and privacy

Increasing criticism has been aimed at the role Ring doorbells play in expanding and normalizing suburban surveillance. Ring doorbells have been said to slowly transform public space into surveilled space and allow Ring owners to decide on behalf of their neighbourhood to share the video recordings of that public space with i.e. the police. Clearly, there is a large risk of overreach in this case. What also happened in practice, is that investigators requested footage of legal or even constitutionally protected activity under the guise of investigating potential crimes. On top of that, the process of police requests lacked transparency. Hundreds of videos arose on social media that capture the gross lack of constraint and overt abuse resulting from the increased surveillance possibilities. This constant monitoring of public spaces may evidently be harmful to people's privacy and can even affect people's behaviour in public. This is not a very tangible consequence yet. A more direct consequence that can be seen as undesirable is that overly cooperative Ring users are exposing their own personal information such as location and faces (and more concerning, possibly also that of their neighbours) if they choose to share the footage.

Informed consent and transparency

Informed consent and transparency are crucial concepts across many domains where artificial intelligence technologies are used. Informed consent is essential as it informs individuals about the purpose, but also the associated risks and potential outcomes of sharing their data. Obtaining informed consent is also a basis for adhering to legal and regulatory frameworks like the General Data Protection Regulation (GDPR). Ring has a section on their site devoted to GDPR regulations, stating they are responsible for the use of information collected through Ring devices. Ring does for example ask for permission when it comes to online tracking. However, it requires more action by the consumer to track what their personal data is used for exactly, and it might be hard to comprehensively oversee this.
Transparency in data collection, storage and use is necessary in order to maintain trust. If it is unclear to individuals by whom and for what purpose their data is used, they may be hesitant to share their data in the first place which could hinder the potential benefits. Moreover, being transparent about AI models will help to timely address potential biases or risks resulting from the way the model is trained. By obtaining informed consent and being transparent about the way they process their data, Ring will minimize unintended consequences and maintain consumer trust which is ultimately beneficial for both parties.

4. Recommendations

With respect to the ethical concerns put forward in the previous section, there are some concrete steps Ring can take to improve their data practices.

When it comes to data storage and sharing, Ring should not share the video footage with third parties like Facebook and Google unless explicit and unambiguous consent is obtained from the consumer. Moreover, enhanced safety measures can be taken. This includes amongst others end-to-end encryption for video and audio data both in transit and at rest, as well as anonymization of footage.
With respect to public surveillance, Ring should cut its relations with police as it provides a strong basis for misuses. Moreover, in order to prevent becoming public surveillance tools, clear geofencing and area limitations should be implemented in the Ring doorbells. In a further stadium, Ring could possibly collaborate with local authorities to minimize surveillance in public areas and adopt options such as user reporting that facilitate easy reporting of privacy violations.
With regard to informed consent and transparency, Ring should more clearly and explicitly communicate the purposes, risks and benefits of the data passing through the systems. Another option would be to provide granular privacy settings with clear explanations, allowing users to customize the data they share based on their comfort level.