Five Democratic senators called on Amazon CEO Jeff Bezos to explain how his home security company Ring retains and secures customers' data and videos.
In a letter Wednesday, Sens. Ron Wyden of Oregon, Chris Van Hollen of Maryland, Ed Markey of Massachusetts, Chris Coons of Delaware and Gary Peters of Michigan raised concerns that Ring's data could be hacked or accessed by foreign actors. If accessed improperly, Ring's products, which include internet connected video doorbells and alarm systems, could pose a risk not only to individual Americans, but also U.S. national security, the senators said.
"Personal data can be exploited by foreign intelligence services to amplify the impact of espionage and influence operations," the senators wrote.
Amazon bought Ring in February 2018. It now operates as a subsidiary of Amazon. A Ring spokesperson said the company is still reviewing Wednesday's letter but provided comment on Markey's earlier letters to the company and pointed to a blog post explaining how Ring works with law enforcement.
"Ring users place their trust in us to help protect their homes and communities, and we take that responsibility very seriously," the spokesperson said in a statement. "Ring does not own or otherwise control users' videos, and we intentionally designed the Neighbors Portal to ensure that users get to decide whether or not to voluntarily provide their videos to the police."
The lawmakers referred to reported incidents of Ring's vulnerabilities being exploited, including one last week that said Ring doorbells left users' Wi-Fi passwords exposed in unencrypted text. Amazon fixed the problem in September, although the vulnerability wasn't disclosed until last week, TechCrunch reported.
The letter also pointed to a report from The Intercept earlier this year that found Ring employees in Ukraine were granted "virtually unfettered access" to videos from Ring cameras around the world that they could access with "little more than a click."
"These reports raise serious concerns about Ring's internal cybersecurity and privacy safeguards, particularly if employees and contractors in foreign countries have access to American consumers' data," the lawmakers wrote.
The letter comes one day after Markey released the findings of an investigation he led into Ring. Markey concluded that Ring does not have security requirements for law enforcement offices to gain access to users' footage, does not restrict those offices from sharing footage with third parties and does not commit to refrain from selling users' biometric data.
"Amazon Ring's policies are an open door for privacy and civil liberty violations," Markey said in a statement announcing the findings. "If you're an adult walking your dog or a child playing on the sidewalk, you shouldn't have to worry that Ring's products are amassing footage of you and that law enforcement may hold that footage indefinitely or share that footage with any third parties. Amazon's Ring is marketed to help keep families safe, but privacy rights are in real danger as a result of company policies. Amazon is not doing enough to ensure that its products and practices do not run afoul of our civil liberties."