‘Our Customer Is Not the Police Department’: Ring’s CTO Pushes Back On Privacy Concerns

It’s been a busy year for Ring, the home security giant best known for its video doorbells. In January, Ring rolled out the Ring Video Doorbell Wired, its smallest and least expensive doorbell yet. The Santa Monica-based company also unveiled an end-to-end encryption feature that adds an additional layer of protection to videos captured by a user’s device. And Ring is now working on additional features, including a pet tracking system and a roving camera that can be remotely piloted by customers to investigate disturbances.

But as Ring expands its user base, it is also drawing increased scrutiny from privacy and social justice advocates who are concerned about the Amazon-owned subsidiary’s partnerships with law enforcement agencies and reports of racial profiling by users of Ring’s Neighbors app.

Ring Chief Technology Officer Josh Roth spoke to dot.la about Ring’s product development process and how his company approaches privacy and neighborhood safety.

Since the Amazon acquisition, Ring has developed some integrations with the Alexa system and other Amazon products. Are there ways this relationship may become even closer in the future?

Ring Chief Technical Officer Josh Roth

At the end of the day it comes down to what we call a “better together” story. From our side, we can create better solutions and systems that aggregate devices in your home and give you a better way of leveraging those devices together—whether that’s interactions between an alarm system and a light, or your Alexa acting as a sensor for other things. There’s a tremendous amount of work to continue to iterate and improve on that. No doubt about it, there will be future integrations that continue to enhance that experience.

How much do you see Ring as a smart home company vs. a home security company? Are there ways you might use the tech stack you’ve developed in ways that move away from the home security focus you’ve had thus far?

Our mission is to make neighborhoods safer. I don’t see that mission changing. We are a safety and security company. With that being said, things you may not think of as safety and security at the end of the day can become part of a safety and security system. An example of that would be anything that can give awareness about the state of a home. Your thermostat has home and away modes so that it can turn itself hotter or cooler depending on whether someone is at home. If you can integrate that into an IoT system to leverage that awareness and tie it to your alarm system, there’s tremendous benefit for your safety and security. There’s not always this cut-and-dry IoT space and safety and security space. The reality is that if you do things correctly, they actually merge into one.

And of course as more of these functions become automated, there’s going to be growing concern about security. There have been some horror stories about hackers being able to spy on families through their Ring systems. How are you alleviating concerns that someone might gain access to a customer’s footage?

Privacy and security are really foundational to everything we build. We start with a security and privacy-first mindset and then we try to introduce those features to our customers, and we try to do it in the quickest fashion possible. If you take a look back historically, Ring was the first in the safety and security space to require two-step verification; we were the first to introduce end-to-end encryption. Ring has never been breached, but we put things in place constantly to improve on security. Where we have to, we put in tighter controls. But when we do it, we make it extremely transparent to the customer. From my perspective, security is of the utmost importance, and I think everyone at Ring and Amazon would tell you the same thing.

You rolled out the end-to-end encryption feature earlier this year, but it’s turned off by default. Why make it an opt-in setting rather than an opt-out?

End-to-end encryption implies that there’s a key that can only be used by a very specific system or user. It requires us to actually turn off some features that our users actually like to have, because those keys can’t be shared in all situations. For example, with the iteration of end-to-end encryption out there today you can’t have a shared user. The reason for that is key management and how you would actually hand those keys off that shared user for a temporary or permanent amount of time, and which videos you would give access to. We opted to give something that was the most stringent control we could at launch, and to give the users asking for that the ability to turn it on—with the intent of iterating over time and adding more features like shared users.

There’s a handful of items like that. Another use case would be a third-party integration. If you use Alexa, for example, to do video recall or to see who’s at the front door, they don’t have the keys because we don’t have a method to pass the keys from a user’s phone to Alexa devices. It would break our user promise around encryption and privacy. We really wanted to focus on the beginning experience of end-to-end encryption being as tight as we could, and then adding to it over time based on customer feedback.

How do you balance privacy concerns with the desire to give customers access to new features?

The baseline default experience that a user gets is the highest level of security that can be provided, and we constantly iterate and improve on that. I look at end-to-end encryption as an advanced security feature. I use the analogy of a hotel room. You have the top lock and you lock the door and you put the sign on the door. You may find you don’t necessarily need all that, but it gives you peace of mind. So we want to offer that to our users. But the default standard encryption we provide still provides encryption in transit and encryption at rest. And we always examine it to see if we can improve on that. There is a tradeoff between end-to-end encryption and some of the features we know our users like. But I can tell you as a promise from Ring: We will always push toward providing more security and more options for our users with increased transparency. Any time we add something new they are going to have awareness of it. Any time we give them something around security, we’re going to give them a choice to enable those items or not.

You mentioned that Ring’s goal is to make neighborhoods safer. Is there an evaluation process as you add features to ensure that you are meeting this goal?

We believe in the power of the community and the power of the neighborhood. We also believe in the privacy of the neighborhood. In addition to privacy shutters on our cameras, we also have privacy zones. When you set up a motion zone, you can block out certain areas to respect the privacy of your neighbors if you choose to do so. Again, it’s all put in the hands of customers for customer choice.

We also work with public safety agencies. We’ve been a great resource for Covid-19 information. We work with local fire and police departments. What that means is they have the ability to go into feeds. They provide access requests to those feeds in a public way so that everyone is completely aware and it’s transparent to the entire community what’s being asked of them.

Those partnerships with law enforcement have been controversial. Are there ways you approach product development to ensure devices aren’t being used as tools for mass surveillance?

Everything we do is customer first. Our customers are the neighbors who live in those neighborhoods. Our customer is not the police department. It’s not the fire department. Our customer is the user who has a home, who’s putting a Ring doorbell on their house. We start with that premise, and we build everything around that from a privacy and security perspective. Any time that there’s anything involving a public safety agency, users have a choice and it’s entirely up to them when and if they share information, when and if they share videos, when and if they work with those agencies. We’ve seen nothing but positive things come out of that. Kidnappings have been solved because of people working with neighborhood agencies. Neighbor advocates are helping track down things like package theft. We’re big believers in people working together. We’re big believers in customer choice.

Is there a limit to customer choice? Ring has said in the past it won’t use facial recognition technology. What if customers want it? And are there other features that may be off the table?

It’s a hard question to answer because I can’t predict the future of what I haven’t built yet. What I can tell you is we don’t use facial recognition on any of our devices or services and we will never sell facial recognition technology to law enforcement. Privacy is so important to us. Anything we build will include these strong privacy protections for our neighbors.

We go through privacy reviews, legal reviews, customer reviews, and internal discussions. We make decisions as to whether we think the items we want to build meet the mission to make neighborhoods safer. Is it in the customer’s best interest? Is it providing additional privacy, security, and transparency to the customer? If we can say yes to all of those things, I think we are able to build them. If we have question marks, we don’t build them.

This interview has been edited for length and clarity.