Of course they didn't build privacy/security measures. And it was the right business call as well.
By not building privacy and security aspects they were able to invest in growing marketshare. That growth enabled their $1b Amazon acquisition. Had the company slowed down its growth to build privacy protections they may have missed out on that exit.
A $5m fine does nothing to ensure other companies do the right thing.
This is a great example of both perverse incentives that are inextricably embedded into finance, and the lack of accountability that makes these kinds of judgments absurd.
Yes, but the entity paying had to have constructive knowledge of their operations when they purchased them. A slap on the wrist is what they counted on to eliminate a competitor and get it cheap. If only there were clawback measures.
A very important point. This generalizes; currently the security enforcement regime is ineffective because there is no real liability for security breaches. If companies were on the hook for damages from breaches, you can bet that things would tighten up. (And of course tech would improve/evolve more slowly! Few benefits come without costs. I think the tradeoff is worth it though.)
Hopefully that's the next lawsuit. This one was from pre-2019 wrongdoings. There are lots of new wrongdoings since Amazon takeover, in February 2018. Lots.
Every house in my neighborhood came with a Ring doorbell. I can’t open my front door without being recorded. This would be bad enough if Amazon actually cared about privacy.
Its a shame what’ve we’ve given up in the pursuit of “safety”. These types of devices should have e2e encryption turned on by default, and also automatically black out areas outside of the owner’s property.
I have a suspicion that because no one dies from being illegally surveilled that these sorts of violations won’t be regulated. Medical, food, drug, civil engineering, etc. regulations all only exist on the corpses of victims. People will need to be killed by their stalkers using the Ring tech or similar before regulation puts a stop to it.
Most technology is "unsafe at any speed". These fake enforcements ignore that problem. And the answer isn't simply bigger fines or trying to hold more feet to the fire. That's part of it for sure. But beyond that, an enlightened world where people can see & observe their devices & cloud systems, a culture where humanity can test for ourselves & socialize the results after is imperative for any real techno-social resilience. Something we have almost nothing of now, as we consign all power away to far off cloud-product builders. We need a more genuine relationship with technology to be possible.
> We need a more genuine relationship with technology to be possible.
That’s always been possible, but it requires you rolling your own setup which costs more in both time and money.
What the big companies offer is much less cost in both time and money, but you have to give up your privacy. It would be a fairer trade if they were more blunt about it, but that does nothing to sell products and services
'If you want to go fast, go it alone. If you want to go far, go it together.' some African originated principle called Ubuntu.
I generally agree with your assessment but I think socializing the effort, being the change more collectively is how actual shifts start. The legion of the willing won't get far if only rolling their own.
> Because of its failure to implement security measures, more than 55,000 U.S. customers faced attacks from hackers that compromised Ring devices between January 2019 and March 2020, the FTC said.
During this time frame, Amazon reported[2][3] raking in $14B net profit on $356B revenue, so the impact of a $30M penalty relative to operations of the period amounts to ~0.2% and ~0.008%, respectively.
Nice rounding error, FTC...unimpressed.
On a related note, I recently replaced my heat pump and part of the contractor's offer was a free Ring-compatible smart thermostat with the purchase of a qualified high-efficiency system...I firmly insisted to keep that garbage out of my home and install a sufficiently dumb one instead (Honeywell T6 Pro variant without wifi).
I've been rethinking IoT devices lately. All that Alexa has actually been useful for is "Alexa, what's the time?", "Alexa, what day is it?", "Alexa, set a 2 minute timer", and "Alexa what does X mean?".
That's 99% of my uses.
I want a device that does only that and runs purely offline. I'm sure between Whisper.cpp and LLaMA.cpp I could make this a reality with an old spare laptop.
It isn't really much of a stretch beyond mobile devices almost everyone uses when I think about it though. And you can't even really turn those off anymore.
My line is no cloud-connected security cameras, no “always listening” smart speakers without offline processing. I have at least some control over my phone and computers. It helps that I don’t really see or understand the need for these devices, though.
Residential security cameras seem less common where I live (Australia) than in the US though. A couple of my friends have “smart” doorbells but I don’t think any have security cameras.
In risk management you have to look at the likelihood as well as the risk. A camera or mic attack are far less probable on my phone as you need many more failures / aligned holes in the Swiss cheese systemic risk model. Which is both by design (syncing your data unencrypted to cloud storage) and proven by the results - we see constant widespread data leaks from security cameras and the occasional one from smart speakers, and nothing comparable for iPhones or Windows PCs.
For the record I have “hey siri” turned off too, though I don’t consider it particularly risky.
This speaks to a broader issue of data ownership on the internet. Who owns your comments and posts? In most cases, you give a perpetual and irrevocable license to the company or organization that hosts the site. That's probably ok for a comment like this one, but what about when it starts to leak into the real world? What about video recordings of yourself or others in your home? What if something sensitive is caught? What if something becomes sensitive later. It's not only a violation of trust for a company to retain data about you that they promised to delete, it's a large gap in our collective dialogue about the way technology influences our lives.
There are different punishment classes for company. Fixed fines are only punishing small companies and are the cost of buisness for big companies priced into that buisness. (the fines appear market wide in the prices as jumps)
Percentage punishments (x% of illegitimate gains) punish all companies equally and reduce interest in that market sector.
Then there is lethal punishment ala Copa.
https://m.youtube.com/watch?v=N3zU7sV4bJE
If not deterrable via ablative company structures or other devices, these endavours kill, usually by scaling with the growth of crime.
Are these classification groups correct? Did I miss one?
When are we going to take real action against this? When will execs and investors be held accountable?
I have no doubt that every tech company is secretly and illegally surveilling. If data is the name of today’s game, then tech co’s have every incentive to do so and to lie about it, particularly if there is essentially no punishment for doing so.
Everyone knows Instagram is listening. I don’t care what they say. The alternative is a mass scale hallucination that is highly improbable.
Well, Amazon fired the Ring CEO Jamie Siminoff in March 2023[1]. Here is some of Jamie Siminoff's BS in action, dated January 2020: "Ring CEO says customers to blame, not security company, for wave of hacked devices"[2]. This is what Amazon does. They wait until the very end, when the damage is good and baked in, and then let's the execs go.
What's horrible about this strategy is that it's all the people underneath that bear the weight of these execs' horrible decisions and actions. And for this reason, we should be able to sue these executives, regardless of if they leave the company, for their illegal decisions and actions.
After all, if individual contributors and lower level managers push back against leadership, they get fired. Which is unlawful, however you have to wait years for lawsuits like this one with FTC vs. Ring, and in the course of waiting your statute of limitations on retaliatory firing expires. So yea, I'm totally for suing executives.
We don’t need to trust Instagram. We need to trust Apple APIs that would prevent such recording from happening in the first place.
If Instagram was using private apis that would allow to hear your mic (and I don’t even think they exist), what’s the incentive for apple to cover it up? They have been attacking Facebook/Meta relentlessly when it comes to privacy.
It’s just not a thing. Burden of proof would be on your side to show how this can be done.
I'm wondering, how does this impact employee's "monetary value" scores? Do the product and engineering managers who pushed these federally illegal schemes receive negative values? Do they get fired?
By not building privacy and security aspects they were able to invest in growing marketshare. That growth enabled their $1b Amazon acquisition. Had the company slowed down its growth to build privacy protections they may have missed out on that exit.
A $5m fine does nothing to ensure other companies do the right thing.