Amazon Ring’s End-to-End Encryption: What it Means

Almost one year after EFF called on Amazon’s surveillance doorbell company Ring to encrypt footage end-to-end, it appears they are starting to make this necessary change. This call was a response to a number of problematic and potentially harmful incidents, including larger concerns about Ring’s security and reports that employees were fired for watching customers’ videos. Now, Ring is finally taking a necessary step—making sure that the transmission of footage from your Ring camera to your phone cannot be viewed by others, including while that footage is stored on Amazon’s cloud.

Ring should take the step to make this feature the default, but for the time being, you will still have to turn encryption on.

You can read more about Ring’s  implementation of end-to-end encryption in Ring’s whitepaper.

How to Turn it On

Amazon is currently rolling out the feature, so it may not be available to you yet . When it is available for your device, you can follow Ring’s instructions. Make sure to note down the passphrase in a secure location such as a password manager, because it’s necessary to authorize additional mobile devices to view the video. A password manager is software that encrypts a database of your passwords, security questions, and other sensitive information, and is protected by a master password. Some examples are LastPass and 1Password.

How it Works 

Videos taken by the Ring device for either streaming or later viewing are end-to-end encrypted such that only mobile devices you authorize can view them. As Amazon itself claims, “[w]ith video E2EE, only your enrolled mobile device has the special key needed to unlock these videos, designed so no one else can view your videos -- not even Ring or Amazon.”

The security whitepaper gives the details for how this is implemented. Your mobile device locally generates a passphrase and several keypairs, which are stored either locally or encrypted on the cloud in such a way that the passphrase is needed to decrypt it. This is helpful for enrolling additional mobile devices. The Ring device then sets up a local WiFi connection, which the mobile device connects to. The public key information for the enrolled mobile device is sent over that connection, and subsequently used to encrypt videos before sending them over the Internet.

To break the system, someone would have to gain access to the temporary local network you created while you were doing initial setup, or you would have to approve adding them as an authorized user by entering the passphrase while setting up an additional mobile device.

So long as the implementation in the software matches the whitepaper specification and footage is not escrowed in any other way, we have high hopes for the encryption scheme Ring has devised. It may be close to a best-practice implementation of this kind of technology. 

What it Means for Privacy

Ring’s relationship to law enforcement has long been a concern for EFF. Ring now has over a thousand partnerships with police departments across the country that allow law enforcement to request, with a single click, footage from Ring users. When police are investigating a crime, they can click and drag on a map in the police portal and automatically generate a request email for footage from every Ring user within that designated area. 

What happens when Ring users refuse to share that footage, without end-to-end encryption,  has been a major concern. Even if a user refuses to share their footage, police can still bring a warrant to Amazon to obtain it. That means users’ video and audio could end up contributing to investigations they wish they had not facilitated—like immigration cases or enabling police spying on protests—even without the users knowing this had happened.