It's been a busy year for Ring, the home security giant best known for its video doorbells. In January, Ring rolled out the Ring Video Doorbell Wired, its smallest and least expensive doorbell yet. The Santa Monica-based company also unveiled an end-to-end encryption feature that adds an additional layer of protection to videos captured by a user's device. And Ring is now working on additional features, including a pet tracking system and a roving camera that can be remotely activated by customers to investigate disturbances.
But as Ring expands its user base, it is also drawing increased scrutiny from privacy and social justice advocates who are concerned about the Amazon-owned subsidiary's partnerships with law enforcement agencies and reports of racial profiling by users of Ring's Neighbors app.
Ring Chief Technology Officer Josh Roth spoke to dot.la about Ring's product development process and how his company approaches privacy and neighborhood safety.
Since the Amazon acquisition, Ring has developed some integrations with the Alexa system and other Amazon products. Are there ways this relationship may become even closer in the future?
Ring Chief Technology Officer Josh Roth
At the end of the day it comes down to what we call a "better together" story. From our side, we can create better solutions and systems that aggregate devices in your home and give you a better way of leveraging those devices together—whether that's interactions between an alarm system and a light, or your Alexa acting as a sensor for other things. There's a tremendous amount of work to continue to iterate and improve on that. No doubt about it, there will be future integrations that continue to enhance that experience.
How much do you see Ring as a smart home company vs. a home security company? Are there ways you might use the tech stack you've developed in ways that move away from the home security focus you've had thus far?
Our mission is to make neighborhoods safer. I don't see that mission changing. We are a safety and security company. With that being said, things you may not think of as safety and security at the end of the day can become part of a safety and security system. An example of that would be anything that can give awareness about the state of a home. Your thermostat has home and away modes so that it can turn itself hotter or cooler depending on whether someone is at home. If you can integrate that into an IoT system to leverage that awareness and tie it to your alarm system, there's tremendous benefit for your safety and security. There's not always this cut-and-dry IoT space and safety and security space. The reality is that if you do things correctly, they actually merge into one.
And of course as more of these functions become automated, there's going to be growing concern about security. There have been some horror stories about hackers being able to spy on families through their Ring systems. How are you alleviating concerns that someone might gain access to a customer's footage?
Privacy and security are really foundational to everything we build. We start with a security and privacy-first mindset and then we try to introduce those features to our customers, and we try to do it in the quickest fashion possible. If you take a look back historically, Ring was the first in the safety and security space to require two-step verification; we were the first to introduce end-to-end encryption. Ring has never been breached, but we put things in place constantly to improve on security. Where we have to, we put in tighter controls. But when we do it, we make it extremely transparent to the customer. From my perspective, security is of the utmost importance, and I think everyone at Ring and Amazon would tell you the same thing.
You rolled out the end-to-end encryption feature earlier this year, but it's turned off by default. Why make it an opt-in setting rather than an opt-out?
End-to-end encryption implies that there's a key that can only be used by a very specific system or user. It requires us to actually turn off some features that our users actually like to have, because those keys can't be shared in all situations. For example, with the iteration of end-to-end encryption out there today you can't have a shared user. The reason for that is key management and how you would actually hand those keys off that shared user for a temporary or permanent amount of time, and which videos you would give access to. We opted to give something that was the most stringent control we could at launch, and to give the users asking for that the ability to turn it on—with the intent of iterating over time and adding more features like shared users.
There's a handful of items like that. Another use case would be a third-party integration. If you use Alexa, for example, to do video recall or to see who's at the front door, they don't have the keys because we don't have a method to pass the keys from a user's phone to Alexa devices. It would break our user promise around encryption and privacy. We really wanted to focus on the beginning experience of end-to-end encryption being as tight as we could, and then adding to it over time based on customer feedback.
How do you balance privacy concerns with the desire to give customers access to new features?
The baseline default experience that a user gets is the highest level of security that can be provided, and we constantly iterate and improve on that. I look at end-to-end encryption as an advanced security feature. I use the analogy of a hotel room. You have the top lock and you lock the door and you put the sign on the door. You may find you don't necessarily need all that, but it gives you peace of mind. So we want to offer that to our users. But the default standard encryption we provide still provides encryption in transit and encryption at rest. And we always examine it to see if we can improve on that. There is a tradeoff between end-to-end encryption and some of the features we know our users like. But I can tell you as a promise from Ring: We will always push toward providing more security and more options for our users with increased transparency. Any time we add something new they are going to have awareness of it. Any time we give them something around security, we're going to give them a choice to enable those items or not.
You mentioned that Ring's goal is to make neighborhoods safer. Is there an evaluation process as you add features to ensure that you are meeting this goal?
We believe in the power of the community and the power of the neighborhood. We also believe in the privacy of the neighborhood. In addition to privacy shutters on our cameras, we also have privacy zones. When you set up a motion zone, you can block out certain areas to respect the privacy of your neighbors if you choose to do so. Again, it's all put in the hands of customers for customer choice.
We also work with public safety agencies. We've been a great resource for COVID-19 information. We work with local fire and police departments. What that means is they have the ability to request videos (through the Neighbors app). They provide requests in a public way so that everyone is completely aware and it's transparent to the entire community what's being asked of them.
Those partnerships with law enforcement have been controversial. Are there ways you approach product development to ensure devices aren't being used as tools for mass surveillance?
Everything we do is customer first. Our customers are the neighbors who live in those neighborhoods. Our customer is not the police department. It's not the fire department. Our customer is the user who has a home, who's putting a Ring doorbell on their house. We start with that premise, and we build everything around that from a privacy and security perspective. Any time that there's anything involving a public safety agency, users have a choice and it's entirely up to them when and if they share information, when and if they share videos, when and if they work with those agencies. We've seen nothing but positive things come out of that. Kidnappings have been solved because of people working with neighborhood agencies. Neighbor advocates are helping track down things like package theft. We're big believers in people working together. We're big believers in customer choice.
Is there a limit to customer choice? Ring has said in the past it won't use facial recognition technology. What if customers want it? And are there other features that may be off the table?
It's a hard question to answer because I can't predict the future of what I haven't built yet. What I can tell you is we don't use facial recognition on any of our devices or services and we will never sell facial recognition technology to law enforcement. Privacy is so important to us. Anything we build will include these strong privacy protections for our neighbors.
We go through privacy reviews, legal reviews, customer reviews, and internal discussions. We make decisions as to whether we think the items we want to build meet the mission to make neighborhoods safer. Is it in the customer's best interest? Is it providing additional privacy, security, and transparency to the customer? If we can say yes to all of those things, I think we are able to build them. If we have question marks, we don't build them.
This interview has been edited for length and clarity.
- Compare Smart Doorbell Cameras | Smart Home Security | Ring ›
- FBI worried that Ring doorbells are spying on police - BBC News ›
- Police now will have to make a public request for Ring doorbell ... ›
- Ring's police problem didn't go away. It just got more transparent ... ›
- How to stop police from asking for videos from Ring doorbells ›
- Ring, the doorbell-camera firm, has partnered with 400 police forces ... ›
- Video Doorbells | Smart Doorbell Cameras to Monitor Your Door | Ring ›
Orca Security Ltd., an Israeli-based cloud security startup with U.S. headquarters in Los Angeles, has closed a $210 million Series C round and has plans to expand locally as it takes on competitors.
"This cash infusion makes Orca one of the world's fastest cybersecurity companies to reach unicorn status," said Shua, referring to privately held startups valued at over $1 billion. He said Orca plans to become a publicly traded company at some point. "We are not looking to get acquired."
Orca Security has assembled a who's who list of clients. It includes online stock trader Robinhood, New York-based insurer Lemonade, San Francisco-based data analytics firm Databricks and North Carolina-based digital bank Live Oak Bank.
It provides cloud security through its patent-pending "SideScanning" technology. The technology plugs up potential vulnerabilities from cyber threats and replaces them by combining everything into a single platform.
The round was led by Mountain View-based CapitalG, Google's independent growth fund and Menlo-based Redpoint Ventures, said co-founder and CEO Avi Shua, in an interview.
But their biggest rival is Santa Clara-based Palo Alto Networks Inc., which has been in a public spat with Orca. Shua said his company is not backing down.
Over the next year, Orca Security plans to "rapidly grow its headcount" in L.A. by hiring more marketing personnel and engineers, as well as beef up its research and development operation in Tel Aviv, Shua said. It also plans to form sales offices in the United Kingdom and Australia.
The company has plans to move into a brick-and-mortar spot in L.A. once pandemic restrictions are lifted.
"It is a prime location," Shua said. "The future for us is hybrid."
Other participants in this latest round include previous investors such as San Francisco-based ICONIQ Capital, Menlo Park-based GGV Capital and San Francisco-based SVCI, or Silicon Valley CISO Investments, an angel investing syndicate geared to chief information security officers.
Founded in December 2019, Orca Security raised $55 million in Series B funding three months ago, and $20 million in a Series A round in May – giving the technology company a market valuation of $1.2 billion, said Shua in the interview.
- Saviynt Raises $130 Million to Expand Cybersecurity Tech - dot.LA ›
- How Saviynt Is Guarding Work-From-Home Networks - dot.LA ›
Three North Korean hackers allegedly tied to the infamous 2014 attack on Sony Pictures Entertainment have been indicted for a wide range of cybercrimes, including an attempt to steal and extort over $1.3 billion in fiat and cryptocurrency.
The U.S. Department of Justice filed the indictment to a Los Angeles federal court in December but it wasn't unsealed until Wednesday. It accuses Jon Chang Hyok, 31, Kim Il, 27 and Park Jin Hyok, 36, of being members of a North Korean military agency that engaged in criminal hacking, including the 2014 cyberattack on Sony in retaliation for the studio's depiction of a fictional assassination of the North Korean leader in "The Interview."
The indictment expands on previous charges levied by the DOJ in 2018.
It also pegs the men to several other heists, schemes, extortions, and computer viruses that allegedly occurred between 2015 and 2020.
From 2015 through 2019, the three are accused of attempting to steal more than $1.2 billion from banks in Vietnam, Bangladesh, Taiwan, Mexico, Malta and unspecified locations in Africa by hacking the banks' computer networks.
Left to right: Park Jin Hyok, Kim Il and Jon Chang Hyok were indicted by the FBI for cyber crimes on Wednesday.
From December 2017 through August 2020, the cabal allegedly tried to steal over $100 million in cryptocurrency from companies in Slovenia, Indonesia and New York.
The hackers are also alleged to be behind the WannaCry ransomware, which unleashed a worldwide attack that infected an estimated 200,000 Windows computers in 2017. They demanded a ransom payment made in Bitcoin to restore the computers to working condition.
Jon, Kim and Park are charged with one count of conspiracy to commit computer fraud and abuse, with a maximum sentence of five years in prison; and one count of conspiracy to commit wire fraud and bank fraud, which carries a maximum sentence of 30 years.
The investigation was led by the FBI's L.A. field office.