Amazon/Ring

How and when the police can access your doorbell and security cameras is a hot topic in the news and certainly one of great concern for people who value their privacy. What’s actually going on, and how worried should you be?

Cloud Video Camera Privacy Is a Matter of Faith

Before we dig into the specifics of various company practices, let’s get a very important caveat out of the way immediately.

If you have a cloud-based device in your home, be it a security camera like a Nest doorbell or a smart speaker with a voice assistant with an Amazon Echo, whether or not that device respects your privacy is largely a matter of faith on your part.

A company might say that your cloud recordings are encrypted (and they may even be encrypted), but a security breach or poor practices could expose them. Another company might say they only provide information to law enforcement when pressured to do so by a warrant, but we’re largely left assuming that’s true with no way to know exactly what happens to our data.

None of us are in a position to audit the companies we give access to our homes and our yards via these tools, so we’re left, truly, taking the claim that they keep our data secure as a matter of faith.

This is why the topic of police access to our cloud-based security cameras and devices is such an uncomfortable one, especially when stories percolate up in the news about companies sharing information with law enforcement agencies.

Maybe the idea that your doorbell footage or even the footage from inside your home might be given to the police, at the discretion of a cloud provider, to help with an investigation doesn’t bother you. Maybe you consider the warrant process to be a crucial and foundational element of the judicial process, and it bothers you enough that you opened this article with gritted teeth just thinking about warrant-less transfer of your data to the police.

Either way—whether you support the practice or not—you’re left largely in the dark and have to simply take a company at their word and hope their privacy and security practices are good.

The bottom line is that if you are concerned about a company sharing your information with the police, with or without a warrant, then you need to look for alternative options that don’t rely on cloud services or remote management by a third party.

With that in mind, let’s look at the current state of cloud-based security cameras and what kind of privacy you can expect (or give up) by opting to use cameras from different companies.

Can the Police Watch My Video Cameras in Real-Time?

While any kind of video sharing with the police can, and should be, seen as a potential invasion of privacy, one type of sharing sits poorly with people: real-time streaming.

Fortunately, as of the date of this article, in July 2022, there are no major cloud providers that have anything resembling real-time video streaming to police, nor are there any programs from major companies to even allow for opt-in real-time streaming.

Unfortunately, the privacy practices and policies across companies are not uniform. So while there are no companies pipelining a live feed from your cloud cameras into a central database like some sort of cross between 1984 and the surveillance room in The Dark Knight, there are certainly companies handing over your data without requiring a warrant first.

What Privacy Practices and Policies Do Companies Follow?

Putting aside the matter-of-faith caveat, let’s take a look at the major players in the cloud-based doorbell and security camera market and what they say and do in regard to consumer privacy and police requests.

Amazon Ring

A Ring Pro doorbell installed next to a blue door.
Amazon/Ring

Amazon purchased Ring back in 2018, and it seems like the company has been in the news ever since, thanks almost entirely to Amazon’s initiatives related to law enforcement and emergency responders. As such, their section here will be the longest and most detailed as, among cloud-camera providers, we have the most detailed picture of their policies.

Their Neighbors Public Safety Service program currently boasts 2,161 law enforcement partners (approximately 12% of the police departments in the United States). The program has been in the news frequently for various things, including the controversy surrounding a tool that allowed police officers to contact Ring owners to request footage.

That tool was scrapped in 2019 and replaced with a general Request for Assistance function wherein the police could send a broad request to a neighborhood asking for footage relevant to a crime under investigation. With over a million Ring doorbells sold per year, a whole lot of America is covered by the company’s nearly ubiquitous cameras.

Despite all the controversy, Amazon maintained that they didn’t share video footage from users’ Ring cameras with law enforcement without user consent or by legally binding order.

However, in July of 2022, in response to questions fielded by Senator Ed Markey (D-Mass), Amazon stated they had given law enforcement agencies access to Ring video footage 11 times in the first half of 2022—no data was supplied for prior years. You can read the entire official Amazon response here.

That video sharing, while questionable from a user privacy standpoint, is legal based on the Ring terms of service, excerpted below

In addition to the rights granted above, you also acknowledge and agree that Ring may access, use, preserve and/or disclose your Content to law enforcement authorities, government officials, and/or third parties, if legally required to do so or if we have a good faith belief that such access, use, preservation or disclosure is reasonably necessary to:

(a) comply with applicable law, regulation, legal process or reasonable preservation request; (b) enforce these Terms, including investigation of any potential violation thereof; (c) detect, prevent or otherwise address security, fraud or technical issues; or (d) protect the rights, property or safety of Ring, its users, a third party, or the public as required or permitted by law.

Based on what we now know, we can say that Amazon does give law enforcement officials access to Ring camera data without a warrant and, presumably, has done so prior to the 11 times they disclosed to Senator Markey.

The Ring platform does support end-to-end encryption for users with compatible hardware. The encryption is not available for older hardware or the battery-powered versions of their doorbells, however. It is not enabled by default, and enabling it limits viewing and playback to your enrolled mobile device (which holds the decryption key).

As a footnote in the Ring section, Amazon also owns the popular security camera company Blink—they acquired it in 2018—and the privacy and terms of service for Blink are in alignment with the same policies Amazon uses for Ring.

Google Nest

The new version of the Nest doorbell, installed on a new home.
Google/Nest

Compared to Amazon, Google has kept a much lower profile in the various controversies surrounding sharing videos with law enforcement. Google bought Nest way back in 2014 and has steadily built out the company with a plethora of easy-to-use smart cameras and a very popular smart doorbell that recently received a significant update.

The company has no public-facing police collaborations and no application like Amazon’s Neighbors app that encourages customers to assist with police investigations. However, like Amazon, the company reserves the right to share user data, without user consent or a warrant, per the company’s terms of service. This is outlined in the section “Requests for Information in Emergencies.”

If we reasonably believe that we can prevent someone from dying or from suffering serious physical harm, we may provide information to a government agency — for example, in the case of bomb threats, school shootings, kidnappings, suicide prevention, and missing persons cases. We still consider these requests in light of applicable laws and our policies.

Although a company spokesperson, speaking with CNET, indicated that they give users notice when their information is shared, the same terms of service linked to above indicate the notice may be delayed or never delivered, depending on the circumstances.

We might not give notice if the account has been disabled or hijacked. And we might not give notice in the case of emergencies, such as threats to a child’s safety or threats to someone’s life, in which case we’ll provide notice if we learn that the emergency has passed.

Unlike the disclosure provided by Amazon to Senator Markey, which establishes such actions have happened in the past, we were unable to dig up any specific examples of Google acknowledging that they have acted on the guidelines in their terms of service or how many times they have done so. Though it would be safe to assume that, surely, at some point, a situation has arisen that would prompt them to do so.

In fairness, that can be said about any company that has access to your data, and it should be assumed that if your data is not end-to-end encrypted, it could be given to law enforcement.

While Google Nest camera streams are encrypted to prevent eavesdropping between your home and the Google servers, the Nest cameras do not support end-to-end encryption.

Wyze

A Wyze Pro doorbell on a charcoal gray wall.
Wyze

Wyze security cameras have long-standing popularity due to their extremely budget-friendly price point—and Wyze’s video doorbell is a great example of that.

Per the Wyze terms of service, the company will provide user data at the request of law enforcement if the law enforcement agents have the legal authority to request it.

In response to a request for information if we believe disclosure is in accordance with, or required by, any applicable law or legal process, including lawful requests by public authorities to meet national security or law enforcement requirements.

A Wyze spokesperson clarified this stance with CNET, indicating that short of a valid subpoena or warrant, Wyze does not provide video or audio recordings to law enforcement.

Wyze videos are encrypted during streaming and on the Wyze servers, but the encryption is not end-to-end encryption.

Eufy

A Eufy doorbell, installed outside a modern apartment.
Eufy

Eufy, owned by parent company Anker, has a wide variety of cloud-based security cameras and a smart doorbell. The company’s privacy page does detail when Eufy might share video recordings with law enforcement, and it uses wording that should sound pretty familiar at this point:

In response to legal requests from law enforcement agencies, we will not, without the customer’s consent, disclose video recordings unless it is necessary to comply with the law or if there is an emergency involving imminent danger of death or serious physical injury to a person.

We object to overbroad or otherwise inappropriate demands as a matter of course. Unless prohibited from doing so or eufy has clear indication of illegal conduct in connection with the use of eufy products or services, eufy notifies customers before disclosing content information.

Eufy uses local storage unless the user signs up for the company’s cloud storage. Although the company says it uses end-to-end encryption to secure all transmitted footage between your cameras and your phone, Eufy did experience a very embarrassing “bug” in 2021 where hundreds of users found themselves logged into the accounts belonging to other users and able to view their cameras—which raises some serious questions about the end-to-end encryption claim.

Still, unfortunate bug aside, if you opt to only use local storage and not the optional cloud storage, the risk of law enforcement gaining access to your data without a warrant is much less than with Amazon or Google products.

Arlo

An Arlo doorbell installed beside a glass front door.
Arlo

Arlo, originally a child company of networking giant Netgear but now an independent company, has a wide variety of camera offerings and a smart doorbell, all of which incorporate into a basic security system.

Per company privacy policy, Alro will only provide personal information to law enforcement if compelled to do so by law.

We may share information for legal reasons. We will share Personal Information with companies, organizations or individuals outside of Arlo if we have a good faith belief that access, use, preservation or disclosure of the information is reasonably necessary to:

(1) meet any applicable law, regulation, legal process or enforceable governmental request (2) enforce applicable Terms of Use, including investigation of potential violations (3) detect, prevent, or otherwise address fraud, security or technical issues or (4) protect against harm to the rights, property or safety of Arlo, our users or the public as required or permitted by law.

A company spokesperson further clarified the information in section 1 is limited to valid warrant or court order.

Users may opt to store their video locally, referred to as Direct Storage Access in Arlo documentation, by pairing compatible cameras with one of Arlo’s SmartHubs. The company has a variety of cloud storage options ranging from free rolling storage for select cameras to subscription plans with 30-day storage. Arlo video feeds are encrypted but do not use end-to-end encryption.

Apple HomeKit Secure Video

An example of Apple's HomeKit Secure Video interface.
Apple

Up to this point, we’ve talked exclusively about companies that provide the entire video ecosystem from the hardware to the cloud storage. We’re touching on Apple’s secure video solution here because of its growing popularity and Apple’s current and historic hardline stance against sharing customer data with law enforcement.

Back in 2020, Apple introduced a new HomeKit feature called HomeKit Secure Video (HKSV). While HomeKit has supported camera integration for ages, the Secure Video system allows you to bring HKSV-compatible cameras into your HomeKit ecosystem and both view and securely store video with end-to-end encryption.

Per Apple’s privacy policy, data is only handed over to authorities if there is a legal basis to do so.

Apple receives various forms of legal process requesting information from or actions by Apple. Apple requires government and private entities to follow applicable laws and statutes when requesting customer information and data. We contractually require our service providers to follow the same standard we apply to government information requests for Apple data.

Our legal team reviews requests to ensure that the requests have a valid legal basis. If they do, we comply by providing data responsive to the request. If a request does not have a valid legal basis, or if we consider it to be unclear, inappropriate, or overly broad, we challenge or reject the request. We report on the requests every six months.

Further, what data the company can hand over is significantly limited by the extensive use of end-to-end encryption on Apple devices. Apple is unable to decrypt your data, and for law enforcement to gain access to your recordings, they would need to gain access to your devices and use legal processes to compel you to decrypt the data for them.

Ultimately, despite company assurances or the inclusion of end-to-end encryption, if you care deeply about your privacy, the conversation here turns back to the opening of the article. Cloud-based doorbell cameras and security cameras are great, but when it comes to privacy, you always have to place your trust in the company developing the product. Even if you do your research up front, policy changes or server bugs can compromise your privacy.

If you want complete control over your data, you’ll need to opt for a traditional security camera system or a modern IP security system platform that includes video doorbell options like this offering from Amcrest or more advanced options like the Ubiquiti Protect system.

They’re not as simple to set up, and you give up certain fancy features like facial recognition or such, but all your data ends up stored on a hard drive in your house where the police will need a proper warrant to retrieve it.