Ring Hacking Lawsuit Boosts Amazon Security Device Scrutiny (1)

Jan. 2, 2020, 7:45 PMUpdated: Jan. 2, 2020, 8:39 PM

A hacker who allegedly contacted an Alabama man’s children through an Amazon.com Inc. Ring home security device has prompted a California federal lawsuit that faults the company for the breach.

John Baker Orange’s children were playing basketball in the driveway of his Jefferson County home when a voice allegedly came through the speaker of a Ring device he had purchased in July 2019 and installed on his garage, according to a Dec. 26 complaint. The voice commented on the basketball play of the children, under age 11, and encouraged them to get closer to the camera, Orange alleged.

The lawsuit, filed in the U.S. District Court for the Central District of California, may increase the level of scrutiny Amazon already faces from lawmakers and consumers over the devices people install on their properties to boost security. Amazon bought connected-doorbell startup Ring in 2018 for $839 million.

“Customers’ most basic privacy rights were violated along with the security and sanctity of their homes,” Orange said in the complaint. He alleges common law negligence, invasion of privacy and contract claims, and seeks $5 million in damages, in addition to declaratory and injunctive relief.

Representatives for Amazon didn’t immediately respond to a request for comment.

Amazon already faces questions about the privacy of the Ring devices and the company’s eagerness to partner with law enforcement, Lindsey Barrett, a staff attorney at Georgetown Law’s Communications & Technology Clinic, said. “Every new revelation just goes to show how badly needed that scrutiny is,” she said.

Sen. Ron Wyden, (D-Ore.) and four Democratic colleagues questioned Amazon’s security protections of Ring user data in a Nov. 20 letter.

Orange in his lawsuit said he wasn’t aware that he could have used two-factor authentication to secure his Ring device from hackers. He faults the company for not giving him that information. After the hacking incident, Orange set up two-factor security after previously using a medium-strong password, according to his complaint.

If Orange wins his case, two-factor authentication could be required for many Internet-enabled home systems, said Peter McLaughlin, privacy and data security partner at Womble Bond Dickinson in Boston.

However, Orange may have a hard time achieving standing to sue because he fails to allege specific harm, Carl Szabo, vice president and general counsel of NetChoice, said. “There isn’t a single actual harm identified,” Szabo said.

Orange’s attorney, John Yanchunis of Morgan and Morgan, said consumers need “clear and conspicuous” warnings about Ring vulnerabilities.

The Law Office of Francis J Flynn Jr. also represents the plaintiff. Attorneys for Amazon couldn’t be immediately identified.

The case is Orange v. Ring, LLC, C.D. Cal., No. 19-10899, complaint 12/26/19.

(Updated with comment by Orange's attorney in 11th paragraph. Earlier version corrected time reference in second paragraph.)

To contact the reporter on this story: Daniel R. Stoller in Washington at dstoller@bloomberglaw.com

To contact the editor responsible for this story: John Hughes at jhughes@bloomberglaw.com; Keith Perine at kperine@bloomberglaw.com

To read more articles log in. To learn more about a subscription click here.