Privacy experts aren’t thrilled by Amazon’s rolling surveillance robot
Maybe don’t put an autonomous, internet-connected, mobile video camera inside your home.
That’s the advice of security experts responding to Amazon’s new roving surveillance robot, dubbed Astro. While pitched as a plucky new addition to the household that customers can think of as “part of their family,” the $1,499.99 robot unveiled Tuesday opens up homes and the people inside them to new potential forms of abuse.
As envisioned by Amazon, Astros will move “autonomously” around customers’ homes to act as security cameras, and can assist with “[looking] out for loved ones” possibly via a remote dial-in feature called Drop In, or Live View.
This sends up major red flags for Matthew Guariglia, a policy analyst with the Electronic Frontier Foundation.
“Think about the worst case scenario that could happen if a third party gained access to that robot,” Guariglia explained over a phone call. “What would it see, what would it hear, and what could be done with that information?”
This isn’t merely a hypothetical. Hackers have done just that with Amazon’s Ring cameras in the past, and even Amazon’s own employees have tried to access customers’ private Ring footage. And this problem isn’t limited to Amazon. In early 2021, a former ADT employee admitted to watching customers have sex for years through their security cameras.
“Blanketing your home in Internet-connected surveillance devices makes you and your family less safe, not more safe,” explained Evan Greer, the director of Fight For the Future, a nonprofit digital rights group, over direct message.
We asked Amazon what it thinks of experts’ concerns regarding Astro, and the company responded with a statement detailing various security precautions it takes.
“We employ best-in-class on-device security techniques, to include data encryption, boot protection, and account access restrictions,” read the statement in part. “Astro applications and cloud components undergo security reviews and testing to ensure they meet our rigorous security standards on par with our Echo devices before they are made available to customers.”
When it comes to cameras inside the home, though, users have more to worry about than just hackers. Amazon works closely with law enforcement and, as Guariglia explained, there’s a real concern that police can gain access to Astros via court order — effectively granting law enforcement access to the inside of customers’ homes without ever having to show up in person.
Creeping quietly behind you.
Credit: screenshot: amazon
But that’s not all. Remember Drop In? Amazon says the feature lets customers “open an instant conversation between your devices or with your Alexa contacts,” and that users can “Drop In on a contact who granted you Drop In permissions.”
“I certainly wouldn’t accept this as a gift from anyone.”
Guariglia points out that this feature could be abused in a particularly dangerous manner.
“I certainly wouldn’t accept this as a gift from anyone, out of fear that they have somehow opted into this Drop In mode.”
And what happens, wonders Guariglia, when a couple which owns an Astro breaks up? Who retains access to the roving camera after the fact?
Astro’s white paper, provided by an Amazon spokesperson, suggests the company is aware that the robot’s capabilities could be abused and has taken steps to mitigate that potential abuse.
“The person who initiates a live view session will initially only see a blurred view for a short duration (except when Astro is set to Away mode or actively investigating a detected event),” explains the white paper in part. “During this time, people in the home have the option to cancel the video stream before it starts or end it after it has started, like by pressing the ‘stop’ button on Astro’s screen, or by saying ‘Astro, stop.'”
As to how a consumer would know she was in the “blurred view” grace period in time to stop a live stream? An Amazon spokesperson explained over email that “Astro provides a five-second countdown timer before a live view session starts to provide people at home the opportunity to cancel a video stream connection. You will hear an audible indicator and have an opportunity to cancel a live view before it starts.”
The spokesperson added that “When a Live View session is active, there is a persistent banner on the top of the screen and a green light bar on the bottom to indicate the camera is being remotely accessed.”
Even Astro’s presumably well-intended uses, however, like enabling family members to remotely check in on elderly relatives, are not without privacy concerns. Did that aging parent being monitored by Amazon’s Astro consent to being under potentially constant surveillance?
“Ubiquitous surveillance inside of the home fills your house with tools for abusers,” Eva Galperin, the EFF’s director of cybersecurity, wrote on Twitter.
What’s more, the Astro bot also appears capable of identifying specific individuals, via a feature Amazon calls visual ID.
“To help personalize the experience, Astro also supports a new computer vision feature called visual ID, which lets household members teach Astro to recognize them so it can deliver a reminder or call to a specific person, or even find someone to bring them an item you’ve put in Astro’s cargo bin.”
Amazon has long sought to collect biometric information, like palm prints, from people. As with Astro, Amazon One, a payment system which sought “unique palm signatures,” also elicited pushback from privacy experts.
“Handing your sensitive biometric information to private corporations is a terrible idea, especially since there are almost no laws in place that hold them accountable for keeping that information safe, or prevent them from abusing it or selling it to others,” explained Greer back when Amazon One was first announced.
Amazon has made some basic privacy concessions which it lays out in its Astro blog post. For starters, owners can manually turn off the device’s microphone and camera — in other words, Amazon has made what should be the bare minimum possible. Thankfully, Amazon has also included an indicator light on Astro to clue owners in to when the device is currently live streaming.
In addition, Amazon says that it’s “designed Astro to handle a lot of the data processing on the device,” which, of course, suggests that some of the data processing is done on Amazon’s servers.
According to Greer, surveillance tools like Astro pose a society-wide concern.
SEE ALSO: Amazon makes half-hearted gesture toward smart speaker privacy
“Amazon’s drones won’t just sweep up footage from inside the homes of people who buy them,” she wrote, “these devices will inevitably capture footage of neighbors, passersby, and others through windows, etc., who have not consented and may not be aware they are being monitored and recorded.”
And that’s a problem no privacy feature, perhaps short of a hammer, can fully address.
UPDATE: Sept. 28, 2021, 2:46 p.m. PDT: This story was updated to include additional information about Live View from an Amazon spokesperson.