Apparently, your home surveillance cameras may have a data privacy loophole that results in footage being given to law enforcement without your consent.

That’s what Alfred Ng of Politico reports (The privacy loophole in your doorbell, available here) when he reports that Michael Larkin, a business owner in Hamilton, Ohio, was asked by police to give him footage from Larkin’s front door camera. His doorbell was among 21 Ring cameras in and around his home and business, picking up footage of Larkin, neighbors, customers and anyone else near his house.

The police said they were conducting a drug-related investigation on a neighbor, and they wanted videos of “suspicious activity” between 5 and 7 p.m. one night in October. Larkin cooperated, and sent clips of a car that drove by his Ring camera more than 12 times in that time frame.

Case closed, right? Not at all. They next asked for more footage, now from the entire day’s worth of records. He declined that request. He says his main concern at first was practical: each clip, even if it were only 5 seconds long, would take up to a minute to download and send over.

Then, a week later, Larkin received a notice from Ring itself: The company had received a warrant, signed by a local judge. The notice informed him it was obligated to send footage from more than 20 cameras — whether or not Larkin was willing to share it himself.

That included all five of his outdoor cameras, and added a sixth camera that was inside his house, as well as any videos from cameras associated with his account, which would include the cameras in his store. It would include footage recorded from cameras he had in his living room and bedroom, as well as the 13 cameras he had installed at his store associated with his account.

As networked home surveillance cameras become more popular, Larkin’s case illustrates a growing collision between the law and people’s own expectation of privacy for the devices they own.

Questions of who owns private home security footage, and who can get access to it, have become a bigger issue in the national debate over digital privacy. And when law enforcement gets involved, even the slim existing legal protections evaporate.

“It really takes the control out of the hands of the homeowners, and I think that’s hugely problematic,” said Jennifer Lynch, the surveillance litigation director of the Electronic Frontier Foundation, a digital rights advocacy group.

In the debate over home surveillance cameras, much of the concern has focused on Ring in particular, because of its popularity, as well as the company’s track record of cooperating closely with law enforcement agencies. The company offers a multitude of products such as indoor cameras or spotlight cameras for homes or businesses, recording videos based on motion activation, with the footage stored for up to 180 days on Ring’s servers.

The number of search warrants Ring receives has grown significantly each year. It received 536 search warrants in 2019, the first year covered by its transparency report. In the first half of 2022, it received 1,622 requests.

Ring has declined to provide footage in the past. According to its transparency report, it sent back no information in response to 113 out of the 536 warrants it received in 2019, and 634 out of 1610 warrants in 2020. Then it stopped providing that information publicly.

The article includes the one page warrant, which lists 6 cameras subject to it, but also adds: “Any and all other camera recordings, video recordings, images, and data stored from any and all cameras not listed above that were not physically located but are still associated with the above listed email /account”. The warrant was signed by Judge Daniel Haughey, who didn’t respond to requests for comment on Larkin’s case.

Why add that last line? It seems a bit much. Doorbell and other home surveillance cameras are a useful law enforcement tool that have led to identification and conviction of suspects (including the Tony Aiello case here), but they also open up data privacy concerns as well. We need to do a better job of drawing the line that the 1986 Electronic Communications Privacy Act currently provides.

So, what do you think? Who’s at fault here? Larkin (for stopping cooperating with police), law enforcement (for requesting footage from all of his cameras), the Judge (for signing off on the warrant) or Ring (for not declining to provide it)? Or do you think the request was appropriate? Please share any comments you might have or if you’d like to know more about a particular topic.

Hat tip to Ryan Short for the initial coverage on LinkedIn.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by my employer, my partners or my clients. eDiscovery Today is made available solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Today should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.