John and Jennifer Politi, purchasers of several Ring products, have filed a putative class action lawsuit against Ring, LLC arising out of Ring’s alleged failure to implement industry standard security features into its products. The case has been consolidated with a similar case that was filed in the U.S. District Court for the Central District of California in December 2019.
The allegations in the class action complaint are certainly disturbing. The Plaintiffs allege that they purchased various Ring products, including a video doorbell and outdoor and indoor video surveillance cameras. They allege that Ring’s advertisements include statements that these products bring the purchaser “peace of mind.” They also allege that Ring represents to its customers that privacy and security is “at the top of [Ring’s] priority list” and that Ring takes measures “to help secure Ring devices from unauthorized access.”
The Plaintiffs allege that Ring’s products did not live up to these statements and representations. Rather, on December 9, 2019, the Plaintiffs’ son came running into their bedroom because he heard a man’s voice on the first floor asking if anyone was home. The Plaintiffs initially believed that the voice had come from a neighbor’s house. The next night, however, the children ran into the Plaintiffs’ bedroom again because they heard a man’s voice “humming a scary tune.” As the family went downstairs to investigate, they heard what sounded like a siren coming from the first floor. Mr. Politi then heard a man’s voice asking, “What’s up bro?,” telling him to “come here,” and asking if he could hear him. Mr. Politi then noticed that the lights on the Ring indoor camera were on, and he concluded that is where the sounds were coming from. He later discovered that the lights on the camera showed when the camera was being accessed. These lights had been on at other times, leading the Plaintiffs to believe that unauthorized individuals had accessed the camera in the past. The Plaintiffs allege that when they raised the issue of unauthorized access with Ring, they were simply told to change their password.
The Plaintiffs assert causes of action for negligence, breach of implied warranty, unjust enrichment, breach of privacy, and claims under the California Unfair Competition Law and the California Legal Remedies Act. The claims largely hinge on Ring’s representations that its products were secure and would bring the buyer “peace of mind.” The Plaintiffs allege that such statements were unfair, deceptive, untrue, or misleading. The Plaintiffs also allege that Ring was negligent in failing to provide reasonable and adequate safeguards for its products to secure them against unauthorized access. The case brings privacy by design principles and industry security standards directly into focus and may help to establish how such principles and standards can support a common law action for negligence. For example, is it the consumer’s responsibility to create a complex password and change it periodically? Or is it the product manufacturer’s responsibility to design the product in a way that it forces the consumer to create a complex password and change it periodically? If the responsibility is on the product manufacturer, will we begin to see more and more defective product claims based on a failure to implement standard security features? In any event, we are certainly going to continue to see an increase in lawsuits based on consumer allegations that an internet of things device failed to live up to privacy and security expectations.