When I was at Dell EMC in the early 2010s, we sold enterprise storage to companies that had no idea what they were storing. A hospital would buy a petabyte array, fill it with data, and three years later discover that vendor log files and patient access records were sitting in the same backup tier, equally retrievable, equally producible in litigation. The technology did exactly what the contract said it would do. The customer simply had not read the contract. I think about that hospital every time I see a Ring doorbell on a law office door. During Super Bowl LX, Amazon ran a sixty-second advertisement about lost dogs. The premise was heartwarming: a neighborhood’s Ring doorbells scanning footage across one another, using AI to identify a missing pet and reunite it with its owner. By the end, the dog was home. Families on the street cheered. The Electronic Frontier Foundation watched the same ad and reached a different conclusion. In a February 10, 2026 analysis, EFF researcher Beryl Lipton described the feature as a “scary overreach of the surveillance state designed to catch us all in its net.” The gap between those two reactions tells you everything you need to know about what Ring has become. The feature shown in that ad, called Search Party, is enabled by default on every compatible Ring device. To disable it, you open the app, navigate to Control Center, select Search Party, and manually turn it off for each camera individually. Amazon did not notify existing device owners when the feature activated. You agreed to it when you accepted the Terms of Service. If you have a Ring doorbell at your law office entrance, you have a problem that predates lost dogs. You have a device with a live microphone that records conversations up to 20 feet away, uploads audio to Amazon’s servers, timestamps every approach to your building, and makes that data available to law enforcement on a subpoena without a warrant. Under ABA Formal Opinion 498 and North Carolina Rule 1.6(c), the obligation to prevent that disclosure is yours. **The Direct Answer: Three Problems, One Device** Ring creates three distinct risk layers for a law office. Most attorneys conflate them, which means they address the one that matters least and ignore the two that carry direct obligations. The first layer is audio. Your Ring doorbell’s microphone activates on motion detection, not on doorbell presses. Consumer Reports found that the Ring Video Doorbell 3 Plus captures conversational-volume speech from up to 20 feet away outdoors. That covers your front steps, your parking lot approach, and the client who mentions a co-defendant’s name on the way in before they have pressed the bell. ABA Formal Opinion 498, issued March 2021, instructs attorneys to disable the listening capability of devices like this while communicating about client matters. That obligation exists now. The second layer is motion event data. Every approach to your front door generates a timestamp in Ring’s servers. That log is service usage information under Ring’s own law enforcement guidelines, producible on a subpoena without probable cause or judicial review. At a law office, six months of timestamps is a directory of attorney-client relationships. The third layer is video content. This is the layer Ring’s marketing emphasizes. Recorded footage requires a search warrant before Ring will produce it. That protection is real. It is also the smallest problem of the three. Layer One: The Microphone Consumer Reports tested the Ring Video Doorbell 3 Plus in 2021. In still outdoor conditions, the device captured conversational-volume speech from up to 20 feet away. In a controlled lab environment, it recorded speech from 18 feet. Senator Ed Markey cited that research in a June 2022 letter to Amazon, declaring Ring’s audio capabilities a threat to the public. Twenty feet covers the steps outside your office. It covers the parking lot approach. It covers the conversation you have walking a client to their car after a difficult meeting. If your office is in a building where your Ring doorbell faces a hallway, echoey conditions may extend that range further. The ABA addressed this directly in March 2021. ABA Formal Opinion 498, titled Virtual Practice, instructs that attorneys should disable the listening capability of devices or services such as smart speakers, virtual assistants, and other listening-enabled devices while communicating about client matters. The opinion specifies the reason: failing to do so exposes the client’s information to unauthorized third parties and increases the risk of hacking. A Ring doorbell is a listening-enabled device. Its microphone activates on motion detection, not on doorbell presses. When a client walks up to discuss a sensitive matter, the device does not wait for them to ring the bell. ABA FO 498 does not carve out devices mounted outside. It does not distinguish between doorbells and smart speakers. FO 498 was drafted primarily to address attorneys working from home where smart speakers were incidentally present, but its instruction applies to any listening-enabled device regardless of installation location: if the technology is not assisting your law practice, disable it while communicating about client matters. Ring’s microphone was not installed to assist legal representation. It was installed for building security. That distinction does not narrow the obligation. It confirms it. North Carolina’s wiretapping statute adds an independent question that no ethics opinion has yet resolved. Under N.C. Gen. Stat. §15A-287, recording an oral communication is lawful only if at least one party to the communication consents. The Ring device owner consents through the Terms of Service. But for a conversation between two people approaching the building, where neither is the device owner and neither consented to Amazon’s capture of their words, whether that constitutes unlawful interception depends on whether the speakers had a reasonable expectation of privacy. An attorney and client discussing settlement strategy on the front steps of a law office present a closer question than two people arguing at a bus stop. The statute applies to oral communications uttered under circumstances justifying an expectation of privacy. Whether a law office entrance qualifies is unsettled. It is a question worth putting to NC bar ethics counsel before your next renewal, not after your first subpoena. Layer Two: The Visitor Log Ring distinguishes between content information and service usage information. Video content requires a search warrant. Service usage information requires only a subpoena. That category includes the log of when and how frequently the device activated. Ring’s guidelines do not enumerate motion event logs by name. But every approach to your door generates a timestamp and a motion detection event. That is service usage information by any reasonable reading of the term: a record of when the device was triggered and how often. It is not a video. It does not require a cloud storage subscription. It is generated by the device’s passive infrared sensors regardless of what subscription tier you hold. Ring processed 1,877 search warrants and 287 subpoenas in the first half of 2022 alone, a 56 percent increase in search warrants from the same period the prior year. The company does not publish how many individual accounts were affected by those requests. That omission distinguishes Ring from Google, Apple, and Microsoft, all of which disclose that figure. The reported volume is the floor. How Amazon’s System Works Ring’s Terms of Service, effective November 2025, state in Section 2(b) that deleted content and subscription plan recordings may be stored by Ring in order to comply with certain legal obligations and are not retrievable without a valid court order. Deletion is not destruction. If law enforcement serves Ring with a preservation request before you delete the footage, the footage exists regardless of what your app dashboard shows. Amazon’s Ring and Google’s Nest operate on the same legal architecture: cloud storage, law enforcement subpoena access for non-content data, and contractual retention of user-deleted recordings pending legal compliance. On February 1, 2026, the FBI recovered Google Nest footage believed to have been deleted by the account holder in the abduction investigation of Nancy Guthrie, the 84-year-old mother of NBC anchor Savannah Guthrie. The legal mechanism transfers to any cloud-connected device at any address. Ring’s partnership with Axon, announced July 2025, allows law enforcement to request user footage directly through Axon’s evidence management platform. The request surfaces to Ring device owners as a voluntary sharing option. The attorney does not receive that request. The client who visited at 2:15 on a Tuesday afternoon does not know their visit was logged. The Ethics Framework North Carolina Rule 1.6(c) requires that a lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client. Comment 19 clarifies that reasonable efforts depends on the sensitivity of the information and the cost-benefit of additional security measures. The NC State Bar’s 2024 FEO 1, adopted November 1, 2024, extends this obligation forward. Attorneys must continuously evaluate technology decisions and revisit those choices when new information calls prior decisions into question. A lawyer who hired an IT professional three years ago and has not evaluated physical office devices since does not satisfy the obligation as written. ABA Formal Opinion 477R (May 2017) provides a seven-factor test for the reasonable efforts standard. Factor one: understand the nature of the threat. Factor two: understand how information is transmitted and stored. Factor three: assess what security measures are available. Most attorneys who installed a Ring doorbell evaluated none of the three. The device was marketed as a security product. The security problem it creates for client communications went unexamined. Neither the NC State Bar nor the ABA has issued guidance specifically addressing smart building devices at law office entrances. Every technology ethics opinion to date addresses digital communications, cloud services, or cybersecurity incidents. Physical IoT devices creating audio records and visitor logs occupy an unaddressed category. That gap does not create a safe harbor. ABA FO 498’s instruction to disable listening-enabled devices during client matters covers Ring by its plain language. The Strongest Objection, and Where It Fails You installed the device for legitimate security purposes. The building has crime. Attorneys have been murdered at their offices. Sharon Nelson and John Simek, two of the most respected legal cybersecurity practitioners in the country, endorsed Ring-type devices for law office security in a 2016 piece for Attorney at Work, specifically citing the physical safety benefits. That endorsement was well-reasoned at the time. The video content protection is real. A warrant with probable cause is required before Ring produces recordings. An attorney who enables Ring’s optional end-to-end encryption prevents Ring from accessing footage at all, even with a warrant. At the video layer, the protection holds. The strongest counter-argument on the visitor log is a Fourth Amendment one: approaching a building on a public sidewalk or shared parking lot carries no reasonable expectation of privacy under existing doctrine. Under Katz v. United States and its progeny, the government can observe what a person knowingly exposes to the public. If a client walks across a parking lot visible from the street, the argument runs, their presence is not constitutionally protected. That argument addresses constitutional floor, not professional responsibility ceiling. Rule 1.6(c) does not ask whether law enforcement could lawfully observe the visitor. It asks whether the attorney made reasonable efforts to prevent disclosure of information relating to the representation. The professional responsibility obligation is independent of what the Fourth Amendment permits. A client’s constitutional exposure to observation does not relieve the attorney of the ethical obligation to avoid creating a timestamped database of that exposure, retained by a third party, producible on demand. The argument does not reach the audio layer at all. ABA FO 498 does not ask whether the device serves a security purpose. It asks whether the listening capability is assisting your law practice. A Ring doorbell’s microphone is not assisting legal representation. It is capturing client conversations as a byproduct of approach detection. That is what FO 498 said to disable. The security need is real. Locally stored cameras with no cloud connection, no law enforcement portal, and no third-party data-sharing obligation satisfy the security need without creating the subpoena vector. Local-storage devices exist in the same price range as Ring. The trade-off is convenience and cloud monitoring features, not physical security itself. What the Fourth Circuit Holds Client identity is generally not privileged in the Fourth Circuit. In re Grand Jury Subpoena, 204 F.3d 516 (4th Cir. 2000), held that compelled disclosure of a client’s identity does not violate the attorney-client privilege. The exception applies only when so much of the underlying communication has been disclosed that identifying the client effectively reveals its substance. The Rule 1.6 confidentiality obligation is broader. Information relating to the representation encompasses client identity, the existence of the representation, and the timing and frequency of consultations. A motion event log from the defense firm’s entrance in the weeks before a deposition reveals which witnesses visited, which experts appeared, and which individuals who subsequently became cooperating witnesses were meeting with defense counsel. The log does not record what was said. It records who came, when, and how often. In criminal defense, immigration, employment discrimination, and any matter involving a client who fears government scrutiny, that pattern is the information that matters most. Practice-Specific Exposure Criminal defense. Any client who appeared at the office during an active federal investigation has a timestamped visit producible on subpoena without probable cause. The Fourth Circuit’s narrow privilege exception provides limited cover. Rule 1.6 provides none. Immigration. Federal immigration authorities have used geofence warrants and device location data to identify individuals at specific addresses. A Ring motion event log is more precise than a geofence sweep: one address, one device, one timestamp. That log is producible on subpoena without probable cause. It identifies the client, the fact of their representation, and the timing of their visit. It creates a database of clients who fear government scrutiny. It is a problem. Family Law. In a contentious divorce, the opposing party may subpoena the Ring motion event log to identify individuals visiting the client’s home or office. This could include new partners, expert witnesses, or even children. The log provides a detailed timeline of who came and went, which can be used to build a narrative or challenge claims made in court. Personal Injury. A Ring doorbell can capture footage of accidents or incidents occurring near the law office. While this might seem beneficial, it also creates a record that can be subpoenaed by opposing counsel. The footage could be used to challenge the client’s account of events, or to identify other parties involved who may not wish to be known. Corporate Law. For law firms representing corporate clients, the Ring doorbell can log visits from competitors, investors, or employees. This information, if subpoenaed, could reveal sensitive business dealings or strategies. The metadata associated with these visits could be particularly valuable to opposing parties. Conclusion Law firms must critically evaluate the technology they employ, especially devices that collect and store data about clients and visitors. The convenience of a Ring doorbell does not outweigh the ethical obligations to protect client confidentiality and prevent unauthorized disclosure of information. Firms should consider alternative security solutions that offer local storage and do not transmit sensitive data to third-party servers. Regular review of technology policies and adherence to ethical guidelines are paramount in safeguarding client information in an increasingly connected world.

Originally published on LinkedIn Newsletter: The Technology Blind Spot