Amazon quietly disabled encryption on its Fire OS 5 devices
It's come to light that Amazon quietly disabled encryption on all of its Fire OS devices with its latest major software update. The revelation comes at a time when Apple is in an unprecedented legal battle with the FBI and a heated debate over the very importance of encryption technology in every user's life. The disabling of Fire OS's encryption happened with the update to the company's Fire OS 5 software that runs on the Kindle Fire, Fire Phone, Amazon Fire HD, and Amazon Fire TV Stick, reports The Verge.
What's most striking about the disabling of Fire OS's encryption is that Amazon didn't publicly give users a heads-up, despite Fire OS 5 shipping to users last fall. The news was first reported publicly earlier this year when posts began popping up on Amazon's customer discussion forums by eagle-eyed Fire OS users. Soon after, cybersecurity enthusiast David Scovetta posted a screenshot of the only place Amazon mentioned its disabling of Fire OS's encryption: in the OS's user guide.
Amazon hasn't commented on the removal of Fire OS encryption beyond releasing a simple statement saying its removal was due to the fact that some customers weren't using it: "In the fall when we released Fire OS 5, we removed some enterprise features that we found customers weren't using," an Amazon spokesperson said. "All Fire tablets' communication with Amazon's cloud meet our high standards for privacy and security including appropriate use of encryption."
Amazon's surprise move has been blasted by the technology press, privacy advocates, and cybersecurity experts.
"Removing device encryption due to lack of customer use is an incredibly poor excuse for weakening the security of those customers that did use the feature," Jeremy Gillula, staff technologist with the Electronic Frontier Foundation, told Business Insider. "Given that the information stored on a tablet can be just as sensitive as that stored on a phone or on a computer, Amazon should instead be pushing to make device encryption the default -- not removing it."
Nathan White, senior legislative manager at digital rights organization Access Now, told Wired, "Amazon's decision is backward -- it not only moves away from default device encryption, where other manufacturers are headed, but removes all choice by the end user to decide to encrypt it after purchase."
As the Guardian notes, the move is especially baffling considering Amazon is one of the myriad tech companies supporting Apple in its fight against the FBI, with Amazon chief technology officer Werner Vogels openly talking about the importance of encryption at the Mobile World Congress a few weeks ago.
"We believe that you cannot have a connected business, or an internet-connected business and not make security and protection of your customers your number one priority," Vogels said. "Encryption plays a very, very important role in that ... it is one of the few really strong tools we have so customers know that only they have access to their data and nobody else."
As the Guardian notes, Vogels' comments came months after Amazon actually removed encryption. "The company has, effectively, created a public facade that supports encryption even as it removes security features from its products," the newspaper said.
"It definitely seems like there is quite a bit of hypocrisy there," observed the EFF's Gillula.