Amazon has confirmed that version 5 of Fire OS for its Fire tablet removes support for device encryption.
In a statement sent to TechCrunch the company said: “In the fall when we released Fire OS 5, we removed some enterprise features that we found customers weren’t using. All Fire tablets’ communication with Amazon’s cloud meet our high standards for privacy and security including appropriate use of encryption.”
So, in other words, Amazon is still encrypting data transfers from Fire tablets to external servers but content stored locally on a Fire tablet is not being afforded such protections.
The dropping of support for Fire OS 5 device encryption was spotted earlier by EFF member David Scovetta who tweeted the following screenshot from the Fire tablet user guide:
Amazon’s move has come to light at a time when Apple is fighting a high profile legal battle against the FBI in support of encryption. The agency has demanded Apple weakens the security of iOS to enable the FBI to hack into a locked iPhone 5c. Apple is refusing — warning that deliberately weakening its software risks the security of all iOS users.
Multiple tech companies have come out in support of Apple’s stance, with several filing supportive amicus briefs to the court. Apple and others are calling for a proper debate to be held in Congress on whether the security services should have the right to request companies perforate their own encryption systems on demand. (Ironically enough, Amazon is one of the companies that has publicly backed Apple’s stance by adding its name to a joint amicus brief, along with Microsoft, Facebook, Google and others.)
Of course, if a company removes encryption itself — as Amazon is doing in the case of device encryption for its Fire tablets — then the debate becomes moot. Law enforcement, security agencies and hackers don’t need any special backdoors to be built; without encryption protecting local storage they can easily obtain the user’s data from the hardware.
And, ergo, as others have noted, opt-in security is insecurity…
Claiming users weren’t using the encryption feature, and therefore that encryption is unnecessary, is of course a disingenuous argument on Amazon’s part. Users also hate using strong passwords — is Amazon going to encourage users to ditch those too?
The company’s motivation for dropping device encryption here might be no more nefarious than a desire to try to improve the performance of cheap, low power hardware (the 7-inch Fire slate can costs as little as $50 new). Whatever the truth, Amazon’s move underlines that buying budget hardware of any kind can be a very false economy when it comes to security.