While Apple is engaged in a high profile battle with the FBI over privacy, and receiving the support of fellow tech companies, some firms clearly take a different view.
Take Amazon, for instance.
Yes, it seems that Amazon has effectively announced which side of the fence it sits on.
Because Amazon has proactively removed encryption from Fire OS 5, the latest version of the operating system used by the Amazon Kindle Fire, Fire Phone, Amazon Fire HD, and Amazon Fire TV Stick.
While Apple fights the good fight, @Amazon removes encryption as option from FireOS 5 | @csoghoian @normative @eff pic.twitter.com/nggBdtFG7j
— David Alexander (@davidscovetta) March 3, 2016
Encryption was never enabled by default on Fire OS. It was always something that users had to turn on. And, as Amazon told Ars Technica, consumers just weren’t taking advantage of the privacy feature:
“In the fall when we released Fire OS 5, we removed some enterprise features that we found customers weren’t using. All Fire tablets’ communication with Amazon’s cloud meet our high standards for privacy and security including appropriate use of encryption.”
In other words, when your Amazon tablet sends data up to their servers it is (quite rightly) encrypted. And that helps hackers and intelligence agencies from snooping upon your communications.
But if someone was able to get physical hold of your device, they would be able to easily extract the data and your personal information from it.
That is, of course, very different from an Apple iPhone.
Fire OS not using encryption by default for data stored locally was always a mistake. But the fix should have been to ensure it was always enabled, not to rip the feature out.
All we (and the FBI) can hope is that terrorists, drug lords and paedophiles will suddenly all choose to adopt Amazon’s products because clearly security and privacy is not a priority.
It certainly doesn’t sound like they are a great choice for the rest of us.
Update: Amazon appears to have had a change of heart following the outcry online, and will be reintroducing the encryption option in a future update.
“We will return the option for full disk encryption with a Fire OS update coming this spring.”
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.
3 comments on “Terrorists, drug lords and paedophiles – please use the Amazon Fire”
I can see many technically oriented (and privacy conscious) people will be boycotting this device as a result. This isn't a Kindle; it's a fully blown tablet that stores email, calendar information, private pictures, confidential documents etc.
I know many lawyers (other professionals use them too – e.g. doctors) and the growing trend, at least for the past 5 or 6 years, has been to use an iPad for storing casework/document bundles on. It saves heaving about/printing/annotating incredibly heavy (and prone to break) lever-arch files for voluminous work where 20,000+ bundles are the norm.
Why has the iPad become so popular amongst lawyers? Apart from the many other benefits that using a tablet brings (and especially one with access to the Apple ecosystem) the main reason is ENCRYPTION. The iPad is the only government-approved tablet for use in the UK because encryption is enabled by default and is properly implemented by the manufacturer. It doesn't require any fiddly setting up, like on many Android devices (not always available), and there's no room to make a mistake which might seriously compromise the security of your device – providing the user disables iCloud backup.
By inexplicably removing an essential function that is included (but not necessarily turned on by default) in modern versions of Android it appears that Amazon have made a very daft political choice.
This is why I don't own or will ever own a Kindle. Not that I would carry a kindle around all day with me in the first place.
And after all the negative publicity Amazon have decided to reverse their stupid decision. Pity they couldn't use hardware-accelerated encryption and enable it by default on devices.
Still, we've been told that they've removed VPN functionality so these devices will still not appeal to the security conscious.