With little fanfare, Amazon has removed the option for device encryption for tablets, phones and other products running its Fire OS 5 operating system. The decision has been met with widespread confusion and criticism, especially as Amazon yesterday filed an amicus brief in support of Apple’s decision not to give the FBI access to the data on the iPhone of one of the San Bernadino, Calif. terrorists.
Amazon’s move on Fire OS 5 (pictured above) encryption came to light after David Scovetta, lead analyst for compliance and security at Zendesk, yesterday tweeted, “While Apple fights the good fight, @Amazon removes encryption as option from FireOS 5.” Accompanying the tweet was a screenshot of a Fire HD user guide stating, “Encryption support will soon be deprecated on Fire HD (4th Generation) and Fire HDX 8.9 (4th Generation).”
An Amazon spokesperson today told us, “In the fall when we released Fire OS 5, we removed some enterprise features that we found customers weren’t using. All Fire tablets’ communication with Amazon’s cloud meet our high standards for privacy and security including appropriate use of encryption.”
‘How Is This Possible?’
Fire OS 5 — given the codename “Bellini” — was rolled out in September with Amazon’s new line of Fire tablets. Users on Amazon’s online support forums have been posting questions and criticisms since at least January about the new operating system’s deprecation of device encryption.
“How is this possible?” a user with the handle RSandHJB posted January 12 on Amazon’s Kindle customer forum. “My 6″ Kindle Fire from one year ago is telling me that I can’t upgrade to version 5 without removing encryption, because it is deprecated . . . How can we keep using these devices if we can’t actually secure the large amount of personal data that ends up on them?”
Another thread on the Kindle forum has generated dozens of new comments since yesterday, with a number of users emphatically stating that they would no longer use Amazon devices unless the company reversed its decision.
“Amazon has no problem using encryption on their products (aka DRM), but they’ve decided that I’m not entitled to the same right on my own data on a device that I paid for,” user John Adams wrote today. “No more hardware purchases for me. Such a shame. The Echo Dot was about to be ordered. But now it won’t be.”
Fix ‘Should Have Been’ Encryption by Default
While Amazon’s decision to disable device encryption with Fire OS 5 — not to mention calling the option an “enterprise feature” — is being widely criticized, the company has noted in the past that the feature can cause slower performance on devices. Unlike Apple and other companies that have started providing encryption by default for their devices, Amazon has left the decision to enable device encryption up to customers.
By removing that as an option with its latest OS, “Amazon has effectively announced which side of the fence it sits on,” independent computer security analyst Graham Cluley said today in a blog post titled, “Terrorists, drug lords and paedophiles — please use the Amazon Fire.”
Not enabling encryption by default was “always a mistake,” Cluley noted. “But the fix should have been to ensure it was always enabled, not to rip the feature out. All we (and the FBI) can hope is that terrorists, drug lords and paedophiles will suddenly all choose to adopt Amazon’s products because clearly security and privacy is not a priority.”
Image Credit: Fire OS 5 image via Amazon.
