Amazon quietly drops encryption feature in Fire OS; 'a massive step backwards,' say security experts
views
Amazon.com has quietly dropped support for disk encryption on its Fire tablets, saying the feature that secures devices by scrambling data was little used by customers.
Privacy advocates and some users criticised the move, which was highlighted recently even as Apple was waging an unprecedented legal battle over US government demands that the iPhone maker help unlock an encrypted phone used by San Bernardino shooter Rizwan Farook.
On-device encryption scrambles data so that the device can only be accessed if the user enters the correct password. Cryptologist Bruce Schneier said Amazon's move to remove the feature was "stupid" and called on the company to restore it.
"Hopefully the market will tell them to do otherwise," he said.
Amazon joined other major technology companies in filing an amicus brief supporting Apple on Thursday, asking a federal judge to overturn a court order requiring Apple to create software tools to unlock Farook's phone.
Amazon spokeswoman Robin Handaly said in an email that the company had removed the encryption feature for Fire tablets in the fall when it launched Fire OS 5, a new version of its tablet operating system.
"It was a feature few customers were actually using," she said, adding that Fire tablets' communication with the company's cloud meets its "high standards for privacy and security including appropriate use of encryption."
Encryption expert Dan Guido said that Amazon may have eliminated the feature to cut component costs for tablets that sell for as low as $50.
But digital privacy advocates and customers said those arguments were not good enough reasons for discontinuing the feature.
"Removing device encryption due to lack of customer use is an incredibly poor excuse for weakening the security of those customers that did use the feature," said Jeremy Gillula, staff technologist with the Electronic Frontier Foundation.
"Given that the information stored on a tablet can be just as sensitive as that stored on a phone or on a computer, Amazon should instead be pushing to make device encryption the default - not removing it," Gillula said.
David Scovetta, a security analyst who owns two Kindle e-readers as well as Amazon's TV set-top box, said he is now wary of buying new gadgets from the company.
"Amazon could just as easily be encouraging its users to adopt it rather than remove it as a feature. That's a massive step backwards," he said.
Comments
0 comment