Tag: Amazon

Amazon is going to remove encryption capabilities of its Kindle Fire, Rumours says Apple & FBI Case is reason – Lansing Technology Time

Amazon is going to remove encryption capabilities of its Kindle Fire, Rumours says Apple & FBI Case is reason – Lansing Technology Time

According to Amazon, Removing Kindle Fire,Fire OS 5’s onboard encryption is not a new development, and it’s not related to the iPhone fight

Amazon said that the Fire OS 5 update removed local device encryption support for the Kindle Fire, Fire Phone, Amazon Fire HD, or Amazon Fire TV Stick was because the feature simply wasn’t being used.

Privacy advocates and some users criticized the move, which came to light on Thursday even as Apple Inc was waging an unprecedented legal battle over U.S. government demands that the iPhone maker help unlock an encrypted phone used by San Bernardino shooter Rizwan Farook.

On-device encryption scrambles data so that the device can only be accessed if the user enters the correct password. Cryptologist Bruce Schneier said Amazon’s move to remove the feature was “stupid” and called on the company to restore it.

Amazon’s move is a bad one. But it’s not a retreat in the face of Apple-FBI pressures

One of the features removed includes one that allowed owners to encrypt their device with a pin which, if entered incorrectly 30 times in a row, deletes all the data stored on it. The feature is similar to the safety feature found on the iPhone at the center of the San Berardino shooter trial, which erases all the device data if the passcode is entered incorrectly ten times.

Amazon joined other major technology companies in filing an amicus brief supporting Apple on Thursday, asking a federal judge to overturn a court order requiring Apple to create software tools to unlock Farook’s phone.

Amazon spokeswoman Robin Handaly said in an email that the company had removed the encryption feature for Kindle Fire tablets in the fall when it launched Fire OS 5, a new version of its tablet operating system.

“It was a feature few customers were actually using,” she said, adding that Kindle Fire tablets’ communication with the company’s cloud meets its “high standards for privacy and security including appropriate use of encryption.”

Encryption expert Dan Guido said that Amazon may have eliminated the feature to cut component costs for tablets that sell for as low as $50.

But digital privacy advocates and customers said those arguments were not good enough reasons for discontinuing the feature.

“Removing device encryption due to lack of customer use is an incredibly poor excuse for weakening the security of those customers that did use the feature,” said Jeremy Gillula, staff technologist with the Electronic Frontier Foundation.

“Given that the information stored on a tablet can be just as sensitive as that stored on a phone or on a computer, Amazon should instead be pushing to make device encryption the default – not removing it,” Gillula said.

David Scovetta, a security analyst who owns two Kindle e-readers as well as Amazon’s TV set-top box, said he is now wary of buying new gadgets from the company.

“Amazon could just as easily be encouraging its users to adopt it rather than remove it as a feature. That’s a massive step backwards,” he said.

Fire OS 5 is the first release to use the Android 5.0 “Lollipop” codebase, and as such it is possible that this removal is down to a technical issue (such as battery life or performance). Last year Google reported that it would allow hardware makers to decide whether or not to enable encryption-by-default because of performance issues on older devices.

People are talking about the lack of encryption today because the OS update is only now hitting older devices, like the fourth-generation Fire HD and Fire HDX 8.9. Despite how neatly the sudden forfeiture of encryption by a tech giant fits the Apple-FBI narrative, this encryption deprecation isn’t related to that battle. Instead, Amazon appears to have given up onboard encryption without any public fight at all.

Amazon Dropping Fire Encryption Has Nothing to Do With Apple

Amazon Dropping Fire Encryption Has Nothing to Do With Apple

Today, several reports pointed out that Amazon’s Fire OS 5 does not support device encryption, drawing a connection between the company’s encryption retreat and the current Apple-FBI iPhone unlocking fracas. But Amazon’s decision to remove Fire OS 5’s onboard encryption is not a new development, and it’s not related to the iPhone fight. The real question at hand is why Amazon decided to roll back encryption protection for consumers all on its own.

Introduced last fall, Amazon’s Fire OS 5 featured a refreshing redesign that added several usability features. But Fire OS 5 also took away device encryption support, while still maintaining security features for communication between devices and Amazon’s cloud.

“In the fall when we released Fire OS 5, we removed some enterprise features that we found customers weren’t using,” Amazon spokesperson Robin Handaly told WIRED. “All Fire tablets’ communication with Amazon’s cloud meet our high standards for privacy and security, including appropriate use of encryption.”

We’ve reached out again for clarification as to what “appropriate use” of encryption entails in Amazon’s view.

To be clear, removing encryption protections of any kind from Fire tablets should be seen as a step back for consumers, and for security as a whole.

“Amazon’s decision is backward—it not only moves away from default device encryption, where other manufacturers are headed, but removes all choice by the end user to decide to encrypt it after purchase,” says Nathan White, Senior Legislative Manager at digital rights organization Access Now. “The devices themselves also become more attractive targets for thieves. Users should no longer trust these devices: If you wouldn’t post it to the internet publicly, don’t put it on a Fire Tablet.”

Further, Amazon’s insistence that it maintains a secure connection with the cloud doesn’t ease concerns over the data on the device itself that’s now vulnerable.

“Data encryption at rest and data encryption in motion are two completely different things,” says White. “They shouldn’t conflate two important issues by saying ‘we encrypt in motion, so data at rest doesn’t matter.’”

Even without the cloud connection, a device stores all sorts of personal information, from email credentials to credit card numbers to sensitive business information, if you happen to be an enterprise user. In fact, the lack of encryption means corporate customers aren’t able to use certain email clients on Fire tablets any longer.

Amazon’s move is a bad one. But it’s not a retreat in the face of Apple-FBI pressures. For better or worse (mostly worse), it’s been this way for months. As Handaly noted, Fire OS 5 came out last fall, on a suite of new Amazon devices. Amazon message board users have been commenting on, and complaining about, the absence of encryption since at least early January.

So why the sudden focus? Likely because of this tweet:

Amazon Dropping Fire Encryption Has Nothing to Do With Apple

People are talking about the lack of encryption today because the OS update is only now hitting older devices, like the fourth-generation Fire HD and Fire HDX 8.9. Despite how neatly the sudden forfeiture of encryption by a tech giant fits the Apple-FBI narrative, this encryption deprecation isn’t related to that battle. Instead, Amazon appears to have given up onboard encryption without any public fight at all.

“This move does not help users. It does not help corporate image. And it does not fit into industry trends,” says Amie Stepanovich, US Policy Manager at Access Now.