March 9, 2016
Amazon Confirms Local Data Encryption Gone on Fire Tablets
Mae Anderson READ TIME: 2 MIN.
Amazon has confirmed it removed the ability to encrypt locally stored data on its Fire tablets, saying that customers weren't using the service.
The change comes as Apple squares off against the FBI over access to an encrypted iPhone. Apple says giving the government access would make all other iPhones more vulnerable to hacks.
But the encryption that Amazon has removed is somewhat different than the security involved in the Apple case. And Amazon made the change well before the brouhaha started.
Amazon made the switch when it introduced its new Fire OS 5 in September with new Fire tablets. But it was brought to light this week as older versions of the tablets get operating system updates.
Encryption helps protect user data by scrambling it and only allowing access with a password. Amazon removed device encryption, but communication between Fire devices and Amazon's cloud, as well as data stored within the cloud, is still encrypted.
"All Fire tablets' communication with Amazon's cloud meet our high standards for privacy and security including appropriate use of encryption," said Amazon spokeswoman Robin Handaly.
Some experts speculate the change could have been made to improve performance of the Fire tablet. But Amazon said it removed some features, including encryption, from Fire OS 5 that it found customers weren't using.
Jeremy Gillula, staff technologist at the Electronic Frontier Foundation, said the move is puzzling since Amazon uses a modified version of Android's operating system for its Fire OS, so encryption was likely built into the Android system.
"It's concerning from a security point of view," he said. "If you lose your tablet or your tablet is stolen, any data that's stored is readable."
But Gartner analyst Avivah Litan said she thought people were overreacting, since most hacking is done via the cloud rather than a specific person's device.
"It comes at sensitive time during a debate over encryption so it seems like a much bigger issue than it is," she said.
Cynthia Larose, chair of the privacy and security practice at the law firm Mintz Levin in Boston, said removing the security feature simply because customers weren't using it sends the wrong message to users.
"I would have preferred to see Amazon engage in some customer education about the use of the included security measures," she said. "The more that non-business users of devices are educated about online and device safety, the better."
The encryption in question uses a user's pin or passcode and works at a file or data level, essentially transparent to the consumer.
In the case of encryption on the iPhone at the heart of the Apple and government dispute, the FBI wants specialized software that would bypass security protocols on the encrypted phone so investigators can test random passcode combinations in rapid sequence to access its data.
Amazon.com Inc. is one of 15 companies, including Google, Facebook, Microsoft and Yahoo, who filed court papers backing Apple in its fight with the FBI.