One of the reasons so many companies are backing Apple in its battle against the Department of Justice is because they believe their products should feature strong encryption that doesn't have backdoors. So it’s a surprise to learn that Amazon, one of the tech giants filing a court brief supporting Apple, has disabled the encryption capabilities of its Fire devices.
Amazon said that the Fire OS 5 update removed local device encryption support for the Kindle Fire, Fire Phone, Amazon Fire HD, or Amazon Fire TV Stick was because the feature simply wasn’t being used.
"In the fall when we released Fire OS 5, we removed some enterprise features that we found customers weren’t using," Amazon spokeswoman Robin Handaly wrote in an email. “All Fire tablets' communication with Amazon's cloud meet our high standards for privacy and security including appropriate use of encryption.”
One of the features removed includes one that allowed owners to encrypt their device with a pin which, if entered incorrectly 30 times in a row, deletes all the data stored on it. The feature is similar to the safety feature found on the iPhone at the center of the San Berardino shooter trial, which erases all the device data if the passcode is entered incorrectly ten times.
The issue has only just come to light because Amazon released an over-the-air update earlier this month for its older tablets to upgrade from Fire OS 4. Handaly added that another reason Amazon dropped the encryption feature was because most people use the Fire products as entertainment devices, rather than for productivity.
As mentioned in its statement, Amazon has assured customers that communications between Fire devices and its servers are still encrypted. This hasn’t stopped cybersecurity experts and privacy advocates lambasting Amazon’s decision.
“Actions speak louder than words, and removing encryption says a lot more to me than releasing statements in support of Apple, especially when you’re a manufacturer of devices that can also support encryption,” said Electronic Frontier Foundation staff technologist Jeremy Gillula.
“When you’re a device manufacturer that’s also in control of the software, there’s really no good reason not to make sure that you can support default encryption. It definitely seems like there is quite a bit of hypocrisy there.”