A growing number of tech news outlets and security experts are criticizing Amazon’s decision to stop encrypting locally stored data on the company’s Fire devices.
Data stored on Amazon Fire HD, Amazon Fire TV, Kindle Fire, or Fire Phone will no longer be encrypted once owners upgrade to Fire OS 5. The decision ensures that data on Fire devices is less secure than before.
Amazon told TechCrunch that data transferred from Fire devices to Amazon’s cloud will continue to be encrypted but that managers there decided to stop encrypting data on the devices because few owners were using it. “In the fall when we released Fire OS 5, we removed some enterprise features that we found customers weren’t using,” Amazon said in a statement.
This explanation isn’t convincing, according to critics. Some have said that Amazon’s decision represents a “step back” on security. Detractors note not all consumers use strong passwords but that’s not a reason to stop encouraging them to do so.
When it comes to encryption, Amazon’s record is controversial. In 2014 NSA whistleblower Edward Snowden called Amazon’s encryption practices “morally irresponsible,” because its customers can browse for books and other products without any security measures.
According to Snowden, Amazon encrypts credit card transactions, which would hide a customer’s purchases, but product searches are conducted in “plain text,” without encryption and that enables governments and others to peek at those searches.
Much of the flak Amazon is taking is likely due to how out of step it seems with the efforts throughout the rest of the sector to improve security — especially at Apple. Last month, a federal magistrate judge ordered Apple to create a software workaround that would enable FBI agents to hack the iPhone that belonged to one of the shooters in December’s San Bernardino terrorists attack. Apple has refused, arguing in court and before a Congressional committee this week that creating a backdoor or “master key” would put all iPhone owners at risk of intrusion.