When Amazon’s Fire OS 5 “Bellini” mobile operating system came out in September, people were mostly thinking about the new tablets it would run on, especially the $50 model. So cheap, so tempting.
It wasn’t until Thursday that users started noticing something odd about Fire OS 5’s security features: There’s no longer an option to locally encrypt data on Fire devices.
Fire OS is based on Android’s open-source code base, which has offered opt-in to local encryption (locked data on a device that’s only accessible with a passcode or other key) for years. But as Electronic Frontier Foundation member David Scovetta and others have noticed, the choice isn’t there anymore.
It seemed that there might be a connection between the discovery and the Apple/FBI passcode fight. Perhaps Amazon had nixed local encryption as a way to take a stand against Apple. Beginning with iOS 8, Apple made local encryption the default on passcode-protected devices, but it’s much easier for law enforcement to examine mobile data on any brand device where the feature is off or unavailable.
The two situations seem unrelated, though. Amazon said in a statement, “In the fall when we released Fire OS 5, we removed some enterprise features that we found customers weren’t using. All Fire tablets’ communication with Amazon’s cloud meet our high standards for privacy and security including appropriate use of encryption.” So the decision would have been made long before Apple started its fight with the FBI over the San Bernardino shooter’s iPhone.
Basically Amazon is saying that it still encrypts data as it travels between servers and Fire devices, but there wasn’t enough interest in local encryption to make it worth preserving the feature. This doesn’t make a ton of sense since it’s already built and maintained by Android, but the real motivation probably has to do with the cheap Fire tablets. Inexpensive parts, like weak processors, would be significantly burdened when local encryption was on, and everything would slow down.
Even though Amazon wasn’t reacting to the Apple/FBI fight, though, the company’s decision is still highly relevant to that situation and the broader debate around privacy and law enforcement access. Eliminating the local encryption option sends the message that Amazon is a company that prioritizes performance over security. If you buy its Fire products, your local data would be easy to access by law enforcement or a bad actor.
Amazon says that its customers weren’t using the local encryption feature, but it’s not really fair to take digital security cues from consumers, who almost always choose ease of use and convenience over security. Though individuals are ultimately responsible for themselves, device manufacturers and/or software developers have the power to help facilitate good choices, or tacitly discourage them.
