Amazon Just Removed Encryption From the Software Powering Kindles, Smartphones, Tablets

Patrick O'Neill writes: While Apple continues to resist a court order requiring it to help the FBI access a terrorist's phone, another major tech company took a strange and unexpected step away from encryption. Amazon has removed device encryption from the operating system that powers its Kindle e-reader, Fire Phone, Fire Tablet, and Fire TV devices. The change, which took effect in Fire OS 5, affects millions of users.

Amazon finally went DRM free?

[sims+2]

Thats awesome!.....Darn that's not what TFA said at all.

So the rich people get to keep their encryption (DRM) and the rest of us get screwed again.

Re:Amazon finally went DRM free?

[Etherwalk]

You don't use kindle fire for the same kind of personal data you use your phone for, at least most of the time. Remember when there were librarians, and they seriously cared about and fought back against government demands to see what you checked out of the library?

Yeah. Amazon's not a librarian.

Amazon is a data-driven company that you have to assume keeps records of everything you do through them indefinitely. Since their ultimate market plan is to have a tiny slice of every transaction on the planet, they in many ways are a much bigger threat to your privacy than the FBI.

But they're really convenient.

Re:Amazon finally went DRM free?

[Ravaldy]

I'm not going to comment on their decision until a formal statement is made. I say this because this decision appears to be so out of line with the current marketing trends and strategies that there may be a good reason regardless of how dumb it appears.

I'd prefer no encryption

[Rhaize]

to easily circumvented encryption. Seems more honest that way.

How is that even legal?

That's like a car company disabling half the cylinders in your engine after you buy the car.

Reducing the functionality of a purchased product post-purchase is sleazy and probably should be considered illegal on some level.

Re: How is that even legal?

You would think so, but remember OtherOS on the PS3? It's happened other times too.

Re:No Surprise

[MightyMartian]

I buy their books on occasion, but I won't be buying any of their hardware.

But clearly the pressure is on. The FBI and other investigative and intelligence agencies worldwide want to make you safer by making your data more vulnerable.

This is what happens when you let idiots and sociopaths into positions of power.

What is encrypted on these devices?

[Anonymous+Brave+Guy]

I've been looking through TFA and related material, but I'm still trying to figure out what this actually means in practice. What data, on an e-book reader, is usefully encrypted anyway? This is a genuine question, as I don't have any sort of Kindle. Perhaps there is integration with payment services or personal accounts of some kind? If so, does this mean anyone who installs this "upgrade" and then has their device stolen would have some significant credentials compromised?

Re:What is encrypted on these devices?

[93+Escort+Wagon]

I own a third generation Kindle e-reader (I believe it's the last one that had an actual keyboard).

A few weeks ago, I received an email from Amazon stating that there was a required device update; and, if I didn't apply it, as of March 22 I would no longer be able to get e-books sent to my Kindle or use any other Kindle services. The letter didn't mention encryption at all.

Thing is, with Kindle e-books it's always been pretty easy to strip the DRM - when I buy one, it's always the first thing I do... then a copy goes onto a backup disk. I wonder if they're changing the way they "protect" their e-books? If so, they'll be losing this customer - I don't purchase electronic-only media if I don't have full control of it.

On a side note - my Kindle is jailbroken, and it won't apply this new update unless I allow it.

Re: No Surprise

[geekmux]

It doesn't just affect the sheeple, it sets a precedant. Now the three-letter agencies can say "look Apple, Amazon got rid of encryption and they're doing fine!"

Perhaps that might work for the average idiot, but someone with half a brain can easily argue that you could remove the locks from your front door and then turn a blind eye to anything bad that might happen. "Look, that citizen got rid of their locks, and they're doing just fine!"

Not for long applies to both idiotic "solutions".

Re: Be One Of Us!

[Penguinisto]

or not.

Amazon wasn't exactly making inroads into the consumer market anyway.

now a stolen device will destroy your life they are worth less than nothing.

Actually, this is a good point. So if you have an Amazon phone (all four of you), you may well want to start shopping for a new one - probably today. No idea who would put sensitive info on their Kindle, though...

Now the fun question is, do they still have DRM/encryption on all their eBooks? I'm betting the answer to that is probably 'yes'.

Re:Spoiler: Clinton doesn't like encryption

[Jason+Levine]

Actually, Trump has spent his own money - about $250K of it. Much more, however, he has "loaned" his campaign. Eventually, if/when he's the nominee and raises funds from other people, his campaign will pay him back with interest. Thus, Trump will profit off of running for President even if he doesn't win. (That, and the whole "free publicity" thing which he loves.)

Re: No Surprise

[dgatwood]

The Kindle is kind of popular but that's just an eReader. Not something you put personal data on.

Sure. You pay them with a breath of fresh air. Who would use a credit card?

When we talk about personal data, we mean the union of private personally identifiable information (name, address, phone number, SSN) and information that users create. A credit card number is neither.

You do enter your name when you buy something with a card, but that's the least private piece of PII, and is likely to be present on any device you own anyway, making that not personal data in any meaningful sense except when combined with other private data, such as browsing habits.

A credit card number is a disposable identifier. It identifies your account, not you, and is valid only until the card number is canceled due to theft or whatever. And your liability in the event of theft is zero. This makes CCN theft a problem for CC companies and vendors, but not really a concern for you as the user.

With that said, I do disagree with the original poster for different reasons. There is a definite privacy impact here. People's reading choices can be very personal, and there is enough PII to at least potentially identify the owner (name plus the location where the device was found/stolen). When you combine that with someone's penchant for reading stories about [insert regionally taboo topic here] and their copy of the Anarchist Cookbook, you suddenly know more than any third party rightfully should know about someone even without having what most people would think of as "personal data".

Re: Be One Of Us!

[Darinbob]

Of course they have DRM still. They just made a decision that protecting the publisher's data is more important than protecting the customer's data.

Re: Be One Of Us!

Let me fix that for you...

> They just made a decision that protecting the customer's data is more important than protecting consumer's data.