Amazon Just Removed Encryption From the Software Powering Kindles, Smartphones, Tablets

Patrick O'Neill writes: While Apple continues to resist a court order requiring it to help the FBI access a terrorist's phone, another major tech company took a strange and unexpected step away from encryption. Amazon has removed device encryption from the operating system that powers its Kindle e-reader, Fire Phone, Fire Tablet, and Fire TV devices. The change, which took effect in Fire OS 5, affects millions of users.

It was nice knowing you Kindle

[s.petry]

These authoritarians really need to go. At the same time, the fools who allow it need to go with them. Until that time comes, I'm not going to bend for either side.

I seem to remember this book called "The Republic" which talks about this very thing. I also read a whole lot of history about this Republic which was founded because of the same things.

History is always forgotten, so we continue to repeat it...

Not the e-ink kindle!

Only the Fire OS powered Kindle, which is a full fledged tablet with the Amazon android fork. Old fashioned e-ink kindle doesn't have encryption to start with.

Amazon finally went DRM free?

[sims+2]

Thats awesome!.....Darn that's not what TFA said at all.

So the rich people get to keep their encryption (DRM) and the rest of us get screwed again.

Re:Amazon finally went DRM free?

[Etherwalk]

You don't use kindle fire for the same kind of personal data you use your phone for, at least most of the time. Remember when there were librarians, and they seriously cared about and fought back against government demands to see what you checked out of the library?

Yeah. Amazon's not a librarian.

Amazon is a data-driven company that you have to assume keeps records of everything you do through them indefinitely. Since their ultimate market plan is to have a tiny slice of every transaction on the planet, they in many ways are a much bigger threat to your privacy than the FBI.

But they're really convenient.

Re:Amazon finally went DRM free?

[Ravaldy]

I'm not going to comment on their decision until a formal statement is made. I say this because this decision appears to be so out of line with the current marketing trends and strategies that there may be a good reason regardless of how dumb it appears.

I'd prefer no encryption

[Rhaize]

to easily circumvented encryption. Seems more honest that way.

Re:I'd prefer no encryption

[cant_get_a_good_nick]

They removed the stock encryption they got for free from AOSP. That's probably not easily circumvented, though better crypto techs could weigh in.

The big thing, is the tablets were so cheap, and therefore the processors so slow, they weren't encrypting by default anyway. This will probably affect pretty much no one in the real world - you had to dig into settings to enable it to slow your device down - but the optics aren't that good.

NOW they tell me!

[Locke2005]

After I already ordered an Amazon Echo... so now there is nothing stopping the NSA from listening to everything said in my house? Man, they are really going to be bored!

Re:NOW they tell me!

[Rhaize]

I considered briefly buying one of these, plugging it in and putting it in my kids playroom.. Every couple of days' I'd come in and roll through enough hot-button watch words to keep them listening.

How is that even legal?

That's like a car company disabling half the cylinders in your engine after you buy the car.

Reducing the functionality of a purchased product post-purchase is sleazy and probably should be considered illegal on some level.

Re: How is that even legal?

You would think so, but remember OtherOS on the PS3? It's happened other times too.

Re: How is that even legal?

[Anubis+IV]

Which is why they were forced to accept refunds from people who refused the upgrade. After all, it forced the user to choose between continuing to use PSN or continuing to use OtherOS, both of which were advertised features that the device had. Quite a few people returned their PS3s to Sony for a full refund. Others who wanted to keep using the device but had been using OtherOS received a partial refund for some court-determined value of OtherOS.

If people care enough, the same will happen here.

Re: How is that even legal?

[Anonymous+Brave+Guy]

The games industry is strange. Sometimes the only winning move is not to play.

Guess Bezos thinks Kindles are toys

[rsborg]

What I hate is that Amazon was looking pretty good there for a while.
So if you want FDE on your device, you have to have the latest Android or one of the bulk of iOS devices which support FDE.

Guess that's clear - not buying an Echo or any of it's satellites anytime soon.

Re:No Surprise

[MightyMartian]

I buy their books on occasion, but I won't be buying any of their hardware.

But clearly the pressure is on. The FBI and other investigative and intelligence agencies worldwide want to make you safer by making your data more vulnerable.

This is what happens when you let idiots and sociopaths into positions of power.

What is encrypted on these devices?

[Anonymous+Brave+Guy]

I've been looking through TFA and related material, but I'm still trying to figure out what this actually means in practice. What data, on an e-book reader, is usefully encrypted anyway? This is a genuine question, as I don't have any sort of Kindle. Perhaps there is integration with payment services or personal accounts of some kind? If so, does this mean anyone who installs this "upgrade" and then has their device stolen would have some significant credentials compromised?

Re:What is encrypted on these devices?

[bigCstyle]

and integrated one click payment/account info

Re:What is encrypted on these devices?

[gl4ss]

the kindles running fire os are android tablets. it's just a name for their fork.

I think they quit paying whoever was providing them with that or it's not compatible with new kernel and they can't be bothered to fix it.

Re:What is encrypted on these devices?

[93+Escort+Wagon]

I own a third generation Kindle e-reader (I believe it's the last one that had an actual keyboard).

A few weeks ago, I received an email from Amazon stating that there was a required device update; and, if I didn't apply it, as of March 22 I would no longer be able to get e-books sent to my Kindle or use any other Kindle services. The letter didn't mention encryption at all.

Thing is, with Kindle e-books it's always been pretty easy to strip the DRM - when I buy one, it's always the first thing I do... then a copy goes onto a backup disk. I wonder if they're changing the way they "protect" their e-books? If so, they'll be losing this customer - I don't purchase electronic-only media if I don't have full control of it.

On a side note - my Kindle is jailbroken, and it won't apply this new update unless I allow it.

Re:What is encrypted on these devices?

[kriston]

This has nothing to do with the e-Ink reader. It's only for the Fire line.

Re: No Surprise

[geekmux]

It doesn't just affect the sheeple, it sets a precedant. Now the three-letter agencies can say "look Apple, Amazon got rid of encryption and they're doing fine!"

Perhaps that might work for the average idiot, but someone with half a brain can easily argue that you could remove the locks from your front door and then turn a blind eye to anything bad that might happen. "Look, that citizen got rid of their locks, and they're doing just fine!"

Not for long applies to both idiotic "solutions".

Re: Be One Of Us!

[Penguinisto]

or not.

Amazon wasn't exactly making inroads into the consumer market anyway.

now a stolen device will destroy your life they are worth less than nothing.

Actually, this is a good point. So if you have an Amazon phone (all four of you), you may well want to start shopping for a new one - probably today. No idea who would put sensitive info on their Kindle, though...

Now the fun question is, do they still have DRM/encryption on all their eBooks? I'm betting the answer to that is probably 'yes'.

Re: No Surprise

[GuB-42]

If "doing fine" means being a third class player in the mobile market despite having a huge infrastructure ready to support it then sure...
The Kindle is kind of popular but that's just an eReader. Not something you put personal data on.

*Is* that even legal?

[Anonymous+Brave+Guy]

Reducing the functionality of a purchased product post-purchase is sleazy and probably should be considered illegal on some level.

I agree, but a more practical question might soon be: if upgrading to firmware that removes this feature is necessary in order to fix some other defect with the original product as purchased (broken functionality, security vulnerability, etc.) then would that already be illegal? Consumer protection laws are quite strong in some places, Europe for example, and even the biggest of tech firms can find themselves called out and penalised if they don't meet the required standards.

Re:Sources?

[whipslash]

http://motherboard.vice.com/re...

Prevention

[hattable]

It seems to me that it is a sort of preventative measure against bad press in the future. Take away any expectation of privacy when you are using a device and they explicitly state this, then you can't really be upset in a year when the police pick up your kindle plug it in and see you've been googling 'best way to cut up a body'.

Look at the Apple situation, there is no way for them to come out clean on this. Either they 1. already had a backdoor, 2. are going to lie about helping them get int 3. left some vulnerability that the FBI will exploit to read the phone anyway..you get the picture. I'm all for the fact that their initial reaction was to push back but the goodwill generated by that will only take them so far.

Now I don't agree with what Amazon did at all--I actually won't be happy until there is a smart-card adapter for every piece of communication/information system equipment in the world--but I can see how the move is beneficial for them. In 1 news cycle no one will care while Apple still has years and years of this tomfoolery to deal with.

Re:Spoiler: Clinton doesn't like encryption

[Jason+Levine]

Actually, Trump has spent his own money - about $250K of it. Much more, however, he has "loaned" his campaign. Eventually, if/when he's the nominee and raises funds from other people, his campaign will pay him back with interest. Thus, Trump will profit off of running for President even if he doesn't win. (That, and the whole "free publicity" thing which he loves.)

Re: No Surprise

[dgatwood]

The Kindle is kind of popular but that's just an eReader. Not something you put personal data on.

Sure. You pay them with a breath of fresh air. Who would use a credit card?

When we talk about personal data, we mean the union of private personally identifiable information (name, address, phone number, SSN) and information that users create. A credit card number is neither.

You do enter your name when you buy something with a card, but that's the least private piece of PII, and is likely to be present on any device you own anyway, making that not personal data in any meaningful sense except when combined with other private data, such as browsing habits.

A credit card number is a disposable identifier. It identifies your account, not you, and is valid only until the card number is canceled due to theft or whatever. And your liability in the event of theft is zero. This makes CCN theft a problem for CC companies and vendors, but not really a concern for you as the user.

With that said, I do disagree with the original poster for different reasons. There is a definite privacy impact here. People's reading choices can be very personal, and there is enough PII to at least potentially identify the owner (name plus the location where the device was found/stolen). When you combine that with someone's penchant for reading stories about [insert regionally taboo topic here] and their copy of the Anarchist Cookbook, you suddenly know more than any third party rightfully should know about someone even without having what most people would think of as "personal data".

Is AWS next...or already open?

[xxxJonBoyxxx]

Gee, it's a good thing Amazon only sells client machines, right? If anyone ran their servers/services on Amazon anything, they'd REALLY have to be worried...

Re: Be One Of Us!

[Darinbob]

Of course they have DRM still. They just made a decision that protecting the publisher's data is more important than protecting the customer's data.

Re:Spoiler: Clinton doesn't like encryption

[CanadianMacFan]

He's raised about $7.5M and has a couple of donate buttons on his site.

Re:Spoiler: Clinton doesn't like encryption

[Actually,+I+do+RTFA]

Eventually, if/when he's the nominee and raises funds from other people, his campaign will pay him back with interest

Legally, he has to pay himself back before he accepts the nomination (I believe). Or funds raised after that don't count or something. It doesn't matter. He's raising enough money now to pay himself back by then.

Re: Be One Of Us!

Let me fix that for you...

> They just made a decision that protecting the customer's data is more important than protecting consumer's data.

Apple support is unacceptable

[fyngyrz]

That would still be better than what Apple did to me. I wrote an integrated, dual-language point-of-sale system for a Chinese restaurant, friends of the family. They had a Mac Mini, perfect for this kind of low-cpu-load app; I designed and built the app on my mac pro, under the exact same level of OS X, got it working 100%, installed it on the mini... and it wouldn't print. Debugged a bit, and found that CUPS was going nipples north every time UTF-8 data (Chinese text, perfectly normal use of UTF-8) got sent to it. Only on the mini. Mac pro continued to print the Chinese text perfectly. Receipts, kitchen order printouts, reports, etc. So, I called Apple.

me: "I found a 100% repeatable bug in the CUPS printing engine that prevents output via the shell of UTF-8 text"
them: "um, yeah, we confirm that, turns out there was a bug in the object generation for Intel core 2 duos."
me: "So, a fix, when?"
them: Oh, already fixed, just upgrade OS X. Was only a bug in the code generator.
me: ok [buys upgrade on USB stick] [tries to upgrade the mini]
quoth the upgrade: "your computer cannot be upgraded, core 2 duo not supported"
me: "Hey, I can't upgrade, core 2 duo here"
them: "time for a new computer!"
me: "computer isn't broken. The OS is broken. Your OS. You told me so. It doesn't do what you said it would."
them: "...time for a new computer"
me: [ATH0] [buys used mini of later vintage for my friends out of my pocket - it certainly wasn't their fault - got all that working.]

Since then, they have tried to push many upgrades of the Apple app store and iTunes to the same machine. So they're definitely still building for the architecture.

Never bought another computer from them. I don't plan to, either. I still use OS X, but I only buy used machines, I don't buy apps or music or anything from the Apple store, and I now have an Android phone and my brand new S7 will be here in 8 days.

Apple isn't to be trusted. Period.