Amazon drops encryption feature in Fire tablet software

(Reuters) – Amazon has quietly dropped support for disk encryption on its Fire tablets, saying the feature that secures devices by scrambling data was little used by customers.

Privacy advocates and some users criticized the move, which came to light on Thursday even as Apple was waging an unprecedented legal battle over U.S. government demands that the iPhone maker help unlock an encrypted phone used by San Bernardino shooter Rizwan Farook.

On-device encryption scrambles data so that the device can only be accessed if the user enters the correct password. Cryptologist Bruce Schneier said Amazon’s move to remove the feature was “stupid” and called on the company to restore it.

“Hopefully the market will tell them to do otherwise,” he said.

Amazon joined other major technology companies in filing an amicus brief supporting Apple on Thursday, asking a federal judge to overturn a court order requiring Apple to create software tools to unlock Farook’s phone.

Amazon spokeswoman Robin Handaly said in an email that the company had removed theencryption feature for Fire tablets in the fall when it launched Fire OS 5, a new version of its tablet operating system.

“It was a feature few customers were actually using,” she said, adding that Fire tablets’ communication with the company’s cloud meets its “high standards for privacy and security including appropriate use of encryption.”

Encryption expert Dan Guido said that Amazon may have eliminated the feature to cut component costs for tablets that sell for as low as $ 50.

But digital privacy advocates and customers said those arguments were not good enough reasons for discontinuing the feature.

“Removing device encryption due to lack of customer use is an incredibly poor excuse for weakening the security of those customers that did use the feature,” said Jeremy Gillula, staff technologist with the Electronic Frontier Foundation.

“Given that the information stored on a tablet can be just as sensitive as that stored on a phone or on a computer, Amazon should instead be pushing to make device encryption the default – not removing it,” Gillula said.

David Scovetta, a security analyst who owns two Kindle e-readers as well as Amazon’s TV set-top box, said he is now wary of buying new gadgets from the company.

“Amazon could just as easily be encouraging its users to adopt it rather than remove it as a feature. That’s a massive step backwards,” he said.

(By Jim Finkle and Mari Saito. Editing by Stephen R. Trousdale and David Gregorio)



All articles

IDG Contributor Network: 5 myths about data encryption

It’s a heartache, nothing but a heartache. Hits you when it’s too late, hits you when you’re down. It’s a fools’ game, nothing but a fool’s game. Standing in the cold rain, feeling like a clown.

When singer Bonnie Tyler recorded in her distinctive raspy voice “It’s A Heartache” in 1978, you’d think she was an oracle of sorts, predicting the rocky road that encryption would have to travel.

Just a year earlier in 1977 the Encryption Standard (DES) became the federal standard for block symmetric encryption (FIPS 46). But, oh, what a disappointment encryption DES would become. In less than 20 years since its inception, DES would be declared DOA (dead on arrival), impenetrable NOT.

To read this article in full or to leave a comment, please click here


Uncategorized

NSA director just admitted that government copies of encryption keys are a big security risk

The director of the NSA, Admiral Michael Rogers, just admitted at a Senate hearing that when Internet companies provide copies of encryption keys to law enforcement, the risk of hacks and data theft goes way up.

The government has been pressuring technology companies to provide the encryption keys that it can use to access data from suspected bad actors. The keys allow the government “front door access,” as Rogers has termed it, to secure data on any device, including cell phones and tablets.

Rogers made the statement in answer to a question from Senator Ron Wyden at the Senate Intelligence Committee hearing Thursday.

Wyden:  “As a general matter, is it correct that anytime there are copies of an encryption key — and they exist in multiple places — that also creates more opportunities for malicious actors or foreign hackers to get access to the keys?

Rogers: Again, it depends on the circumstances, but if you want to paint it very broadly like that for a yes and no, then i would probably say yes.”

View the exchange in this video.

Security researchers have been saying for some time that the existence of multiple copies of encryption keys creates huge security vulnerabilities. But instead of heeding the advice and abandoning the idea, Rogers has suggested that tech companies deliver the encryption key copies in multiple pieces that must be reassembled.

From VentureBeat

Get faster turnaround on creative, more testing, smarter improvements and better results. Learn how to apply agile marketing at our roadshow in SF.

“The NSA chief Admiral Rogers today confirmed what encryption experts and data scientists have been saying all along: if the government requires companies to provide copies of encryption keys, that will only weaken data protection and open the door for malicious actors and hackers,” said Morgan Reed of the App Association in a note to VentureBeat.

Cybersecurity has taken center stage in the halls of power this week, as Chinese president Xi Jinping is in the U.S. meeting with tech leaders and President Obama.

The Chinese government itself has been linked with various large data hacks on U.S. corporations and on U.S. government agencies. By some estimates, U.S. businesses lose $ 300 billion a year from Chinese intellectual property theft.

One June 2nd, the Senate approved a bill called the USA Freedom Act, meant to reform the government surveillance authorizations in the Patriot Act. The Patriot Act expired at midnight on June 1st.

But the NSA has continued to push for increased latitude to access the data of private citizens, both foreign and domestic.



Uncategorized