It is up to you to decide if you may or may not be incriminating yourself. You are presumed innocent until proven guilty by a court of law. Anything you say can and will be used against you. Therefore, saying nothing is *always* the best defence. Ask any lawyer about that.
Unless they can prove without a doubt that that USB sticks holds evidence, they can't prove you are obstructing justice. If they can already prove without a doubt that there's evidence on that stick, they don't need the contents any more and they already have their proof, so you're not obstructing either because they already have the evidence.
These back doors may exist in new devices, but any older device is likely to have a back door. If the vendor updates the devices at all, they usually stop doing that shortly after they stop sales of the device. Your perfectly fine WiFi router or DSL box will most likely have vulnerabilities on it that make it just as insecure as these new devices.
I actively check my DSL router and I know my ISP and several security minded customers do the same. Any WiFi router in my home runs a modified Linux distribution like Tomato, openWRT or DD-WRT that is actively maintained. While it's bad that A-brand companies evidently don't do this this the stuff they buy from other vendors, most devices in the field are just as vulnerable as these boxes are, simply because they don't get updates.
Burning vendors for selling insecure devices is good practice to get this problem solved. Burning them for not being responsible for their sale and updating or liberating the devices they sold should be just as normal as burning them for new equipment. You can't expect people to buy a new device every year simply because the vendor refuses responsibility once it's left their factory.
First of all, Amazon doesn't get a very high percentage of affiliate tagged traffic/purchases. If every ISP would do this, it would get 100% and the whole business model wouldn't work any more. Amazon would have to pay out way too many affiliate bonuses. Second, any affiliate that the user might choose, would lose out because their tag would get replaced by that of the ISP.
Modern systems often aren't a single purpose hardware server any more. Mobile devices that have to switch on services like GPS, several networking modems, voice over IP, hotplug hardware and start/stop associated services and such will make you have to run numerous daemons that control just restarting the one small group of services and hardware for every corner case you can imagine if you keep using RC scripts.
Even servers often have nested dependencies these days. You'd want the system to restart a failing middleware application in the correct sequence after you've fixed the filesystem on the storage that ran out of space that caused it to remount r/o on all your web server platform VMs. Try doing a bunch of init.d scripts for that. Either you custom write a script to do it remotely just for your app, or you have the systemd-like control that will just figure out what to do all by itself.
Yes, it adds complexity to very simple single use systems, but it makes dealing with all the glue you have to do to get dependencies on other services and corner cases so much easier. I used to think it was a solution looking for a problem too, until I found out that I could now stop worrying about getting my systems up again after I just solved the single cause of all the problems that got them down in the middle of the night.
I program, therefore I am.