For Amazon, security is an inconvenience

Analysis: In removing device encryption from its phones and tablets, Amazon is telling its users that performance and convenience are more important than security.
Written by Zack Whittaker, Contributor
Amazon's Fire HD, no longer encrypted. (Image: CNET/CBS Interactive)

If you ever needed a definition of hypocrisy, Amazon just served up one hot plate.

Amazon has removed device encryption from its tablets and phones, a day after the company filed a brief supporting Apple in its fight against the FBI over encryption.

The retail giant turned cloud and device maker confirmed in a statement it had removed device encryption from its Fire OS 5 because the company "found customers weren't using it."

In other words, Amazon will continue to encrypt your data in transit, but it won't scramble the contents of its customers' Fire tablets or phones. That means thieves and law enforcement will have an easier time grabbing user data from these devices without too much effort.

Though the decision was made last year, the brouhaha ignited this week after one Fire tablet owner David Scovetta posted a screenshot on Twitter showing that encryption on older Fire HD and Fire HDX tablets is "no longer supported." Now it appears that Amazon is reversing course and will add back encryption in a Spring update, according to TechCrunch.

Nevertheless, Amazon's timing of the upgrade is striking, given that it pushed the software to older devices at a tense moment in the tech industry.

Apple is fighting the FBI after a California court said the iPhone maker should help federal agents break into the iPhone of one of the San Bernardino terrorists. Apple refused to comply with the order, arguing that the order compelling it to rewrite software that would help the FBI bypass the phone's passcode violates the company's First Amendment rights.

Amazon did not respond when we asked to clarify why it had chosen to remove the feature.

ZDNet's Adrian Kingsley-Hughes explained the basics. In short, Amazon's Fire OS is a fork of Android, of which encryption is part of the deal. The decision to remove the feature is Amazon's to make. Switching encryption on by default has led to some phone makers suffering with "performance issues," which is why so few Android devices come with the feature enabled out of the box.


Amazon has removed a feature that lets users scramble the contents of its customers' Fire tablets or phones, which protects data from theft or surveillance. (Image: CNET/CBS Interactive)

In the case of Amazon's Fire tablets, even their support pages warn that turning on encryption on Fire tablets "will result in slower performance".

Those who have turned on encryption on their Fire tablets can choose not to upgrade the software.

But what's probably more insulting of all is that it forces device owners into a tricky security situation: upgrade and lose encryption, or don't upgrade and lose out on the latest features and security fixes.

Given that the industry -- Apple, and Google (albeit at a slower pace), and others -- is edging towards the wider adoption of encryption, it's bizarre that Amazon is going against the grain.

Now that customers are coming to accept that encryption is a selling point, Amazon should be pushing it aggressively on customers whether they ask for it or not. Apple quietly added encryption to iOS 8, only announcing it after the fact. It wasn't an issue until the government made it an issue.

Here's the easy answer. If Amazon can't push encryption by default because of device performance issues, then should make its products better.

But the problem is that because the tablets have an extremely low price points and near-negligible profit margin, Amazon can't boost the performance of its tablets without raising the price.

Every company to some degree is now a security company -- from toy firms to smart device gadget makers and even car manufacturers. Every company has to think about security at the forefront, rather than an afterthought. For leading tech companies like Amazon, in particular, security has to be a central pillar and not an inconvenience to the company or its customers.

Amazon's security backtrack sends a strong message that that the performance of its devices is more important than its customers' security. That in itself sets a dangerous precedent, one that could see other tech companies use encryption as a commodity instead of using encryption to make the world more secure.

Editorial standards