Amazon values encryption so much that it drops support on Kindle Fire tablets
Amazon has came out in support of encryption, following Apple's recent legal battles with the US government, saying that it "plays a very, very important role" in protecting customer data.
But you might be surprised to learn that Amazon has also decided to quietly drop support for full disk encryption on its Android-based Kindle Fire tablets. Since it is portraying itself as an encryption and consumer advocate, its decision to go in the opposite direction strikes me as sheer hypocrisy.
Amazon says that the reason why full disk encryption is no longer supported on its Kindle Fire tablets is that few customers were taking advantage of this feature. As you may know, full disk encryption is not enforced by default, but users who want the extra protection can turn it on easily from the Android's settings menu. The average user probably does not even know it exists, but power users are obviously more knowledgeable and more willing to go the extra mile.
Amazon wants to look good in the eyes of privacy advocates and its own customers, but it no longer seems to want to deal with any of the implications that encryption support entails: added costs. And I am not talking just about maintaining the software.
The hardware can most likely handle full disk encryption, because, after all, this feature was available until recently. But, if users have issues, support teams have to take their complaints, testers have to investigate those problems, and, finally, developers have to create patches. This all takes time and resources, which ultimately costs Amazon money. Meanwhile, if the US government needs access to Amazon's customers' data, its agencies will be able to easily extract that information from Kindle Fire devices -- and, just like that, Amazon avoids any costly legal battles.
But, in doing that, Amazon has created a new problem: its decision to drop encryption support is backfiring. Normally, this would not be such a big issue, but considering all the talk surrounding encryption and privacy coupled with Amazon's public stance, you can understand why this is "stupid", as cryptologist Bruce Schneier put it.
"Removing device encryption due to lack of customer use is an incredibly poor excuse for weakening the security of those customers that did use the feature", explains Jeremy Gillula, Electronic Frontier Foundation staff technologist. "Given that the information stored on a tablet can be just as sensitive as that stored on a phone or on a computer, Amazon should instead be pushing to make device encryption the default -- not removing it".
Amazon's CTO seems to share the same opinion, as Werner Vogels says that "encrypting your data... of your customers is mandatory. It is not only mandatory from a business point or in the cloud, but also on premise. You should be encrypting your data".
"So we are very strong believers that encryption should be in the hands of our customers and they should be the ones who decide who has access to the data and nobody else", Vogels adds. I suspect that after this whole fiasco Amazon will learn that you cannot say one thing and do another, if it inconveniences you in any way.