Amazon has made a u-turn regarding encryption security protection on its Fire OS.
Just last week, March 4, CBR reported that Amazon was planning to drop disk encryption on its Fire devices and products. The encryption feature scrambles data on the device, allowing data access only if the user enters the correct password.
Amazon reasoned that ‘customers weren’t using’ the privacy facility to justify its removal from the mobile operating system.
Amazon said: "In the Autumn when we released Fire OS 5, we removed some enterprise features that we found customers weren’t using. All Fire tablets’ communication with Amazon’s cloud meet our high standards for privacy and security including appropriate use of encryption."
However, at a point in time where encryption is grabbing headlines due to the Apple vs. FBI court battles, Amazon’s removal of the security feature drew criticism from security experts.
Chris Boyd, Malware Intelligence Analyst at Malwarebytes, told CBR: "The removal of this feature says a lot about people in general in terms of their security priorities. We often want to be the most secure that we can, but all too often fail to make use of the tools given to us.
"In some strange way, people’s reticence to engage with this encryption has now made all of those users a little less secure by default. This could actually be a deal breaker for those affected by its removal, and could well prompt a mini exodus away from the Fire. Whether or not this has sufficient impact to make Amazon re-think their strategy remains to be seen."
The impact, evidently, was sufficient enough for a re-think, with Amazon now set to reintroduce encryption security protection to the Fire OS before the end of May.
An Amazon spokesperson told the BBC: "We will return the option for full disk encryption with a Fire OS update coming this spring."
Encryption has been pushed firmly into the mind both consumer and business, resulting not only from the ongoing Apple vs. FBI encryption debate, but also from the Government’s Investigatory Powers Bill.
The Bill has drawn the ire of the security community for the proposed creation of encryption backdoors – a move which many argues would undermine not just security, but the privacy rights of UK citizens. The IP Bill and Apple’s fight with the FBI are both yet to reach a conclusion, with the encryption debate showing no signs of abating. Kaspersky’s David Emm said:
"There is and always has been an inherent tension between privacy and security. This isn’t going to disappear; and although the weight may shift between the two, depending on the geo-political situation and security context at any given time, the key issue for society is to try and balance the two. Encryption is vital to the security of online transactions, and is a key tool of personal and corporate security. For this reason, it is dangerous to undermine it."
This article is from the CBROnline archive: some formatting and images may not be present.