Not in my house: Amazon's unencrypted devices a sitting target, cybersecurity experts say

Amazon's decision to leave Fire tablet customers' data out in the open is a bad idea, no matter the reason.

Laura Hautala Former Senior Writer

Laura wrote about e-commerce and Amazon, and she occasionally covered cool science topics. Previously, she broke down cybersecurity and privacy issues for CNET readers. Laura is based in Tacoma, Washington, and was into sourdough before the pandemic.

Expertise E-commerce, Amazon, earned wage access, online marketplaces, direct to consumer, unions, labor and employment, supply chain, cybersecurity, privacy, stalkerware, hacking. Credentials

2022 Eddie Award for a single article in consumer technology

See full bio

Laura Hautala

March 3, 2016 6:30 p.m. PT

2 min read

Updates to the software behind the Amazon Fire don't support encryption of the tablet. Cybersecurity experts say that's a terrible move.
James Martin/CNET

There's a ruckus in the tech world over encrypting mobile devices. No, it's not about Apple's battle to protect user data. This time, it's Amazon's decision not to.

The news landed like a record scratch Thursday, when security industry heavyweights gathered at the RSA conference in San Francisco heard Amazon plans to stop protecting the data customers store on its tablets and other devices with a technology called encryption.

The change might have merely brought about head scratching and odd looks any other day, but the past couple of weeks, encryption has been front and center as Apple slugs it out with the US government on the front pages of the world's newspapers.

The battle is whether Apple should help the FBI hack into an encrypted phone. Apple says if it's forced to help the FBI, the resulting methods will weaken the more than 1 billion iPhones and iPads used around the world.

Watch this: Seriously, Amazon? Fire tablets drop encryption, are less secure

02:53

Simply put, Amazon's choice flies in the face of security fundamentals, experts at the RSA conference said.

James Carder, an executive at cybersecurity LogRhythm, said Amazon just lost a customer, particularly for its newly updated voice controlled device called the Amazon Echo. "I'm not buying it," he said, adding the company's move makes hackers' work far easier.

An Amazon spokeswoman said the company removed some business-oriented features from its devices "that we found customers weren't using." Regardless, "all Fire tablets' communication with Amazon's cloud meet our high standards for privacy and security including appropriate use of encryption." She didn't respond to follow-up questions asking whether any encryption at all is supported by the updated software.

Speaking at the same luncheon as Carder, retired Marine Corps Gen. Peter Pace said a serious national debate over the role and importance of encryption needs to occur. "And," he added, "the Bill of Rights needs to be front and center."

Pace said he learned through his work in the military that not even the US can defend against the most sophisticated hacking tools out there. So, he's not in a hurry to make data more vulnerable.

"My bias is that encryption is the best way to ensure privacy," he said.