Home How to Keep Dropbox Employees’ Hands Off Your Data

How to Keep Dropbox Employees’ Hands Off Your Data

Yesterday Dropbox, the popular file storage Web application that enables users to easily sync a folder from their local computer with the the cloud, made a small change to its terms of service. Dropbox made it clear that it would decrypt and hand-over files if the U.S. government requested it.

The issue is not so much that Dropbox is willing to hand over user data to the feds if requested – as RedMonk co-founder and analyst James Governor points out, the company doesn’t have much choice: “given I understand it runs on Amazon Web Services, which would give up the data if asked anyway.”

The real issue, it seems, is that Dropbox has the ability to snoop on your encrypted files at all.

Other Web-based backup services, such as JungleDisk (owned by Rackspace) and Mozy (owned by EMC and managed by VMware) give customers control over their encryption keys. That means that employees working on these services won’t be able to snoop on customers’ files, or turn it over to any government body.

But as Governor points out, these services don’t do what Dropbox does. I use JungleDisk to backup my local files to the cloud. I use Dropbox to make it easy for me to access a smaller set of files on any device I happen to be using – my laptop, my Android phone or someone else’s computer.

There’s still the option for users to encrypt their files themselves using a tool like Truecrypt before putting them in their Dropbox folders. You can learn how to do this here. But it seems this creates an opportunity for a competitor – like Box or Syncplicity – to offer and advertise simple encryption that the companies can’t access.

For some background reading on why Dropbox has the ability to decrypt users’ files, see this article by Christopher Soghoian.

For an enterprise look at the same issue – storing encrypted files in the cloud – see our article 5 Resources for Migrating to the Cloud Securely.

Small businesses will want to take a look at our article How to Keep Company Data Safe on Employees’ Personal Devices.

Update: Dropbox has issued the following statement in response:

Every Dropbox employee understands that the most important value of the company is maintaining users’ trust. Employees are prohibited by company policy from accessing users’ files and there are technical access controls to prohibit unauthorized access by employees. As with almost every other online company, there are a limited number of employees who may access user data when legally required to do so, and to help troubleshoot users’ accounts with their consent.
Let me know if you have any questions and thanks for considered Dropbox’s side of the story!

I didn’t mean to imply that Dropbox employees were allowed to snoop through your files willy nilly. I never doubted whether Dropbox had explicit policies regarding who could access customers’ files, or that it only a very small number of people had the technical capability to do so. But having anyone able to decrypt your files and hand them over to anyone, legal order or not, is a problem here.

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.