Researcher Questions Dropbox Security in FTC Complaint

Kara Reeder

According to InformationWeek, University of Indiana Ph.D. and security researcher Christopher Soghoian has filed a complaint with the Federal Trade Commission, claiming that the Dropbox file-sharing service has been misleading users about the security and privacy of their files. Techworld.com quotes the letter Soghoian sent to the FTC:

Dropbox has and continues to make deceptive statements to consumers regarding the extent to which it protects and encrypts their data ... Dropbox's customers face an increased risk of data breach and identity theft because their data is not encrypted.

InformationWeek explains the particulars:

Dropbox ... uses file deduplication when files are first uploaded. As a result, when a user uploads a file, the Dropbox site first studies the file to see if it's been uploaded by a different user. If so, Dropbox just links to the previously uploaded file.

Soghoian takes issue with the deduplication process, saying it makes it easy for outsiders to know what's on Dropbox's servers, since the website examines a file to see if it's seen it before. Second, Soghoian questions Dropbox's use of a single encryption key for all stored user data. The problem with that, explains PCPro, is that employees have access to the keys allowing them to access users' data - despite the site previously claiming otherwise. In his complaint, Soghoian urges Dropbox to forgo data deduplication and assign each user their own strong encryption key.

 

For its part, Dropbox says the complaint is without merit.



Add Comment      Leave a comment on this blog post

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


 

Resource centers

Business Intelligence

Business performance information for strategic and operational decision-making

SOA

SOA uses interoperable services grouped around business processes to ease data integration

Data Warehousing

Data warehousing helps companies make sense of their operational data