Dropbox Issue Increases Questions About Cloud Security

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

When I was first told about Dropbox, I couldn't sign up for an account quick enough. I work between three computers and it isn't uncommon for me to start writing an article on one computer and finish it up on another. Being able to access these works in progress from any computer has been incredibly helpful.


So when I heard about the Dropbox security issues, I was disheartened but not necessarily surprised. It's yet another story among the growing number of cloud security failure stories.


The Dropbox problem was that users were deceived about security and encryption services, according to an FTC complaint. Wired reported:

The FTC complaint charges Dropbox (.pdf) with telling users that their files were totally encrypted and even Dropbox employees could not see the contents of the file. Ph.D. student Christopher Soghoian published data last month showing that Dropbox could indeed see the contents of files, putting users at risk of government searches, rogue Dropbox employees, and even companies trying to bring mass copyright-infringement suits.

The articles I've been reading on the topic have focused on the government having access to your files. In fact, a ZDNet article advises that if you have information you don't want the government to see, don't put it in Dropbox.


Dropbox has responded, saying its terms of service are no different from companies like Google, Skype, Twitter or others. A PCWorld article stated:

Dropbox also stresses that customer data is not just handed over to law enforcement at the drop of a hat. First, there is only an average of one such request per month - out of 25 million customers. Second, Dropbox has a stringent vetting process to ensure that any such data request is legally sound, and in the event that a request doesn't stand up to legal scrutiny Dropbox will stand up for the rights of the customer and protect the data.