Traditional hard drives have their advantages. With a traditional hard drive, you own it and it’s your responsibility to maintain it. If you loose it or it falls into the wrong hands, that’s it. However, that also means that you have a much lower risk of your data being passed on or being compromised virtually. The cloud offers it’s own advantages too. You can access your data anywhere and the recent announcements of the retail launch of Google’s Chromebooks are just a testament to this. You can login to any Chromebook and instantly have your data available.
Dropbox is perhaps the biggest and most popular web app for data storage in the cloud, however, it’s recently been facing some security issues for it’s users. In a letter to the FTC, University of Indiana research Christopher Soghoian claimed that while Dropbox encrypted their files, the policy could be reversed by employees, reports PC World. It’s Soghoian’s view that Dropbox have been deceiving in the level of encryption offered.
"Your stuff is safe" says Dropbox.
What’s the Problem?
The main issue right now, in Soghoian’s view, is that Dropbox’s employees reserve the right to remove encryption under certain circumstances. Basically, what’s the point of having encryption at all if someone maintains the power to remove it at their discretion.
This is interesting since Dropbox clearly claims that all transmission of your data is done so encrypted but it’s not all that reassuring when their is still a power that can easily revert this.
Dropbox’s Response
Dropbox has clarified it’s stance on this policy by reassuring customers that it will allow law enforcement agencies access to data upon their request which presumably accounts for the reservation of the right to remove encryption. However, they have reassured users that these requests are not common.
Just so you know, we don’t get very many of those requests — about one a month over the past year for our more than 25 million users. That’s fewer than one in a million accounts.
However, if the Dropbox employees still have access, what then? On their blog post, Dropbox make clear that while employees reserve access for legal purposes, they are prohibited from doing so except in “rare circumstances” and employ both physical and electronic measures to fulfil this promise. Hopefully this reassurance can make you feel a little safer with using Dropbox if you didn’t before.
They have refined some of their policies to make it clearer although i’m glad I read the second half of this point!
Dropbox may sell, transfer or otherwise share some or all of its assets, including your Personal Information, [wow!] in connection with a merger, acquisition, reorganization or sale of assets or in the event of bankruptcy [oh, phew!].
Dropbox have apparently updated their privacy policies.
Should you be Scared?
Probably not. It’s clear that Dropbox is stressing that they need to decrypt data in order to deliver it to you but mainly to comply with legal obligations. The cloud has some way to go before it’s entirely secure especially because there are no physical barriers like their are on local storage. It’s important to remember that this isn’t your safe in the sky. Dropbox is just a way of storing files and your world domination plan doesn’t necessarily have a home on the service.
I can’t say for certain how this will dent Dropbox’s reputation but I doubt it will be too harsh. Dropbox is still secure and my minimalist use of the service won’t be haulted. In reality and in light of recent events, we can’t say our data is safe with anyone so it’s a risk you take when you come to the cloud.
What do you think? Let us know in the comments!