If you don’t know Dropbox you should. Its a wonderful service for sharing files between multiple people and machines. Its like magic, frankly. Most Web developers and designers I know use it. Why FTP when you can Dropbox? It spans native and the cloud beautifully- so a folder on your desktop is perfectly synchronised with a cloud back end. A few years back I coined the term Synchronised Web – because sync is so crucial in a world where we use multiple services and clients. Dropbox delivers it.
Anyway this morning came news Dropbox had changed its terms of service, making it clear that it would comply with US government requests for information, without requiring a warrant.
I would prefer Dropbox required a warrant but I understand business pressure, certainly in the Wikileaks world.
Anyway, I was quoted extensively in CloudPro magazine on the issue, and this is what I said:
While neither a surprise, nor unusual, it is still disappointing. To be frank Dropbox has little choice, given I understand it runs on Amazon Web Services, which would give up the data if asked anyway. Most US web companies would rather comply than argue with the Feds. When Amazon turned off wikileaks the issue got a lot of attention. Twitter has been a good citizen in this regard- at least it asks for subpoenas, and it seems dropbox is following them. I do believe there is a disconnect in terms of promising security.
Dropbox’ decision won’t hurt it with small or independent companies so much as big ones. Thus for example an IBM employee certainly shouldn’t use dropbox to hold IBM-related information. Corporations prefer to make their own arrangements with legal jurisdictions. Of course small agencies, a key dropbox client base, may find their clients have issues with use of the software.
I am disappointed but I still love Dropbox. It’s a truly great service. This just seems to be the way the wind is blowing at the moment.
update: As I should have said when I posted this earlier, the onus is on the user now to encrypt their own files for extra confidence. There is a great article here about encryption vs deduplication, a core part of how cropbox works, explaining some trade offs and implications. You should read it.
update 2: I got a tweeted pointer from @danielchow77 that another service called JungleDisk allows the user to define their own encryption key. Some googling and it appears Mozy from EMC is the same. But then neither actually do what Dropbox does. Magic or security- your choice.
How to Keep Dropbox Employees’ Hands Off Your Data | Tech News Ninja says:
April 21, 2011 at 12:26 am
[…] over user data to the feds if requested – as RedMonk co-founder and analyst James Governor points out, the company doesn’t have much choice: “given I understand it runs on Amazon Web […]
How to Keep Dropbox Employees' Hands Off Your Data - ReadWriteCloud says:
April 21, 2011 at 12:29 am
[…] to hand over user data to the feds if requested – as RedMonk co-founder and analyst James Governor points out, the company doesn't have much choice: "given I understand it runs on Amazon Web Services, which […]
Dropbox responds to privacy outrage | Apple Online says:
April 21, 2011 at 7:02 pm
[…] also engaging to note that given Dropbox runs on Amazon’s cloud your files could always have been commandeered by a ask to a Big A instead, that kind of neuters a Dropbox TOS […]
michaelhenley says:
May 15, 2011 at 10:24 pm
I would disagree on the AWS point. As I see it, either way DB are encrypting our data whilst they store it. Therefore if AWS were to give it to law enforcement it would still be useless to them without Dropbox’s compliance in giving up the encryption key.
James Governor says:
May 18, 2011 at 9:32 am
@michaelhenley point on encryption.
How to Keep Dropbox Employees’ Hands Off Your Data | JetLib News says:
June 16, 2011 at 7:36 pm
[…] over user data to the feds if requested – as RedMonk co-founder and analyst James Governor points out, the company doesn’t have much choice: “given I understand it runs on Amazon Web […]