April 21, 2011, 1:35 PM — In the wake of recent changes to the wording of its terms of service, cloud-storage service Dropbox has come under fire for claims it made about exactly who has access to your files. On Thursday, Dropbox took to its blog and attempted to clarify details about its security and privacy practices.
Concerns first arose after Dropbox recently reworded the section of its terms of service about compliance with law enforcement. According to Dropbox, that change was made to narrow the scope of that section, and to specify the situations in which the company might reveal information about its users. It's worth noting, as the company does, that this clause isn't unique to Dropbox: Google, Skype, Twitter, and Apple all have terms of service that say they are required to comply with government investigations if requested.
However, as the new terms clearly say that Dropbox will give law enforcement access to users' files stored in Dropbox when legally required to do so, there's a question of exactly who has access to those files.
Prior to Thursday, the features page on Dropbox's Website contained the pretty straightforward claims that "All files stored on Dropbox are encrypted (AES-256)" and "Dropbox employees are unable to view user files [emphasis added]."That sentiment is reinforced by a Dropbox help center document, which states that both "Nobody can see your private files in Dropbox unless you deliberately invite them or put them in your Public folder" and "Dropbox employees aren't able to access user files, and when troubleshooting an account they only have access to file metadata (filenames, file sizes, etc., not the file contents)."
Those claims suggest that technological factors prevent Dropbox employees from accessing user files. However, that would seem to conflict with Dropbox's statement that it will provide access to files for law enforcement--after all, what good are files that can't be viewed?
In a statement provided to Macworld, Dropbox Chief Technology Officer Arash Ferdowsi, said the claim that Dropbox employees couldn't access files "is not an intentionally misleading statement--it is enforced by technical access controls on our backend storage infrastructure as well as strict policy prohibitions. The contents of a file will never be accessed by a Dropbox employee without the user's permission."