Cloud data storehouse and synchronizing company Dropbox has been hit with acomplaintto the U.S. Federal Trade Commission alleging that the company has deceived consumer about the level of encryption protection it offers .
In a letter send to the FTC , University of Indiana Ph.D. and security researcherChristopher Soghoianclaimed that while Dropbox encrypted every data file it salt away , this could be overthrow by employees , undermining the caller ’s security credibility .
Not only did this blueprint decrease unretentive of “ diligence good practice ” , write Soghoian , it also represented a serious security measure risk that the company was not being upfront about .
“ Dropbox has and continues to make deceptive affirmation to consumer regarding the extent to which it protect and encrypts their data , ” Soghoian wrote . “ Dropbox ’s customer face an increased peril of data breach and identity stealing because their data is not encrypt . ”
In Sioghan ’s view , Dropbox has deceived its exploiter , infringe Section 5 of the Federal Trade Commission Act .
Trouble start for Dropbox over the encryption return some weeks ago with a serial publication of claims made by Soghoian and others about the way the caller was handling datum . peradventure in response , on April 21 Dropbox clarified its terms service to make explicit that it would provide police access to the contents of files posted to its inspection and repair if requested to do so .
“ If we provide your Dropbox files to a law enforcement agency as put forth above , we will remove Dropbox ’s encoding from the file before providing them to practice of law enforcement , ” study the fresh footing .
“ Just so you be intimate , we do n’t get very many of those requests — about one a calendar month over the past yr for our more than 25 million users . That ’s few than one in a million account , ” the caller allege in a subsequentblog military post .
For users such as Soghoian , this renders the use of encryption moot . If the file is secure while it is write in code , but that encoding can be removed at any sentence , in what sense is the Indian file secure at all ?
The core of the Dropbox controversy is that because it encrypts users ’ Indian file , it needs stores the keys used to provide that surety . In storing those keystone , it has the potentiality to decrypt files . One result — recommended by Dropbox — is for substance abuser to encrypt filing cabinet before uploading them but this come at a price . Users can contemporise file cabinet between desktop PC and smartphones , for case , but no longer open them without loading a dedicated utility which might or might not be uncommitted on that twist .
The Dropbox reply to this is that the service is not intended as a fully - unafraid file repository , merely as a service that is more secure than conventional ways of carry around data such as on unencrypted USB sticks .
“ We ’ve focused on serve users avert the most unwashed threats : not having current computer backup , not have any backups at all , accidentally deleting or overwrite files , mislay USB drives with sensitive information , leave files on the wrong computer , etc , ” say Dropbox in the web log post .
Dropbox responded to Soghoian ’s FTC missive . “ We believe this complaint [ Soghoian ’s ] is without merit , and call down issues that were addressed in our blog post on April 21 , 2011 . Millions of people depend on our overhaul every day and we work hard to keep their data safe , secure , and private , ” tell Dropbox spokeswoman Julie Supan in a instruction .
MIT students Drew Houston and Arash Ferdowsi founded Dropbox in 2007 to come up with an alternative to due east - get off files to themselves so that they could make on them from more than one figurer . Now with 25 million users worldwide , the company ’s spare service allows users to store up to 2 GB of documents , icon and videos centrally , automatically synchronizing these to every machine on which the user loads the company ’s client software system .
