There have been some ‘chicken little-like’ scares percolating through the net in the last week. First there was the AMAZING and INTRUSIVE information about the iPhone and the fact that or many of the services Apple provides, it does need (anonymous) ability to track cell towers used.
There are some reasonable questions as to why this is stored (versus purging this cache), but that is a side point. Interestingly enough it looks as if Android phones may be culprits at least as large…
So, with some blood in the water, DropBox seems to have been the next recipient of uproar by the obsessive and marginally technical parts of the online techno press (sic).
DropBox updated its terms of service to cover the fact that as with any legal business in the USA, it needs to be able to respond to court orders which might compel them to surrender information which they are storing… If you consider some of the perspectives given on this topic by various online pundits with an axe to grind on this topic you would think that this was Pearl Harbor…or Armageddon…the hyperbole seems to grow pretty quickly…it being the internet and all…
How to Keep Dropbox Employees’ Hands off Your Data
http://www.readwriteweb.com/cloud/2011/04/how-to-keep-dropbox-employees.php
Yesterday Dropbox, the popular file storage Web application that enables users to easily sync a folder from their local computer with the cloud, made a small change to its terms of service. Dropbox made it clear that it would decrypt and hand-over files if the U.S. government requested it.
The issue is not so much that Dropbox is willing to hand over user data to the feds if requested – as RedMonk co-founder and analyst James Governor points out, the company doesn’t have much choice: "given I understand it runs on Amazon Web Services, which would give up the data if asked anyway."
Dropbox under fire for security concerns
http://www.tuaw.com/2011/04/19/dropbox-under-fire-for-security-concerns
Perhaps not…earlier today, Miguel de Icaza, a prominent Open Source programmer who founded the GNOME and Mono projects, wrote a blog post pointing out a curious inconsistency between this stance and Dropbox’s advertising. He linked to this page on the Dropbox FAQ which says, amongst other bold promises, that "all files stored on Dropbox servers are encrypted (AES-256)" and "Dropbox employees aren’t able to access user files, and when troubleshooting an account they only have access to file metadata (filenames, file sizes, etc., not the file contents)."
As de Icaza points out, there are no details beyond these high-level statements about exactly how Dropbox carries out its data encryption. AES-256 is a very secure encryption scheme which basically makes it impossible to hack into the encrypted files without the decryption key. Dropbox’s FAQ copy makes it sound like its employees don’t have access to this key — as though it’s generated from your Dropbox password, perhaps. That’s certainly what I took away from the Dropbox FAQ.
Dropbox’s Privacy Policy Is OK (Just Proceed Carefully)
http://news.idg.no/cw/art.cfm?id=8430B8A2-1A64-67EA-E44A899B855463FA
Changes that Dropbox has made to its terms of service have caused somewhat of an uproar in the blogsphere this week after Dropbox said it will decrypt users’ data when needed and share it with law enforcement authorities.
But as far as cloud storage services go, Dropbox’s data-sharing policy is really standard, in that it complies with laws and mandates in the United States. But I would still not recommend using the service to upload anything that you would not otherwise be prepared to share with the rest of the world.
Think about it like this: Any firm storing property as part of a commercial service it offers–whether the property is stored in a safety deposit box in a bank or electronically on a cloud server–must comply with court orders, warrants, and the like–unless it wants to operate an illegal business, but that is something else. Dropbox, SugarSync, Google, and any other U.S.-based cloud storage provider must abide by laws and mandates there to remain legally compliant.
However, you can still prevent Dropbox from sharing your data with legal authorities. You can do this by encrypting files before uploading them to Dropbox’s servers, so it won’t have the keys to your data. Dropbox even comes out and states, "However, Dropbox will not be able to decrypt any files that you encrypted prior to storing them on Dropbox."
