Dropbox defends business model and says use encryption if you want to stay private

As we reported last week, in a Moscow interview with top Guardian journalists Edward Snowden singled out ‘zero knowledge’ cloud storage provider SpiderOak as a secure alternative to Dropbox, which he described in the most disparaging terms,

Dropbox is a targeted wannabe PRISM partner… They just put Condoleezza Rice on their board, who is probably the most anti-privacy official you can imagine, so they are very hostile to privacy.

Mr Snowden was referring to US secretary of state Dr Condoleezza Rice’s appointment to Dropbox’s board of directors in April this year, which sparked a storm of protest among privacy campaigners,

Given everything we now know about the US’s warrantless surveillance program, and Rice’s role in it, why on earth would we want someone like her involved with Dropbox, an organisation we are trusting with our most important business and personal data? Condoleezza Rice should not be on the Board of Directors of Dropbox and her selection shows that Drew Houston and the senior management at Dropbox are ethically short-sighted.

When cornered by The Inquirer at the launch of its UK operation last Wednesday, head of Product at Dropbox for Business, Ilya Fushman, argued that Dropbox does care about privacy,

You have to understand that we are all users of Dropbox. I store my own most personal information on Dropbox, down to a scan of my social security card. Dropbox, as a company, even works on Dropbox, so security and privacy are very much top of line for us.

Fushman did however admit that if customers are very concerned about privacy then they should encrypt their data themselves before uploading it to Dropbox (something we have always argued for, although TrueCrypt is now no longer a good encryption option),

We have data encrypted on our servers. We think of encryption beyond that as a users choice. If you look at our third-party developer ecosystem you’ll find many client-side encryption apps.

He also explained that that in order for Dropbox to provide the kinds of functionality demanded by its customers, client-side encryption is impractical,

It’s hard to do things like rich document rendering if they’re client-side encrypted. Search is also difficult, we can’t index the content of files. Finally, we need users to understand that if they use client-side encryption and lose the password, we can’t then help them recover those files.

Despite its many critics, Dropbox received top marks in the EFF’s ‘Who has your back? 2014’ report, although, much as we love and usually trust the EFF, since Google and Facebook also received top marks, we are highly skeptical of the EFF’s findings.

Douglas Crawford I am a freelance writer, technology enthusiast, and lover of life who enjoys spinning words and sharing knowledge for a living. Find me on Google+

Related Coverage

Leave a Reply

Your email address will not be published. Required fields are marked *