Dropbox CTO on their security policy

By at 1:34 am Monday, Apr 25

Arash Ferdowsi, CTO of Dropbox, wrote to me to clarify Dropbox's present and historical privacy policy:
first, I'd like to clarify what our intent was in how we represented privacy in our TOS. in our help article we stated "Dropbox employees aren't able to access user files" we didn't intend to mislead anybody with this statement - we prevent this via access controls on our backend as well as strict policy prohibitions. we don't feel this statement implies anything about who holds the encryption keys or what mechanisms prevent access to the data.

that said, it's become very clear to us that the statement wasn't explicit enough about what the barriers to access are. consequently, we've updated our help article and security overview to be explicit about this.

secondly, I'd like to clarify that we've never stated we don't have access to encryption keys. we've made quite a few posts in our public forums over the years about this very fact and we are quite open with our community: 1, 2, 3.

Dropbox's new security policy implies that they lied about privacy from the start

Read more 

Cory Doctorow

Upcoming appearances

* Mar 9, Washington DC, IAPP Global Privacy Summit
* Mar 22, London, The Economist Technology Frontiers
* Mar 24, London, ORGCon

Recent books:
* Context (essays)
* With a Little Help (short stories)
* For the Win (YA novel)
* Makers (adult novel)

Where not otherwise specified, this work is licensed under a Creative Commons License permitting non-commercial sharing with attribution. Boing Boing is a trademark of Happy Mutants LLC in the United States and other countries.