Forgot your password?
typodupeerror
Cloud Encryption Privacy Security IT

Dropbox Can't See Your Dat– Er, Never Mind 333

Posted by timothy
from the get-marketing-legal-and-the-engineers-in-here dept.
bizwriter writes "Dropbox, the online backup and file sharing service claims to have hit 25 million users in a single year. But a change in terms, noting that Dropbox will give up data to law enforcement under a legal request, showed that the company's security claims couldn't be possible. It turns out that Dropbox claims in one place that encrypted data makes it impossible for employees to see into user files, but in another says that they're only 'prohibited' from doing so."
This discussion has been archived. No new comments can be posted.

Dropbox Can't See Your Dat– Er, Never Mind

Comments Filter:
  • the love of cloud (Score:5, Insightful)

    by alphatel (1450715) * on Wednesday April 20, 2011 @08:18AM (#35878932)
    Everyday I get a corporate client asking me why they can't just do all their work on the cloud. Here's the perfect reason why.
    • Re: (Score:2, Insightful)

      by danbuter (2019760)
      I agree. The only people really pushing the cloud are the companies who want to supply the servers.
      • But if I put my data in the cloud I can encrypt it to the point where it is next to impossible for anybody else to read it. If dropbox encrypt the data on write and decrypt on read then it is of course trivial for them to decrypt it on demand.

        • I'm curious though, how does the law view their access. I mean, they don't keep copies on their servers, so if I use dropbox to transfer dodgy_file.jpeg to another machine, then after the fact the scary law enforcement peoples make a legal request of dropbox, does dropbox have the file on their server, or do they have to access my machines with the file on it? One of those is Dropbox behaving legally and handing over potential evidence. The other is Dropbox going onto my machine and taking it to hand it
          • by egamma (572162)

            It all depends though, does dropbox keep a copy of every file?

            Dropbox is a cloud storage service, that syncs a folder between your computer(s) and a cloud location. So yes, they do have a copy of every file.

            You could have answered your own question in about a minute.

          • by digitig (1056110)
            Dropbox has to keep a copy somewhere. The file remains available even when the originating machine is turned off.
          • by pmontra (738736)

            They do. They even have undelete.

            They'll probably use a symmetric key cryptography because I don't remember having setup an asymmetric key pair when I subscribed their service.

            I'm not using Dropbox to sync my computers, I'm using it for backups and I encrypt all the data before I move it into the Dropbox folder. I don't even live into their country. So long for their access to my stuff.

            • by MoeDumb (1108389) on Wednesday April 20, 2011 @10:00AM (#35879990)
              That's the ticket. YOU do your own encryption before sending it up to the cloud. Then it doesn't matter what DB does.
              • by RobDude (1123541)

                I So much this. I don't understand why people don't just do this by default.

                It's really easy. You can get software that makes the entire process (essentially) transparent to you as an end user. Drag files into your folder and, bam, auto-encrypted. Long before I heard of any problems with DropBox, I would have bet money that at some time in the future....

                1.) A DropBox employee would access someone's files
                2.) A hacker would find a vulnerability that gives him access to someone's files
                3.) Some malware i

        • by GooberToo (74388)

          That depends on where the encryption and decryption is performed. If its strictly done on the client (rather than their servers), unless they specifically designed a backdoor into the client, its not reasonable to believe they can decrypt it on demand.

      • by Jawnn (445279)

        I agree. The only people really pushing the cloud are the companies who want to supply the servers.

        On the contrary, I push it all the time because it's a great tool... when it's the right tool for the job. If that job involves manipulating and/or storing sensitive data, it's somewhat less so in many cases.

    • Re:the love of cloud (Score:4, Interesting)

      by DrXym (126579) on Wednesday April 20, 2011 @09:01AM (#35879322)

      Everyday I get a corporate client asking me why they can't just do all their work on the cloud. Here's the perfect reason why.

      Well it's not a perfect reason. Many companies traditionally send their backup tapes or their shred bins or boxes of old files to an operator like Iron Mountain to store / destroy them. I expect Iron Mountain would comply with a court order just as readily as a cloud operator. I suppose with cloud operators the jurisdictions are more likely to differ which could be considered an advantage or not depending on why the court order is being served.

      It's certainly an important consideration though. I think in either case if you're paranoid about your data you encrypt it first.

      • by Rob the Bold (788862) on Wednesday April 20, 2011 @10:20AM (#35880228)

        Well it's not a perfect reason. Many companies traditionally send their backup tapes or their shred bins or boxes of old files to an operator like Iron Mountain to store / destroy them. I expect Iron Mountain would comply with a court order just as readily as a cloud operator. I suppose with cloud operators the jurisdictions are more likely to differ which could be considered an advantage or not depending on why the court order is being served.

        I noticed that although you write "court order" here -- and probably a lot of us are making the same assumption -- that phrase is not used in the Dropbox terms quoted in TFA. Instead, it reads "...Dropbox cooperates with United States law enforcement when it receives valid legal process..." It certainly makes you consider that Dropbox -- like other service providers with access to you data -- would give up your files just for a request from the cops, the FBI, etc. without even the limited due process of an actual court order.

    • by Blakey Rat (99501)

      You could just rent a Amazon EC2 instance, attach a cloud drive, and do your own encryption. Amazon couldn't decrypt it if they wanted to.

      Of course they could potentially delete it, so there's still that risk.

  • it just depends on the encryption and all. And wether there is a backdoor or not. They are lying, the question is to whom ?
    • by gkuz (706134) on Wednesday April 20, 2011 @08:28AM (#35878994)
      Of course it can be impossible. Encrypt the data yourself, using a well-known, open-source, trusted and verified program, and keep the keys yourself. Dropbox can't decrypt anything then. Why anyone would trust them in the first place, especially a smart guy like Miguel, is beyond me.
      • Re: (Score:3, Informative)

        by gpuk (712102)

        I think the problem is that if you use a Truecrypt container and back that up to Dropbox, the Dropbox client is not always able to tell if any data has changed as changing the contents of the container does not always change the containers binary size on the disk. This means you can't do an incremental backup and instead have to force a full backup every time you alter what is inside the container, which isn't funny if your container is larger than a few hundred MBs.

        • You do not know how Dropbox works, right?

          Dropbox doesn't just look for the size of a file or the access time.

          • Re: (Score:3, Informative)

            That's the point. It looks for changes in the file. With encryption, the file usually *completely* changes, thus giving Dropbox no choice but to upload/download the whole thing.
            • by Anonymous Coward on Wednesday April 20, 2011 @09:23AM (#35879570)

              With encryption, the file usually *completely* changes, thus giving Dropbox no choice but to upload/download the whole thing.

              I've never used truecrypt, but from what I know, I suspect the chances of the entire encrypted volume changing when you make any change is close to zero. It would kill performance to have to rewrite the entire volume every time. It has to only update portions. So then the possible solution to this would be to treat it like bittorrent does, where it breaks it into chunks and checksums each chunk. When only a small portion of the file changes, it then know which chunks to reupload. Whether or not dropbox can or does operate this way, I have no idea, but in general, it is feasible to implement into a service.

            • Re: (Score:2, Informative)

              by Anonymous Coward

              Not for Truecrypt. In CBC mode it bases the initialization vector off of the hash of the file block address so only a single 4k block needs to get uploaded.

            • by Sun (104778)

              Depends on the encryption method you use

              <shameless_plug>rsyncrypto [lingnu.com]</shameless_plug>

              Shachar

        • by gpuk (712102)

          Looks like things have moved on since I last tried Dropbox with Truecrypt:

          http://forums.dropbox.com/topic.php?id=14332 [dropbox.com]

          It does appear to be possible providing you tell Truecrypt not to preserve file modification timestamps

        • by TheRaven64 (641858) on Wednesday April 20, 2011 @09:07AM (#35879404) Journal
          This is the point of tarsnap [tarsnap.com]. Open source client, you can verify it and the encryption that it uses. It encrypts everything before uploading and can't be decrypted on the server without access to a key that's only stored in the client.
          • by gpuk (712102)

            Looks interesting. Similar to my setup which is rsync.net + duplicity

        • by DarkOx (621550)

          Why would they use the size of the file to determine if its changed, there are these things called hashes or checksums which would be a reliable way to verify the blob has been modified. If they wanted to be really lazy they could just look at the mtime on the container file too. If they are using file size to detect when data has changed, then I would not consider letting any of my data near them for reasons having nothing to do with privacy.

        • Truecrypt definitely rocks, but its the wrong way to encrypt things if you need to be incrementally backed up in the encrypted state. Besides that, having a volume oriented encryption methodology may not keep secrets from hackers while that volume is mounted on the system, so a session oriented encryption methodology may be better to keep things sealed when not in use.
          .

          For all the above reasons I use encfs because it is only mounted when I choose, for just my eyes, and is easily backed up on a file by f

    • http://www.washingtonpost.com/wp-dyn/content/article/2007/03/22/AR2007032201882.html [washingtonpost.com]

      Does that story give you the creeps or not?

      So the government can make you rat on your clients and you can't even tell your own people your doing the work of the government

    • by gfilion (80497)
      Well, files put in DropBox are available on their website; it's pretty obvious that they can decrypt them. The encryption part is about the SSL connection between my client and the dropbox server, me thinks.
      • by rochberg (1444791)

        Exactly! When I read the blog post, my first thought was, "Just another troll blogwhoring for attention on Slashdot." So I was a little surprised when I saw the author's name [wikipedia.org] at the bottom. I use Dropbox for presentations that I give, so I don't have to mess with hooking up my laptop. I just use the public terminal, log in to Dropbox and download the file. I've never had to transfer a key or anything. Thus, it's pretty obvious that anybody with access to my account can access my files in plaintext.

        Cry

    • by blueg3 (192743) on Wednesday April 20, 2011 @10:40AM (#35880520)

      They're not lying, they're just being careful with their words and people can't read.

      It should be obvious to any technically-minded person that they hold any encryption keys, since when you install Dropbox on a second computer, you don't need to provide a key in order for it to be successful.

      So their claims are that they encrypt data in transit, encrypt data at rest, and that employees can't access the content of files. There's no claim that it's impossible for any employee to access the content of files because they're encrypted with a key Dropbox doesn't hold, which is what people seem to be imagining. It's simply saying that employees won't snoop on your files because in the normal course of business, they are not provided access with the contents of those files.

      As far as providing the files to law enforcement upon a legally-valid request, they don't really have a choice in the matter, as they're a US company. For any company that exists primarily in country X, it is almost certain that there is a relatively easy procedure for law enforcement agents of country X to obtain any data about you that the company holds. If the country happens to be, say, Lithuania, and you don't travel to or do business in Lithuania, you probably don't care, but it's still true. The only way to prevent this is to make it so that the company is not holding any useful data of yours that they are able to access. In the case of Dropbox, you need to encrypt your files before they get to Dropbox.

      Incidentally, if you have data that you don't want law enforcement to be able to obtain, you should be encrypting it even when it's stored locally. A search warrant for your computer is not really all that much harder to obtain.

  • This is a common question, which I'm sure has come up in legal battles. When you upload data to someone else's server, does the data belong to you or does it belong to the person/company that actually owns the hardware? I'm sure for law enforcement folks, they want it both ways.

    Consider if the data service in question is raided because an employee had child pornography. They raid the company because he employee used hardware to hid his stash. Now everyone's data is available for search.

    IANAL but it seem

    • by Spad (470073) <slashdot@@@spad...co...uk> on Wednesday April 20, 2011 @08:25AM (#35878970) Homepage

      When you put you belongings in a safety deposit box, do they belong to you or to the person/company that actually owns the safety deposit box?

      • by gcnaddict (841664)
        When you send a physical note through a fax machine and tell the person on the other end of the line to hold onto it, does it belong to you or to the person/company that actually owns the safety deposit box?

        It could be argued that while the concept you submitted to the person/company is yours, it's using that entity's toner, paper, etc. and that if he's asked for that specific sheet of paper, it's up to him what he does with it.
        • by Spad (470073)

          it's using that entity's toner, paper, etc

          As opposed to using their box/vault/building/security systems/staff/etc?

          Ultimately, of course, it depends on the terms you agreed to when you arranged to use the service (subject to irrevocable rights and so forth).

      • I think items would always belong to you. If the bank goes tits up you'll need to apply to get you stuff back from the receivers. If the police want to open the box to have a look, they will. Under the Patriot Act in the US I don't think they give a toss any more. I'm not too sure about uk law. I'd expect the police to get the VAT man in. He'd seize what he wants, then break out the angle grinder and have at it. If you didn't pay the VAT on the child porn you're fucked. I'm sure the child porn charge will s
  • Hmmm... (Score:2, Insightful)

    by boarder8925 (714555)
    From Dropbox's new terms of service:

    As set forth in our privacy policy, and in compliance with United States law, Dropbox cooperates with United States law enforcement when it receives valid legal process, which may require Dropbox to provide the contents of your private Dropbox. In these cases, Dropbox will remove Dropboxâ(TM)s encryption from the files before providing them to law enforcement.

    How does Dropbox define "valid legal process"? Do they mean something like, I don't know, receiving an actual

    • Well, my guess is that it'd be a bit of both. Dropbox is a business, albeit one that gives away the first tier of their service. My expectation is that if a cop showed up and said 'pretty please' regarding a user on their free plan, they'd most likely oblige. There's nothing in it for them if they argue the cop on the customer's behalf, but I'm certain the officer, if determined, could make Dropbox's life miserable, spin it to the press, tip off the BSA to cause a software audit, etc. etc.

      By contrast, if th

    • by abulafia (7826)

      How does Dropbox define "valid legal process"?

      Well, you'd have to ask Dropbox about their definitions. And I am not a lawyer. But in terms of various things to answer your questions, you might want to read up on National Security Letters [wikipedia.org], which allow demands for metadata pretty much on nothing more than the FBI thinking they want to see it. (Yeah, I know that's not what the law says, but read up on how NSLs have actually been used.) Of course, metadata in this context doesn't require decrypting the documents - it likely is going to refer to file names,

  • Wuala [wuala.com] uses end-to-end encryption, ie. the data is encrypted and decrypted on the client. The employees can't access your data since they don't have the encryption key. This means you lose your data if you lose the key. It also means you can't access all your data in a convenient web interface -- though you can mark individual folders as being shared on the web (which obviously means trusting the server operators with the encryption key for that folder). I think it's a much more trustworthy model than Dropbo

  • by geekmux (1040042) on Wednesday April 20, 2011 @08:41AM (#35879094)

    ....AFAIK, Dropbox has full support for Truecrypt volumes. Simple solution to this delimma? Take the encryption "problem" away from Dropbox and use your own.

    • by s7uar7 (746699)
      Unless Dropbox does block-level tracking you would end up re-uploading the entire encrypted volume every time you modified a file inside it.
  • Uh oh... I keep my 4chan folder on Dropbox. Better go delete some things...
  • They Lied (Score:4, Insightful)

    by jarich (733129) on Wednesday April 20, 2011 @08:46AM (#35879148) Homepage Journal
    The old policy said our files were encrypted with mil-spec encryption, etc etc. Now they're telling us they'll turn our files over if asked.

    Dropbox lied. No two ways about it. But this why you never store anything sensitive in "the cloud" anyway.

    • by Anonymous Coward

      To be fair, from the very start, to anyone who cared to ask, they said that:
      1. The files were encrypted and stored on Amazon servers
      and
      2. They had the keys

      Of course they said they wouldn't use the keys to decrypt your data without your permission, and of course if the government asks them to they will because they don't like federal-pound-me-in-the-ass jail.

  • by antifoidulus (807088) on Wednesday April 20, 2011 @08:46AM (#35879150) Homepage Journal
    Is this really dropbox or Amazon that is behind this policy? While people rant and rave about dropbox, in the end it's really just a fancy front end onto Amazon's S3 service. Your data is actually stored on Amazon's servers and my guess is that it's ultimately Amazon that dictates policies such as this.
  • by Blade (1720) on Wednesday April 20, 2011 @08:47AM (#35879168) Homepage

    Maybe it comes from working in IT, but I always assume that if someone else is holding my data, they can access it. It doesn't interest me what they say - that's my basic starting assumption. So I always assumed that Dropbox could get to my data, and if I cared about the privacy of that data I just encrypted the files myself first.

    It's my data, I'm in control of it. Giving it up to someone else and hoping they keep it safe is silly.

    I'm surprised so many people are surprised (and I wonder if the people are are surprised haven't been in IT long?)

  • This is simple. If you use a service like dropbox, simply house an encrypted "disk" on the site. You can put anything you want in it, but dropbox doesn't have the key. Sure, if you put a naked file up there, and they encrypt it for you, *they* have the key. If you're that worried about your files, it's probably not a good place for them.
  • by Thumper_SVX (239525) on Wednesday April 20, 2011 @08:52AM (#35879220) Homepage

    Seriously, is anyone really surprised by this? I use DropBox, and not once have I considered that my data in DropBox is completely private. Sure, I use it for transferring some documents that are potentially sensitive (a lot of documentation on a lawsuit I'm involved in for example) but where there's sensitive data I always encrypt the documents myself with TrueCrypt.

    This is precisely why I think the "cloud" is a bad idea for corporations. Until there are guarantees and safeguards against data theft or loss there is no way that I would entrust my company's critical data to a third party provider. Yes, the costs of managing that data myself are higher but the risk of that data getting out of our control and management is greatly mitigated.

    And what about a data breach? Loss of data due to crackers? Seriously... all it's going to take is for one of these cloud providers to become big enough that the majority of corporations using their services are completely without options when a breach occurs. The big provider can simply turn around and say "Well, crap happens but who else are you going to turn to?" and there's nothing the average corporation can do about it. There may be financial guarantees in place, but simply put the cat is already out of the bag at that point.

  • by joh (27088)

    valuable/confidential data on servers you don't personally fully control, you're deserving whatever you get.

    And by this I don't mean you shouldn't use things like DropBox. DropBox is great and cheap and easy to use for what it does. Just don't use it for things you don't want to get into the wrong hands or at least encrypt your data beforehand. What's so hard to understand here? And this of course is not limited to DropBox. If you have a rented server out there it may be "yours" but what do you think will t

  • Seems like in the past few days I've seen fewer and fewer posts modded up or down.

    • In the last three months or so I have been getting at least five points per week. But I do think that the new software shows moderations differently so maybe you aren't as aware of moderation going on.

  • Dropbox, like any and every other internet entity, is subject to the laws of their land, and therefore must provide data when requested by valid court order. As for Dropbox having access to my data, again, this is not a surprise considering my first point.

    Personally, the utility of Dropbox is worth the risk. However, it is incumbent on me to be careful what data I put on Dropbox, and in what format. When I put sensitive data on Dropbox, it has been encrypted. Since I am sharing files on multiple compute

  • just encrypt the file *prior* to uploading it... problem solved

  • by SgtPepper (5548) on Wednesday April 20, 2011 @09:30AM (#35879628)

    Read the EULA.

  • by A nonymous Coward (7548) on Wednesday April 20, 2011 @09:32AM (#35879648)

    I have a dropbox account and don't remember seeing that section where they claimed they couldn't read my files. I'm certain I read it, but I never would have believed it to mean they were truly unable to read my files -- if they encrypted them before storing them, they'd have to be able to decrypt them to send them back to me, or to track changes. Did someone actually think they had an irreversible encryption process which could somehow be reversed by the magic between them and me? A one time pad which somehow evaporated while sending files back to me? It might be reasonable to think they have some sort of access controls so ordinary people there can't browser customer data, but I never would have put any ironclad faith in such policies. That's wy it was common knowledge, near as I could tell, all round the web that you needed to encrypt backups and such yourself before sending them to dropbox.

    I don't understand why anyone would expect otherwise. This is a tempest in a teapot.

  • by Lumpy (12016)

    Anyone that has done any of their challenges knew this. IF they can drop files into your dropbox without giving them permission then that means it's not encrypted. or has a known key.

  • Hierarchical organizations are subject to the threats and favors of the state. Keep your data at home where the Fourth Amendment still (sort of) exists.
  • "All your data is encrypted" and "we'll give the cops some files" aren't mutually exclusive, if they give the cops encrypted files...
  • There's a simple solution to this that I already use - I keep an encrypted Truecrypt volume in my Dropbox folder. It syncs over fine and is backed up but the only thing they see is the encrypted volume.

  • XOR your data with entropy from /dev/urandom before uploading them.
    Easy peasy...

    (I was actually kidding but now I'm tempted...this can be the poor man's one-time-pad.)
    • by Ksevio (865461)
      But then you have to hold onto as much random data as your real data so there's no benefit to storing it remotely.
  • Take a look at SpiderOak (http://www.spideroak.com). Their fundamental security policy is "zero knowledge", meaning that their services works in such a way that everything is encrypted from the client. This is powerful stuff.

    • by operator_error (1363139) <spztoid.gmail@com> on Wednesday April 20, 2011 @10:43AM (#35880548)

      https://spideroak.com/engineering_matters#true_privacy [spideroak.com]

      True Privacy

      Your SpiderOak data is readable to you alone. Most online storage systems only encrypt your data during transmission, meaning anyone with physical access to the servers your data is stored on (such as the company's staff) could have access to it. Or, even if your data is encrypted during storage, your password (or set of encryption keys) is often stored along with your data, thus making its easily decoded by anyone with local access to those servers.

      With SpiderOak, you create your password on your own computer -- not on a web form received by SpiderOak servers. Once created, a strong key derivation function is used to generate encryption keys using that password, and no trace of your original password is ever uploaded to SpiderOak with your stored data.

      SpiderOak's encryption is comprehensive -- even with physical access to the storage servers, SpiderOak staff cannot know even the names of your files and folders. On the server side, all that SpiderOak staff can see, are sequentially numbered containers of encrypted data.

      This means that you alone have responsibility for remembering your password or 'Password Hint' (which you can create to help you remember) allowing SpiderOak to create a true 'zero-knowledge environment' – keeping your data as safe and secure as it can possibly be.

egrep -n '^[a-z].*\(' $ | sort -t':' +2.0

Working...