Dropbox's New Policy of Scanning Files For DMCA Issues 243
Advocatus Diaboli (1627651) writes "This weekend a small corner of the Internet exploded with concern that Dropbox was going too far, actually scanning users' private and directly peer-shared files for potential copyright issues. What's actually going on is a little more complicated than that, but shows that sharing a file on Dropbox isn't always the same as sharing that file directly from your hard drive over something like e-mail or instant messenger. The whole kerfuffle started yesterday evening, when one Darrell Whitelaw tweeted a picture of an error he received when trying to share a link to a Dropbox file with a friend via IM. The Dropbox web page warned him and his friend that 'certain files in this folder can't be shared due to a takedown request in accordance with the DMCA.'"
Later Dropbox! (Score:5, Insightful)
Its been nice while it lasted, now on to other services!
Two solutions (Encrypt or leave) (Score:5, Insightful)
Re:That's it (Score:5, Insightful)
But this isn't new, its been going on since Dropbox implemented their DCMA violation checking system a few years ago, and you can see *why* they are doing it.
Lets clarify a few things for those that aren't going to RTFA - this isn't for private shared folders, or for folders within your own Dropbox. This is for when you create *public* links, by either using the "Shared Links" facility or when you create a public link from the old style Public folder.
Thats it. The files Dropbox is including in these scans are *publicly linked* to - and they are fair game if Dropbox wants to stay ahead of the legal system on this front. Dropbox has no idea that you only intend to share it with yourself, or one other person, and there is no mechanism by which you can ensure that yourself anyway.
Yet again its forced outrage against basically something which is common sense - if the file has been taken down before, its going to be again, and the less man power Dropbox expends while handling DCMA requests the better for them as a company.
Not as bigger deal as it sounds if you RTFA (Score:5, Insightful)
This whole issue can be summarized as:
1) User wants to ignore copyright law and share something they have no legal right to via a public service
2) Public service being used has no idea how many people will want to access the shared resource but they do know it is copyrighted as they auto match everything uploaded so they can avoid keeping to separate copies of identical files and save storage space and had a DMCA take down request for that same file previously.
3) Public service errs on the side of not getting their arse sued off by the various content owner conglomerates legal attack dogs and refuses to allow the file to be shared even though the person who uploaded it can still see it.
All in all seems pretty reasonable. Until copyright law is changed (like that is ever going to happen) dropbox have to follow it to the letter. I suppose they could have avoided the whole thing by storing more data and then not doing the duplicate file scan thing but even that is no guarantee it would prevent them from being sued to oblivion.
The only safe option for them that would also keep things private would be to use encryption keys that were only kept in the client. That way if you needed to share a particular folder you selected to store that under a different encryption key, and gave that key to other person / people who needed to access it.
The big problem with this is that it then becomes more awkward to provide web access to the files. People are comfortable remembering a username and password, they are not so comfortable remembering a bunch of encryption keys. If you store the encryption keys on a server at your end anywhere then you can access the files so you therefore get the legal responsibility to make sure your system is not being used to flout copyright law. The only legal way to run this sort of service and not be liable for it's misuse is to design it in such a way that you cannot see what is being stored at all.
Re:Two solutions (Encrypt or leave) (Score:4, Insightful)
If you encrypt, it's not very convenient to do what the person in the article did: link to a video. His IM buddy would have to download/decrypt before seeing the video. Your point is well-taken, of course. But leaving for another cloud provider is likely not going to make things any better. Cloud storage, by its broad definition, is sacrificing security for convenience (to some extent). You can certainly mitigate that via encryption, but at the loss of much of the convenience, especially when it comes to this particular use case, which is the sharing of a video.
Re:Two solutions (Encrypt or leave) (Score:4, Insightful)
Isn't that so that you can send links to contacts? Android has no granular permissions support so if you ever want to be able to email a link from the app, you have to grant that permission.
Its a shame that you cannot just deny that right and have it fail if you ever tried the email functionality. Or even let the application know what's granted so that it can disable the email options.
Re:That's it (Score:4, Insightful)
If you're not distributing copyrighted material I fail to see how this article is relevant at all. They wouldn't care.
Much, Much Later (Score:4, Insightful)
Then they said they were changing that practice. But how far could you trust them, considering that they had already lied to everybody? Fool me once, and all that.
NOW, apparently they're checking your files -- which back when they again claimed they weren't accessing -- for copyrighted content, which again requires access to your original files. (Even if you're just doing an MD5 hash or some such, you still need access to the original file to do it.)
So, yeah. For all those who didn't drop Dropbox when I did, maybe it's time.