Dropbox discloses 'less than 249' national security data requests, but hints it may have been far lower

Summary:The cloud storage service said the move to allow companies to disclose national security data requests as a "step in the right direction," but noted it's a flawed system for very few requests or even none.

dropbox1-upload
Image: CNET

Dropbox this week announced, not long after it was given the go-ahead from the U.S. Justice Department, how many national security requests for data it has been handed.

Sort of. Because there's always a caveat or two.

In late January, the Justice Dept. loosened the restrictions on Silicon Valley companies  disclosing government surveillance requests that are at least six-months old under the guise of "national security."

That's caveat number one. It's a broad term that could frankly include anything under current U.S. law.

The second is that the numerical range in which these can be reported are so broad that in some cases any such disclosure may not in fact offer any clues on how many requests were made. 

That's Dropbox's big concern. In a blog post by Dropbox chief lawyer Bart Volkmer on Tuesday, he said the move to allow companies to disclose these requests was a "step in the right direction," but strongly hinted that companies such as the cloud storage firm was at a disadvantage because of its size and scale.

"...It doesn't go far enough, especially for services that receive only a handful of requests or none at all. We believe the public has a right to know the actual number of requests received and accounts affected, and we’ll continue to push to be able to provide this information."

Indeed, Dropbox received "zero to 249 requests" for data during the six-months prior to the blog post. That could be one, or two, as many as 249, or in fact none. Zero, zilch, nada.

And there's no way to know until the Justice Dept. eases up further.

Dropbox continues to fight the secretive Washington D.C.-based Foreign Intelligence Surveillance Court, set up under its namesake 1978 law, on how it discloses figures — with the company specifically wanting to disclose exactly how many requests it receives. 

In a legal brief submitted to the court [PDF] in September 2013, the company said because it received fewer than 100 regular law-enforcement requests for 2012, "reporting in the government’s format would decrease Dropbox’s ongoing transparency efforts."

"That's all we can report right now," Volkmer said. 

Topics: Security

About

Zack Whittaker writes for ZDNet, CNET, and CBS News. He is based in New York City.

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.