If you have something to hide from the government, don't use Dropbox

If you have something to hide from the government, don't use Dropbox

Summary: Dropbox may, if necessary, decrypt the files in private Dropbox folders, allowing them to be read by government investigators. Here's what you need to know.

SHARE:

Image courtesy Flickr user imamon.

UPDATE 4/21: DropBox has an official comment.

Or Gmail. Or Google Apps. Or Amazon's cloud. Or Hotmail. Or any of Yahoo's many services. Or almost any other online service.

Here's what's happening and why I bring this up. Dropbox yesterday changed its terms of service, as reported by Business Insider.

With the new terms of service, Dropbox now says that it will "United States law enforcement when it receives valid legal process" and may, if necessary, decrypt the files in private Dropbox folders, allowing them to be read by government investigators.

Nothing to see here. Move along.

There is nothing really new here, which is why I mentioned so many other providers at the top of the page. American law allows law enforcement certain rights of search.

In most cases, that's after a judge has issued a search warrant -- and whether the nasty stuff you're hiding is in your Dropbox or your bank's safety deposit box, the gov has the right to peek inside.

Of course, some of the due process and judicial review has been modified in light of the Patriot Act, but the ability for government examination is important in any complex society and this new terms of service change by Dropbox isn't anything particularly new.

Of course, this all assumes we can trust the government to not abuse the privilege, but that's why there's so much judicial review built into the system.

In the meantime, don't go doing anything that'll get you in so much trouble that the G-Men need to decrypt your email or cloud storage.

What are you hiding? Fess-up below in the TalkBacks.

Topics: Government US, Government

About

David Gewirtz, Distinguished Lecturer at CBS Interactive, is an author, U.S. policy advisor, and computer scientist. He is featured in the History Channel special The President's Book of Secrets and is a member of the National Press Club.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

92 comments
Log in or register to join the discussion
  • RE: If you have something to hide from the government, don't use Dropbox

    Yep if you're a criminal or your tin-foil hat is too tight, then don't use these services.
    tonymcs1
    • RE: If you have something to hide from the government, don't use Dropbox

      @tonymcs@...

      Or simply have the things with a second layer of encryption with an extremely long password with digits, numbers and symbols.

      I swear, the government must think that everyone on the internet are noobs.
      Lerianis10
      • RE: If you have something to hide from the government, don't use Dropbox

        @Lerianis10
        Most are. It has been trivial to encrypt everything, from email to IM, for years.
        Very few do so; even those of us who know better.
        Among the non-technical, general user population it is almost nil.
        mdemuth
      • RE: If you have something to hide from the government, don't use Dropbox

        @Lerianis10

        What makes you certain that government doesn't have a back key for all these second layer encryption tools too?
        oliver6
      • Just encrypt

        @Lerianis10 I agree. I keep all of my "sensitive" documents inside TrueCrypt encrypted volume files that auto-mount (with a password) each time I boot my system. Then, I can copy them anywhere knowing that the contents are always secure.
        Bit-Smacker
      • RE: If you have something to hide from the government, don't use Dropbox

        @Lerianis10 ... Jeez, I despise simplistic misinformation like this!
        That wouldn't do anything but slow the process down slightly. YOU could be subponea'd to provide the method of encryptions used and the sequences, or, worst case, EVERY legal encryption method in existance in the US (and Canada) is registered so the codes can be broken without you. It is illegal as hell to make up your own encryption algorithms without registering it with the gvt, too. Doing so means long prison/penetentiary vacations for the perp/s.
        Such people, when located, are often a bonanza of information for the gvt and another batch of free computers when they're picked up from you.
        tomaaaaaa1
      • RE: If you have something to hide from the government, don't use Dropbox

        @tom
        Do you know the statute that prohibits me from developing my own encryption algorithm? I was not aware that cryptography had been outlawed. But even if you use a known but powerful algorithm it will still be uncrackable as a practical matter. A sincere question: is a TrueCrypt volume secure assuming I use a good key?

        As an aside, I consider myself to be fairly clever but I have more trouble making heads or tails out of the TrueCrypt documentation...
        kenaaa2
      • Tom@, 1991 called,

        @Lerianis10 ... it wants its cryptography-is-a-military-secret-regulatory-regime back.
        HollywoodDog
      • @Tom = Clueless

        @Tom, talk about misinformation. If people take every one of your "facts" and reverse them 180 degrees, they will get the truth.

        The beauty behind an open source product like TrueCrypt is that anyone who cares to browse the source code can see for themselves that no back doors exist.

        Also, the ability to break any of the encryption methods in TrueCrypt depends almost solely on the complexity of the password you choose.

        I think you are very confused about the fact that encryption technology was once prohibited from being exported from the United States. There certainly is no "encryption method registry" with the government. If you want to develop your own form of encryption, go for it.
        Speednet
      • In other words

        for our friend Gewirtz we should not fear because everybody gives our info to the Govt. Shouldn't we be opposed to that?
        nomorebs
      • Re: TrueCrypt

        @tom: Please consider that even the FBI is not able to decrypt a TrueCrypt protected hard disk of some executive (?) involved in a financial crime (?) somewhere in Southern America. They used brute-force on the drives for some significant duration of time.
        adsl_uplb
    • RE: If you have something to hide from the government, don't use Dropbox

      @tonymcs@...

      If you live in a country like Iran or China and you use encryption to evade your government, which category do you attribute that to? Criminal or tin-foil crazy?

      gary
      gdstark13
      • Good point

        @gdstark13
        Too true.
        I'd take this further: what if you live in a country where we take certain freedoms for granted, but your government is still reading your email or browsing your dropbox files?
        Why not be careful and set up a layer of encryption anyway? Is that really "tin-foil crazy"? :D
        exolon
      • RE: If you have something to hide from the government, don't use Dropbox

        @gdstark13 ... Well, in China, just getting caught spamming can put you in jail for years & years if they want to. So draw your own conclusions. In countries without human rights, it's sometimes pretty amazing what can happen. And it doesn't have to be o'seas; such things are as close as Mexico. If you want to do any business there, you need a pocket full or bribe money.
        tomaaaaaa1
      • RE: If you have something to hide from the government, don't use Dropbox

        @gdstark13

        Yeah! It's only countries that don't have "human rights" that are a problem. The US doesn't practice rendition or lock up U.S. citizens without trial. Oh... wait.

        Whitaker's transparent evasions before congress made it clear AT&T was copying what went over their lines and turning it over to the federal government without warrant or just cause. He claimed he was following a law which was clearly illegal both in that it was a "secret" law and that the Bush administration didn't have the legislative authority to issue it in the first place, oh and it's a constitutional violation. What a coincidence that AT&T was rapidly green lit for corporate acquisitions by the DOJ and FTC during that administration.
        tkejlboom
      • RE: If you have something to hide from the government, don't use Dropbox

        @tom,
        "In countries without human rights, it's sometimes pretty amazing what can happen. "

        All countries have human rights. Only some countries *protect* human rights. Others violate human rights. Human rights come from God, not government.
        hiraghm
      • Message has been deleted.

        arthurborges
      • RE: If you have something to hide from the government, don't use Dropbox

        @hiraghm Human rights come from God, not government.

        Human Rights come from humans and are abused by humans
        DesertJim
    • RE: If you have something to hide from the government, don't use Dropbox

      @tonymcs@...

      Still have to be careful. Sometime things change. Not so much criminal stuff but stuff that can be used against you.
      voska1
    • RE: If you have something to hide from the government, don't use Dropbox

      @tonymcs@... Just keep everything sensitive in a truecrypt vault- as long as you have a strong password, you can keep store the encrypted truecrypt disk anywhere and the contents will be safe from prying eyes.
      Gritztastic