MUST READ: Congress demands answers from Google over Glass privacy concerns

Topic: Security

Dropbox: new terms of service bring smiles

Summary: Dropbox updated its terms of service to reflect stated policies on user privacy and intellectual property control.

Michael Krigsman

By for Beyond IT Failure |

Recently, Dropbox has suffered through mistakes that caused a system-wide security breach and a broad outcry by users against its terms of service. While these have been difficult days for Dropbox, the company has taken steps to recover users' confidence and regain their lost smiles.

Related: Convenience over privacy: Is Dropbox watching you?

Dropbox has consistently maintained that its terms of service do not allow them to exercise control over customers' intellectual property. Despite these protestations, the language presented potential problems for users concerned about data privacy and raised questions over how the service might use their files. For more detail, read the related post linked just above this paragraph.

In a very smart move, Dropbox has changed the language of its terms of service to reflect the company's stated hands-off policy on customers' intellectual property rights. Here are the new terms:

You retain full ownership to your stuff. We don’t claim any ownership to any of it. These Terms do not grant us any rights to your stuff or intellectual property except for the limited rights that are needed to run the Services, as explained below.

We may need your permission to do things you ask us to do with your stuff, for example, hosting your files, or sharing them at your direction. This includes product features visible to you, for example, image thumbnails or document previews. It also includes design choices we make to technically administer our Services, for example, how we redundantly backup data to keep it safe. You give us the permissions we need to do those things solely to provide the Services. This permission also extends to trusted third parties we work with to provide the Services, for example Amazon, which provides our storage space (again, only to provide the Services).

This straightforward language satisfies my concerns as a user; I'm not a lawyer, but have reviewed and signed literally hundreds of contracts and this new language looks good to me.

Interestingly, the company's terms go overboard to satisfy users, with this statement (emphasis added):

To be clear, aside from the rare exceptions we identify in our Privacy Policy, no matter how the Services change, we won’t share your content with others, including law enforcement, for any purpose unless you direct us to.

Realistically, Dropbox cannot avoid law enforcement requests, especially when backed by a court order. In fact, this clause contradicts the company's privacy policy (emphasis added):

We may disclose to parties outside Dropbox files stored in your Dropbox and information about you that we collect when we have a good faith belief that disclosure is reasonably necessary to (a) comply with a law, regulation or compulsory legal request; (b) protect the safety of any person from death or serious bodily injury; (c) prevent fraud or abuse of Dropbox or its users; or (d) to protect Dropbox’s property rights. If we provide your Dropbox files to a law enforcement agency as set forth above, we will remove Dropbox’s encryption from the files before providing them to law enforcement.

It's worth noting that Google's terms of service contain the kind of language that observers found objectionable with Dropbox. For this reason, the Photo Focus blog cautions professional photographers against uploading images to Google properties.

Advice to CIOs and enterprise buyers: Dropbox offers a useful service that seems determined to create loyalty and customer satisfaction. At the same time, the security issues and terms of service flip-flopping point to a company that is not quite enterprise-ready. Still, given additional time I suspect the company will eventually gain the requisite level of internal process maturity; certainly the service itself is generally reliable.

Advice to consumers: For personal use, Dropbox is great and I recommend it wholeheartedly. As with all online services, follow the usual security precautions: change your password periodically, use different passwords for each service, and so on.

============

Update 7/9/11: Dropbox sent me an email asking for this correction:

Your comment here is inaccurate: "Realistically, Dropbox cannot avoid law enforcement requests, especially when backed by a court order. In fact, this clause contradicts the company’s privacy policy." We state in our ToS that "To be clear, aside from the rare exceptions we identify in our Privacy Policy..." which say " comply with a law, regulation or compulsory legal request."

My response: Stop playing games with language; it does you no good. It's clear that Dropbox will hand over users' files when required by law enforcement, which is a reasonable position.

============

Photo by Michael Krigsman. Dropbox declined to comment for this post.

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

13 comments
Log in or register to join the discussion

  • Ok, that's a good start

    The terms of service do say "aside from the rare exceptions we identify in our Privacy Policy".

    And those exceptions include a court order, or someone's life being at risk (ala a Law & Order:SVU type scenario) so they are making a good faith effort here.

    However, did you notice the part about "we will remove Dropbox?s encryption from the files before providing them to law enforcement."

    Emphasis on *Dropbox's encryption*. So, if you're really paranoid you'll only put files you encrypt *yourself* on Dropbox. :)
    wolf_z
    Reply Vote

    • RE: Dropbox: new terms of service bring smiles

      @wolf_z Encyrpting files yourself is always a great idea, if privacy really matters to you.
      mkrigsman@...
      Reply Vote

  • RE: Dropbox: new terms of service bring smiles

    This is a lot better explanation of the TOS. Dropbox, thank you for making everything simple!!!
    gft1950
    Reply Vote

  • RE: Dropbox: new terms of service bring smiles

    Truecypt makes a great companion to Dropbox- I keep a small tc file in my dropbox full of text files with important account info (bank accounts, credit cards, family info, etc). Just make sure to go into preferences and uncheck the box for 'preserve timestamp' so that dropbox knows to sync the tc file after it has been updated.
    Gritztastic
    Reply Vote

  • RE: Dropbox: new terms of service bring smiles

    Photofocus conveniently excluded the first part of that clause which guarantees your right to your content?s copyright:

    11.1 You retain copyright and any other rights you already hold in Content which you submit, post or display on or through, the Services. By submitting, posting or displaying the content you give Google a perpetual [...]

    The verbiage highlighted by Photofocus from the TOS is of a *technical* nature. This way Google can convert media formats and/or compress your uploads without it being considered a ?derived work? for you to sue Google over. It also gives Google the right to cache your imagery on their servers, even after you?ve deleted it from the service (cache mitigation is complex). Additionally it covers Google using first and/or third party content distribution networks to provide your media to users in the fastest and most available way possible. The terms exist within the service, you?re not giving Google and/or Google+ users the right to steal your copyrighted content.
    bretkuhns
    Reply Vote

  • Wow

    I don't use this service but I'm impressed. I wish all TOS and EULA's were written in such simple and straightforward language. As a customer I have no problem understanding that without resorting to Black's Law Dictionary every other sentence. At the same time they are also protecting themselves without resorting to an incomprehensible sea of legal-ese. Other companies should definitely take note. They can still protect themselves and their property without making us feel like we just had a fast one pulled on us by a slick legal department.
    Str0b0
    Reply Vote

  • RE: Dropbox: new terms of service bring smiles

    I agree. legalese is a plague not only in software agreements but to society in general. All legal documents should be written in plain simple English.
    ryan_v
    Reply Vote

    • RE: Dropbox: new terms of service bring smiles

      @ryan_v I dissagree. You must have the "legalese" because, in business, if there is a data breach like there was, companies are going to be sued based on these terms of service. Yes, lawyers, courts, judges. Now, if this was just to store your homework, no big deal, but if were to put all of your personal details out there in a text file: name, address, telephone number, age, gender, dob, social security number, bank account number and financial data... Well, you get the picture.
      hforman@...
      Reply Vote

  • Here is the Problem We Have With Dropbox at Work

    We handle very sensitive criminal data for a large county. Lawyers like the iPAD and want to use Dropbox to do the storage of this sensitive data because they don't like the inconvenience of signing onto SSL VPN. Dropbox says that their employees are "told" not to read customer data (not good enough) and they tell us that they may have to read data in order to maintain it (not good enough) or to give out the data if THEY receive a subpoena (also not good enough - if the county receives a subpoena, that is one thing). After being sued because they had a breach (not good enough) they changed their terms of service to cover themselves by saying that they "own" your data. What it basically boils down to is that anyone who has access to that data, even from an administrative standpoint, must have signed a non-disclosure agreement with the county. So, now we are going to have a bunch of P.O.'ed lawyers unless we have some way of encrypting that data ourselves. Because of this, a lot of iPAD endeavors are on hold.
    hforman@...
    Reply Vote

    • RE: Dropbox: new terms of service bring smiles

      @hforman@... Thanks for the real world example of where consumer tools like Dropbox fall short of corporate requirements.
      mkrigsman@...
      Reply Vote

      • RE: Dropbox: new terms of service bring smiles

        @mkrigsman@... Yeh, thanks, 'sensitive criminal data' in the Cloud. That is wrong on so many levels. You're one hacker away from a major lawsuit. I have two words for the lawyers, one starts with F and the other ends with 2 F's.
        spin498
        Reply Vote

  • RE: Dropbox: new terms of service bring smiles

    I'd rather use an alternate service I switched two days after the dropbox incident. I only use the free service I looked up alternates and found SugarSync which gives 5GB of free space. Oh you'll get 5.5GB if you use my referral link and 10GB if you buy a plan. Try it out, you also don't have to drop things into the "dropbox" folder it'll sync whatever folder you want. here is the link https://www.sugarsync.com/referral?rf=hz2ietwoxpah
    edgar92a
    Reply Vote

    • RE: Dropbox: new terms of service bring smiles

      @edgar92a
      I used sugersync. It dose not even come close to what dropbox offers and does. Dropbox?s simplicity is unbeatable, even my 77 year old grandma can understand and use by her own over 6 months without help from anyone. I will not move to other services.
      gft1950
      Reply Vote
CNET Join | Log In | Privacy | Cookies Close