May 11, 2011
REQUEST FOR INVESTIGATION AND COMPLAINT FOR INJUNCTIVE RELIEF
1. Dropbox has prominently advertised the security of its “cloud” backup, sync
and file sharing service, which is now used by more than 25 million
consumers, many of whom “rely on Dropbox to take care of their most
2. Dropbox does not employ industry best practices regarding the use of
encryption technology. Specifically, Dropbox’s employees have the ability to
access its customers’ unencrypted files.
3. Dropbox has and continues to make deceptive statements to consumers
regarding the extent to which it protects and encrypts their data.
4. Dropbox’s customers face an increased risk of data breach and identity theft
because their data is not encrypted according to industry best practices.
5. If Dropbox disclosed the full details regarding its data security practices,
some of its customers might switch to competing cloud based services that
do deploy industry best practices regarding encryption, protect their own
data with 3rd party encryption tools, or decide against cloud based backups
6. Dropbox’s misrepresentations are a Deceptive Trade Practice, subject to
review by the Federal Trade Commission (the “Commission”) under section 5
of The Federal Trade Commission Act.
The Dropbox Blog
Updated 5/16/2011: added new section 7 (Talking about security). No other text was changed.
Like many of you, we’ve been reading the reports about a change we made to our Terms of Service, and more generally about Dropbox’s approach to privacy and security.
Everyone who works at Dropbox knows our most important asset is the trust of our users. Dropbox is used by millions of people every day, including our own friends and families, and we promise them — and all of you — that we work hard to keep your most important data safe, secure, and private.
In this post, we’d like to go through each of the concerns that has been raised, and provide you with answers that we hope you feel are complete, transparent, and straightforward. We also provide detail on specific technical concerns. We look forward to your feedback, and will continue to strive to make our policies as easy to understand as Dropbox is to use. Our goal is to have an open and honest relationship with you so that we can address all of these issues quickly and effectively.
PCWorld: Dropbox Speaks Out on Data Security Controversy