Security researcher files FTC complaint against Dropbox

Company now admits staff can access user's files
Author:
Publish date:
8_dropbox184.jpg

A security researcher has filed a complaint against popular cloud storage firm Dropbox with the US FTC, accusing the service of being insecure.

Dropbox offers client software for a wide range of platforms including smartphones, allowing users to sync their data into cloud storage, a service the company explains is encrypted with strong AES-256 encryption.

However Indiana University security researcher Christopher Soghoian pointed out in a blog post in April that Drop Box only keeps one copy of files that are the same which means that the service must have access to unencrypted data at some point.

In response Drop Box altered their position of stating that no Drop Box employee had access to users files, saying: "Like most major online services, we have a small number of employees who must be able to access user data when legally required to do so."

Part of the FTC complaint reads: "Dropbox does not employ industry best practices regarding the use of encryption technology. Specifically, Dropbox’s employees have the ability to access its customers’ unencrypted files."

Other cloud storage solutions such as Wuala and SpiderOak use encryption schemes which means the firm has no access to user data. Dropbox said that the complaint was "without merit."

Related