Six Lines

Complaint to FTC about Dropbox

Posted by Aaron Massey on 17 May 2011.

Last month, I wrote about Christopher Soghoian’s blog post on Dropbox encryption. This month, Ryan Singel, of Wired.com, has a summary of Soghoian’s complaint to the FTC about Dropbox:

Dropbox, the wildly popular online storage system, deceived users about the security and encryption of its services, putting it at a competitive advantage, according to an FTC complaint filed Thursday by a prominent security researcher.

The FTC complaint charges Dropbox (.pdf) with telling users that their files were totally encrypted and even Dropbox employees could not see the contents of the file. Ph.D. student Christopher Soghoian published data last month showing that Dropbox could indeed see the contents of files, putting users at risk of government searches, rogue Dropbox employees, and even companies trying to bring mass copyright-infringement suits.

Soghoian, who spent a year working at the FTC, charges that Dropbox “has and continues to make deceptive statements to consumers regarding the extent to which it protects and encrypts therir data,” which amounts to a deceptive trade practice that can be investigated by the FTC.

Definitely check out the rest of the article, but don’t be skip the actual complaint. It’s shorter than it looks and pretty easy to read.