Dropbox, The Cloud, Privacy, and Common Sense
Derrick Harris has an interesting post up on the GigaOm network discussing the ramifications of Dropbox’s recent woes, both with data security and also the PR surrounding the recent changes to the Terms of Service. For those not following this story, a few weeks ago, Dropbox had a pretty serious security problem when customers data was available to just about anyone for about four hours. Dropbox fixed the problem but then had to deal with the PR nightmare that followed it.
So, in attempts to mollify and explain they made a change to the Terms of Service, which many interpreted to mean that Dropbox owned any and all data you might store on its servers. Well, if you read the document it would be easy to react that way. Dropbox again reacted to the reactions and made another change in the Terms of Service that clarified things a bit. Dropbox has also been hit with a class action lawsuit and back in may an Federal Trade Commission (FTC) complaint. So, you can imagine their lawyers are working overtime.
Are these real issues? Well, yes, and maybe. If you follow any of the headlines about data and security breaches, and all the hacking going on, common sense dictates that you should know that anything you put on anyone else’s servers can possibly be hacked. You’d also have to be pretty naive to think that companies that do business in the cloud won’t turn over data when presented with a warrant. Of course some would say we’re all naive to think that what we send across the Interwebs isn’t already sniffed anyway.
So, does this make it tough for those looking to make hay in The Cloud? Sure. It makes folks think twice and that’s really the important thing before committing your business or personal files to someone else’s care. Actually, I find the discussion prompted by this episode with Dropbox analogous to that moment that every computer user realized they needed some form of backup system somewhere.
Call me silly, but I operate quite simply on these matters. I use Dropbox. I encrypt important files before I place them in my Dropbox. And I don’t put anything in my Dropbox folder that I worry too much about, with one exception. I do use Dropbox to sync my 1Password file. Does that concern me? Sure. But when I think about it, no more or no less than I’m concerned that someone could break into my home or office, steal a device with that info store on it, and crack that encryption.
With Apple about to unleash its iCloud and with many other services out there to choose from, I don’t think this discussion will end with how Dropbox handles the current mess it finds itself in. But I think the discussion is a good one to have, given the number of folks out there who like to be malicious, as well as those who don’t pay enough attention and actually give them a fertile environment to operate in. It is also a good discussion to have simply because I don’t think any company or any group of engineers, or any number of guarantees can keep systems from failing and humans from making mistakes.