The online storage service Dropbox has amended its privacy policy at least in part to better address increased concerns regarding how the service perceives, responds to, and handles government requests for user-data.
The new government data requests principles come as part of broader and fairly standard terms of service and privacy policy update in which the company says it wants to be clearer about the ways it handles user data. As far as government requests for that data are concerned, Dropbox says it plans to be transparent, fight blanket data requests, protect all of its users, and provide trusted services.
On the point of transparency, the company believes it should be allowed to report the exact number of government data requests it receives, the number of accounts affected by those requests, and the laws used by the government to justify such requests. Presently, the company’s transparency report publicizes the number of law enforcement requests it receives and the number of accounts affected by those requests. However, Dropbox – like other tech firms – is limited in its ability to report information about the number of national security letters (NSLs) it receives
In it’s most recent transparency report, the company said it received somewhere between 0 and 250 NSLs. Under their new data request principles, the company says it is continuing to fight for it’s right to be more explicit about the number of NSLs it receives, carefully noting that it may not receive any such letters at all.
Dropbox also shares the widely-held belief that data requests should be limited to specific people involved in targeted investigations. Therefore, the company says it will resist any requests attempting to gather information from large groups of users unrelated to a specific investigation.
“The US government has been seeking phone records from telecommunications companies related to large groups of users without suspicion that those users have been involved in illegal activity,” the company says. “We don’t think this is legal and will resist requests that seek information related to large groups of users or that don’t relate to specific investigations.”
Much of the conversation revolving around the NSA spying revelations has focused on U.S. citizens. If you listen to NSA director Keith Alexander or any other defenders of PRISM and similar programs, they are pretty open about the fact that they have the right to indiscriminately collect information of non-U.S. citizens. Dropbox now stands out in that it says it aims to protect the data of its users, regardless of citizenship.
Beyond that, Dropbox promises its customers that it will do everything in its power to guarantee that the government can not access user information through backdoors, by exploiting security vulnerabilities, or through any means other than established legal process.