On the point of transparency, the company believes it should be allowed to report the exact number of government data requests it receives, the number of accounts affected by those requests, and the laws used by the government to justify such requests. Presently, the company’s transparency report publicizes the number of law enforcement requests it receives and the number of accounts affected by those requests. However, Dropbox – like other tech firms – is limited in its ability to report information about the number of national security letters (NSLs) it receives
In it’s most recent transparency report, the company said it received somewhere between 0 and 250 NSLs. Under their new data request principles, the company says it is continuing to fight for it’s right to be more explicit about the number of NSLs it receives, carefully noting that it may not receive any such letters at all.
Dropbox also shares the widely-held belief that data requests should be limited to specific people involved in targeted investigations. Therefore, the company says it will resist any requests attempting to gather information from large groups of users unrelated to a specific investigation.
“The US government has been seeking phone records from telecommunications companies related to large groups of users without suspicion that those users have been involved in illegal activity,” the company says. “We don’t think this is legal and will resist requests that seek information related to large groups of users or that don’t relate to specific investigations.”
Much of the conversation revolving around the NSA spying revelations has focused on U.S. citizens. If you listen to NSA director Keith Alexander or any other defenders of PRISM and similar programs, they are pretty open about the fact that they have the right to indiscriminately collect information of non-U.S. citizens. Dropbox now stands out in that it says it aims to protect the data of its users, regardless of citizenship.
Beyond that, Dropbox promises its customers that it will do everything in its power to guarantee that the government can not access user information through backdoors, by exploiting security vulnerabilities, or through any means other than established legal process.