[ISN] Dropbox Lied to Users About Data Security, Complaint to FTC Alleges

From: InfoSec News <alerts_at_private>
Date: Mon, 16 May 2011 00:18:40 -0500 (CDT)

By Ryan Singel 
Threat Level
May 13, 2011

Dropbox, the wildly popular online storage system, deceived users about 
the security and encryption of its services, putting it at a competitive 
advantage, according to an FTC complaint filed Thursday by a prominent 
security researcher.

The FTC complaint charges Dropbox (.pdf) with telling users that their 
files were totally encrypted and even Dropbox employees could not see 
the contents of the file. Ph.D. student Christopher Soghoian published 
data last month showing that Dropbox could indeed see the contents of 
files, putting users at risk of government searches, rogue Dropbox 
employees, and even companies trying to bring mass 
copyright-infringement suits.

Soghoian, who spent a year working at the FTC, charges that Dropbox “has 
and continues to make deceptive statements to consumers regarding the 
extent to which it protects and encrypts therir data,” which amounts to 
a deceptive trade practice that can be investigated by the FTC.

Dropbox dismissed Soghoian’s allegations.


Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery 
Network, Cisco Switches, SAS 70 Type II Datacenter. 
Find peace of mind, Defend your Critical Infrastructure.
Received on Sun May 15 2011 - 22:18:40 PDT

This archive was generated by hypermail 2.2.0 : Sun May 15 2011 - 22:23:44 PDT