Dropbox opens subscriber files to law enforcement

By alexalex
in Smart Home, Network & Security

 Share

Recommended Posts

Grand Master

alexalex

Posted
Posted

Old promise :

"Your files are actually safer while stored in your Dropbox than on your computer in some cases. We use the same secure methods as banks and the military to send and store your data...Nobody can see your private files in Dropbox unless you deliberately invite them or put them in your Public folder."..

New ToS :

"As set forth in our privacy policy, and in compliance with United States law, Dropbox cooperates with United States law enforcement when it receives valid legal process, which may require Dropbox to provide the contents of your private Dropbox," . Furthermore: "In these cases, Dropbox will remove Dropbox's encryption from the files before providing them to law enforcement."

Link to comment
Share on other sites
Grand Master

presence06

Posted
Posted

We are slowly losing our rights on the interwebs... our emails are open for the Government, now our "private" data is open for them as well..

Link to comment
Share on other sites
Grand Master

DukeEsquire

Posted
Posted

Um, this has no practical change.

If Dropbox received a court order to reveal your data, they would have done it under the old ToS too. A court order is a court order. If people could just "refuse", that would make court orders pretty useless.

Learn that nothing in life is "private". Whether your stash your information on your hard drive at home or onto Dropbox or in a shoebox under your bed, you'd have to turn it over if you received a court order.

Nothing has changed and no rights are "eroding". This is how it's always been.

Link to comment
Share on other sites
Collaborator

kkick

Posted
Posted

The courts cannot MAKE you remember the 32 (or however many) character encrypted passkey if you just happen to forget it when they ask for it. :shiftyninja:

SpiderOak :whistle:

+1

Link to comment
Share on other sites
Grand Master

DukeEsquire

Posted
Posted

The courts cannot MAKE you remember the 32 (or however many) character encrypted passkey if you just happen to forget it when they ask for it. :shiftyninja:

+1

Lifehacker has an interesting way to increase security...use truecrypt containers: http://lifehacker.com/#!5794486/how-to-add-a-second-layer-of-encryption-to-dropbox

Also...I could use some help with increasing my DB size: http://db.tt/sy56rjW

That won't stop the courts. If you have encrypted files and refuse to unencrypt them, the courts can presume they are illegal materials such as child porn.

http://blog.emagined.com/2009/09/09/encryption-is-evidence-of-illegal-activity/

Most of our readers will be aware that the Customs Service has a program to search the laptops of selected travelers returning to the United States. Typically, a traveler is asked to step aside, power on the computer, and provide the password so that the computer can be perused ostensibly for contraband. Of course, anyone who experiences this will, at best, find this a huge hassle. Moreover, if you also happen to be trafficking in child pornography or jihadist writings, your trip may get a lot worse at this point. However, what if you?re a mild-mannered businessman ? or woman ? who?s been abroad on business and just wants to get home with his or her company provided laptop?

The answer is it?s not so pretty. There are many reasons you might not want the government to know the contents of your laptop. For example, your laptop might contain the confidential information of clients for whom you provide highly sensitive and confidential advice. Or, your laptop may contain writings that are privileged communications between yourself and your attorney; or your laptop might contain the confidential intellectual property of your employer which you are bound to keep secret under the terms of your employment contract, unless you are compelled to reveal it through judicial due process. The little kabuki drama that unfolds at Customs is not a judicial due process. So, you may be tempted to simply refuse to provide the password to unlock and/or decrypt the computer. Now what?

The government may seize your computer and keep it for an indeterminate period of time while they examine it for contraband. Apparently, after a recent ruling by the United States District Court, you have essentially no rights in this matter. [Genao v. U.S., 2009 WL 1033384 (U.S. District Court for the Southern District of New York 2009)] This is true even if you are a US citizen with a valid passport having traveled abroad legally and satisfied all of the procedural requirements. The government need not show ?probable cause? in order to look at your computer. In fact, as with compulsory sobriety checkpoints, the government may simply pursue a program of spot checks and random searches in order to reach its reasonable goal of preventing contraband from entering the country.

In Genao the ruling came on a motion to return seized computers, hard disks and CDs after the conclusion of a child pornography trafficking case in which Genao was convicted. The government had been unable to decrypt many of the CDs. Nevertheless, the court held that the presence of encryption gives rise to a reasonable presumption that the illegal data must be on the encrypted storage devices. In this case, the illegal activity was child pornography; the court reasoned that encrypted files and storage devices could be presumed to contain contraband and were not returned to Genao, even though the legal precedent established that there was no reason for the government to retain the encrypted disks after a conviction had been obtained and the case concluded.

Link to comment
Share on other sites
Grand Master

The_Observer

Posted
Posted

so this applys to people outside the US, time to move on to someone else, i dont have anything bad on there, but as a Non-US person i shouldnt be held to US laws!

Link to comment
Share on other sites
Grand Master

#Michael

Posted
Posted

That won't stop the courts. If you have encrypted files and refuse to unencrypt them, the courts can presume they are illegal materials such as child porn.

http://blog.emagined.com/2009/09/09/encryption-is-evidence-of-illegal-activity/

But they cannot force you to remove the encryption...that would violate your 4th/5th amendment rights. They cannot force me to turn over the password to the container. Presumption does not indicate guilt.

Link to comment
Share on other sites
Grand Master

The_Observer

Posted
Posted

But they cannot force you to remove the encryption...that would violate your 4th/5th amendment rights. They cannot force me to turn over the password to the container. Presumption does not indicate guilt.

and how doesn't apply to people outside the US.

Link to comment
Share on other sites
Grand Master

DukeEsquire

Posted
Posted

But they cannot force you to remove the encryption...that would violate your 4th/5th amendment rights. They cannot force me to turn over the password to the container. Presumption does not indicate guilt.

Presumption as in the jury may presume that you have child porn in your Dropbox.

At that point, it's pretty easy to get a guilty verdict...

And no, there is no 4th or 5th Amendment violation for removing encryption. I have no idea where you got that from.

I don't like knowing the US government has access to all my data. SpiderOak does look like a nice alternative...

SpiderOak is subject to subpoena as well.

Link to comment
Share on other sites
Grand Master

Argi

Posted
Posted

SpiderOak is subject to subpoena as well.

Right, but all SpiderOak can provide is the encrypted data and the encrypted keys to that data. Your password is required to unlock the keys which unlocks the data. Dropbox on the other hand will provide it as is.

It probably isn't a big deal in the end but it's something to keep in the back of my mind.

Link to comment
Share on other sites
Grand Master

#Michael

Posted
Posted

Presumption as in the jury may presume that you have child porn in your Dropbox.

At that point, it's pretty easy to get a guilty verdict...

And no, there is no 4th or 5th Amendment violation for removing encryption. I have no idea where you got that from.

SpiderOak is subject to subpoena as well.

Encryption cannot be removed without an encryption key or password. 5th amendment provides me with the protection against self-incrimination and thus I do not half to provide the court, police, or any other agency with the means to remove the encryption to my data. 4th amendment provides me against unreasonable search and seizure...very cut and dry.

Last time I looked we are innocent until proven guilty...so in a case of data encryption if a jury presumes that I am cp just because I have my data encrypted then I could argue that is a tainted jury.

Link to comment
Share on other sites
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.