|« Dropbox Kisses and Makes Up?||Monday Morning Technologist »|
Oh Dropbox, We Loved You Once...
There have been few services getting as much contention lately as Dropbox. First they implied that they couldn't read the contents of your files that you uploaded to Dropbox. Then they backed off that stance and rephrased it to mean that they're "not allowed" to read the contents. Well, o.k., a few of their employees are allowed to, but most of them aren't allowed to. As any parent knows there is a big difference between what you CAN do and what you're ALLOWED to do and that keeping people on the proper side of those lines is often easier said than done.
In any event a few security conscious users decided that trusting anonymous techies in the "Cloud" to not violate policy and peek at confidential data wasn't such a good idea in the age of Wikileaks and pulled their data back out of Dropbox in search of more secure solutions.
Well...now the line has shifted again, and not for the better. If you're a Dropbox user (or considering being one) you should take a gander at their new terms of service (link posted above). Pay particular attention to the section marked "Your Stuff & Your Privacy". There you will find this:
By using our Services you may give us access to your information, files, and folders (together, “your stuff”). You retain ownership to your stuff. You are also solely responsible for your conduct, the content of your files and folders, and your communications with others while using the Services.
Hmmm. O.K., so now they're flat out saying that we may "give [them] access to [our] information, files and folders." That pretty much kills Dropbox for any confidential data in my opinion. But let's read on anyhow...because it gets better. (and I mean that theatrically)
By submitting your stuff to the Services, you grant us (and those we work with to provide the Services) worldwide, non-exclusive, royalty-free, sublicenseable rights to use, copy, distribute, prepare derivative works (such as translations or format conversions) of, perform, or publicly display that stuff to the extent reasonably necessary for the Service.
Sound familiar? It should if you're also a Free Google Docs user - Google's TOS for their free Docs service contains very similar language. Even the botox fanatics among you should have a raised eyebrow at this point. The very words "distribute" and "publicly display" should be all you really need to hear.
Now some of you are saying "Oh, sure, the agreement says that but they won't really DO it." Fair enough. Many of you reading this are lawyers (I know my audience), would you encourage your client to sign an agreement that says the other side has the right to do something onerous with the caveat that "I know it says they're allowed to do it, but they won't really do it." This agreement gives them permission to do it. Do you take their word that they won't? Up to you.
You acknowledge that Dropbox has no obligation to monitor any information on the Services, even though we may do so.
Again...random Cloud-folk MAY be monitoring your information.
Does this mean you should never use Dropbox? No. That's not what it means. As with any of these situations you need to consider what information you're posting there. If you want to post your collection of recipies or your daughter's volleyball schedule I don't think those are necessarily bits of data that you need to hold close to the vest (unless you're Rachel Ray perhaps).
But if you're a lawyer or a doctor or a mortgage broker or an insurance guy or some other professional charged with the personal, private, confidential data of your clients or patients then you should be walking briskly away from the idea of storing that data on Dropbox. (or any other service that grants itself the rights to monitor and/or "publicly display" the files you upload to it).
Just because it's cheap and convenient doesn't excuse you from the duty to protect your client's confidential information.
More Information: "Dropbox and Google and Mobile Me, Oh My"
You can follow Ben M. Schorr on Twitter @bschorr.