Researcher: Dropbox Misrepresents Security Features
An official complaint has been lodged with the U.S. Federal Trade Commission against Dropbox for deceiving consumers as to the level of data privacy protection they provide as Dropbox employees have access to decrypt files. Their practices purportedly violate Section 5 of the Federal Trade Commission Act. Changing their disclosures to users may quell any legal repercussions.
In a letter sent to the FTC, University of Indiana PhD and security researcher Christopher Soghoian claimed that while Dropbox encrypted every file it stored, this could be reversed by employees, undermining the company’s security credibility. Not only did this design fall short of “industry best practices”, wrote Soghoian, it also represented a serious security risk that the company was not being upfront about.
Comments are closed.