Popular online storage provider Dropbox has lately come under fire with regards to its privacy and security architecture.  This culminated in an FTC complaint filed by security researcher Christopher Soghoian, who alleged that the company "has and continues to make deceptive statements to consumers regarding the extent to which it protects and encrypts their data."

At the heart of the matter were marketing claims made by Dropbox on its website which conveyed the impression that data stored with the company is completely private and cannot be accessed by its employees.  It turned out that while Dropbox does encrypt all files that were uploaded to its servers, the necessary keys for decrypting the data are held by Dropbox and not by individual users.  In addition, the company has confirmed that its employees are prevented from accessing user files by access control mechanisms and policy prohibitions.

In an email message to me, company spokeswoman Julie Supan wrote: "We believe this complaint is without merit, and raises issues that were addressed in our blog post on April 21, 2011. Millions of people depend on our service every day and we work hard to keep their data safe, secure, and private." 

While I don't doubt the good intentions of the company, businesses which may have opted to use Dropbox under the assumption that all uploaded data is completely inaccessible to anyone other than themselves may want to reconsider their decision.

For now, I think what Aaron Levie, co-founder and CEO of competitor Box.net said summed up the situation precisely.  As reported by PC World, Levie observed that: "I think Dropbox has its users' best interests at heart, but probably went a bit too far in the messaging. I believe they will rectify this."

For more on this story:
- check out this article at PC World
- check out this article at Wired

Related Articles:
Security researcher questions design of Dropbox authentication
Dropbox hits version 1.0
Fuze Box Brings Complete Webinar Support and Enhanced Dropbox Functionality on Fuze Meeting for the iPad
Laplink® Releases New Data Protection Software