I’ve written about Dropbox a couple of times before in a generally positive way. In this post, I’m coming to their defense again so I should state for the record that I’m neither a Dropbox user nor associated with them in any way. The latest silliness involving Dropbox is concern over their new Terms of Service. A number of people have pointed to the section entitled Your Stuff & Your Privacy. Here’s how the story on Slashdot reported the new language:
By submitting your stuff to the Services, you grant us (and those we
work with to provide the Services) worldwide, non-exclusive,
royalty-free, sublicenseable rights to use, copy, distribute, prepare
derivative works (such as translations or format conversions) of,
perform, or publicly display that stuff to the extent we think it
necessary for the Service.
That sounds pretty bad, doesn’t it? Dropbox appears to be saying that they can do anything they want with any data you store on the system. But when you add a little context
By using our Services you may give us access to your information,
files, and folders (together, “your stuff”). You retain ownership to
your stuff. You are also solely responsible for your conduct, the
content of your files and folders, and your communications with others
while using the Services.We sometimes need your permission to do what you ask us to do with
your stuff (for example, hosting, making public, or sharing your
files). By submitting your stuff to the Services, you grant us (and
those we work with to provide the Services) worldwide, non-exclusive,
royalty-free, sublicenseable rights to use, copy, distribute, prepare
derivative works (such as translations or format conversions) of,
perform, or publicly display that stuff to the extent reasonably
necessary for the Service. This license is solely to enable us to
technically administer, display, and operate the Services. You must
ensure you have the rights you need to grant us that permission.
you see that what the terms really say is that if you want Dropbox to provide certain services, such as sharing your data, you have to give them the right to do it. No All your data are belong to us, merely protection from lawsuits for using your data in some way that you asked them to.
As a result of the brouhaha over the Terms of Service, Dropbox added an update on their blog in which they explicitly say that they don’t own your data and that the license allows them to provide the service that you are requesting and nothing else. As the folks over at the Agile Blog (the makers of 1password) say “Read the policy, not the tweets.”
It’s bad enough when the kids over at Slashdot hyperventilate over a faux issue like this but others who might be expected to take a more measured view are also upset. Even Michael Krigsman over at ZDNet is jumping in recommending that Enterprises “…discontinue use of the product for applications where privacy and confidentiality are mission critical.”
Let me say it again: If you are storing sensitive information in the cloud and you don’t encrypt it then you, not the cloud provider, are guilty of negligence if that data is compromised. Krigsman is right; You shouldn’t be storing unencrypted mission critical data in the cloud but that has nothing to do with the Dropbox Terms of Service; it’s a matter of common sense and due diligence.
Update: Dropbox has once again updated their Terms of Service in an attempt to assure everyone that they have no interest in owning or using your data in any way that doesn’t involve providing the services that you ask for. It should put this silliness to rest once and for all but it probably won’t.