When the first stories about how Dropbox’s employees actually had access to your data’s encryption keys and could decrypt your data or, even worse, deliver it to anyone with a court order, I wasn’t worried. Given that I could share a folder with another user without giving that user the encryption key, I knew the encryption keys had to be available to Dropbox to enable that feature. As Bruce Schneier said in his blog, "If you expect a cloud provider to do anything more interesting than simply store your files for you and give them back to you at a later date, they are going to have to have access to the plaintext."
In fact, I knew that cloud storage providers and online backup vendors weren’t able to take advantage of data deduplication because their users encrypted their data with private encryption keys, which would encrypt the several thousand copies of the latest Lady Gaga CD that thousands of separate users must have backed up to Mozy or Carbonite into thousands of very different files. Dropbox could offer 2 GBytes of space free, even though it had to pay Amazon 20 or 30 cents a month to store it, in part because its costs were reduced by deduplication.
I accepted that Dropbox could access my data and that it had access controls that prevented such a thing from happening on a regular basis. Just as I accept that my email on Goggle Apps is accessible by someone at Google if it really wants it. That was within my range of acceptable risk, and I kept using Dropbox. Yeah, I figured the company probably misled some folks into thinking its system was more secure than it really was, but I wasn’t one of them, so I kept using Dropbox.
Then came the revelation that Dropbox had screwed up its software so badly that for a four-hour period you could log into any Dropbox account with any password. That’s right--it basically turned off user authentication for four hours. That, as they say, is the last straw.
I’m not vain enough, or involved in serious enough illegality, that I’m worried about random people, or random law enforcement officers, deciding to rummage through my Dropbox looking for something valuable. I don’t keep my password file, finances or other sensitive personal data there, though I do back that data up to Crashplan Central using an encryption key known only to me and stored on USB thumbdrives in several safe places.
My problem is that, as an analyst, I sign non-disclosure agreements like they’re going out of style, and I am required to take reasonable care to secure the secrets my clients trust me with. Dropbox just isn’t feeling reasonable anymore.
So, I’m off looking for a new sync provider that takes security a little more seriously than Dropbox. My first stop will be Sugar Sync, but I’m willing to take suggestions, if you have any.