Soghoian published his findings on April 12. Starting on or before April 14, Dropbox changed that help page, and changed it again on April 23, so it now says:
A little different, eh?
Dropbox followed up on April 21, discussing employee access to encrypted data, and explaining changes to its Terms of Service Agreement, including this new TOS provision:
We may disclose to parties outside Dropbox files stored in your Dropbox and information about you that we collect when we have a good faith belief that disclosure is reasonably necessary to (a) comply with a law, regulation or compulsory legal request; (b) protect the safety of any person from death or serious bodily injury; (c) prevent fraud or abuse of Dropbox or its users; or (d) to protect Dropbox's property rights.
Yes, you read that correctly. Dropbox now asserts that it can decrypt and pass your data on to a third party if Dropfox feels it needs to do so, in order to protect its property rights.
As a result, Soghoian has filed a 16-page complaint with the U.S. Federal Trade Commission, which asks the FTC to have Dropbox admit that it can get at Dropbox data, making your data vulnerable to an attack on Dropbox's servers; require Dropbox to email its 25 million customers to warn them of the potential problem and suggest that customers encrypt their data independently; force Dropbox to refund money to people who paid for "Pro" service, if they felt they were deceived; and enjoin Dropbox from making future deceptive statements.
This article, "Dropbox caught with its finger in the cloud cookie jar," was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest business technology news, follow InfoWorld.com on Twitter.