More on Dropbox security

A reader directed my attention to the fact that Dropbox now says that the data stored on its servers is encrypted. This is good news, but it does not completely resolve lawyers’ security/confidentiality concerns.

The crux of the issue here is who controls the keys to decrypt the data on Dropbox’s servers. Dropbox’s security policy is clear: they manage the keys. For lawyers (or anyone concerned about privacy), there are three potential bogeys in this situation:

  • The outside bad guy who wants to break in and steal your data for whatever reason.
  • The Dropbox employee who wants to steal your data (again, for whatever reason).
  • The person presenting a court order or subpoena requiring Dropbox to turn over your data.

In each of these scenarios, the data starts off encrypted. When the outside bad guy tries to review your data, he will get nothing but the unreadable gibberish that is your encrypted data. Bad guy is defeated, and all is well with the world.

When the Dropbox employee wants to steal your data, the question I have is how easily can the employee get the keys to decrypt the data? If there are systems in place to limit employee access to the decryption keys (perhaps multiple authorizations from key managers coupled with logging of access attempts and active monitoring), then the rogue employee is probably going to be defeated. Dropbox users are happy. But if the employee can easily decrypt data and cover his or her tracks, Dropbox users are not happy. I would like to assume that Dropbox has carefully planned systems in place, but one can never assume anything. I’d be surprised if they didn’t, but even then no system is 100% secure.

The most problematic scenario is the third one, where someone appears with a court order or subpoena requiring Dropox to turn over the data. In this instance, Dropbox can decrypt the data and turn it over. For lawyers, the Rules of Professional Conduct (or their equivalent in a particular jurisdiction) severely limit what information we can disclose and under what circumstances. We have an ethical duty to object to disclosure—but if we are unaware of the subpoena or court order, we do not have that opportunity. If Dropbox notifies us of the subpoena or court order so we can appear and raise the confidentiality/privilege objection, then we’re probably fine.

Still, the worry here is that Dropbox has the ability to decrypt the data (with or without notice). The best security philosophy is TNO: Trust No One. The wisest practice is to never allow a third party service provider to manage the decryption keys when it comes to client data. In a practical sense, Dropbox’s encryption is probably “good enough,” but it comes with a risk of disclosure. The risk may be small, but it still exists.

For lawyers, the bottom line is this: how much risk are you willing to take in exchange for the convenience of Dropbox? It’s not always easy to find the right balance, and lawyers of reasonable minds can disagree about which balance is right. For routine client data and documentation, Dropbox’s security policy is probably fine. But for more sensitive client information, I would still prefer encryption where I can manage the keys.


5 thoughts on “More on Dropbox security

  1. Nothing stops you from storing sensitive files within an encrypted volume in your Dropbox folder. OS X can do this natively with its Disk Utility (an encrypted Sparse Disk is perfect), and TrueCrypt is a great open source, cross platform, and free option for making encrypted virtual disks. All Dropbox staff or hackers could obtain would be the encrypted volume, which is useless without your encryption password. Of course this does mean you can’t get those files from the mobile Dropbox apps etc for the same reasons, and you should only have the encrypted volume open on one computer at a time.

    1. Very true. The only gripe I have about putting an encrypted item in my Dropbox folder is that at present there are no iOS (or Android, so far as I know) TrueCrypt or other decryption apps for the mobile devices.

      So, for now, Dropbox serves as a convenient bridge for moving files to my iPad. Once they are on the iPad, I move them out of my Dropbox folder and re-sync.

      Thanks for commenting!

  2. Two things. SecretSync (although no iOS option there) which is easier than Truecrypt from what I hear. It’s basically just another folder. Like dropbox within a dropbox. And you control the keys. But don’t lose that key 😉

    Secondly. Is this any more risky than allowing a cleaning company to rummage through your office?

    1. Thanks for your observation and info, Joseph. I played with SecretSync a little bit and liked it, but the lack of an iOS option was a deal-breaker for me.

      The question about a cleaning company having access to the office is a good one. I think lawyers have to make a decision for themselves. Option one is to say that the practical obscurity created by zillions of servers and files on Dropbox means that the security is good enough, even if not perfect. The other option is to say that nothing less than perfect controlled security is acceptable. Lawyers who feel the second option is appropriate are those who will also have “clean desk” policies in their firm: at the end of the business day, all files and client materials are returned to secured storage.

      The Rules of Professional Conduct require a lawyer to take reasonable steps to safeguard client information. What is reasonable will depend on the circumstances (client info regarding children of a marriage—names and ages—and income in a divorce is less sensitive than a client’s trade secrets). Reasonable minds can disagree about whether certain steps are reasonable.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s