Dropbox was asked not to inform users of 80% of its government data requests

By Nathaniel Mott , written on September 11, 2014

From The News Desk

[Dropbox CEO Drew Houston]

Dropbox has published a transparency report covering the period between January and July 2014, and it contains a surprising statistic: around 80 percent of the information requests it receives from law enforcement ask the company not to inform users about the requests.

The secrecy with which the government asks tech companies to share information about people has been a key issue since the National Security Agency's surveillance programs were revealed in 2013, with numerous reports claiming that the government prevents tech companies from telling consumers when their information is being gathered in the process of an investigation.

Many companies have attempted to protect their interests by revealing what little information they can about law enforcement's data requests in "transparency reports" like this one, but the public is still largely unaware of just how much of their information has been accessed by the government. Even the tech companies themselves may be unaware of the problem's extent:

Many of the leaks published by the Guardian, the New York Times, the Washington Post, and ProPublica over the last few months show that companies might not even be aware of everything the government is doing to access their data. The US National Security Agency can reportedly infiltrate Google’s data through a program called MUSCULAR. Upon hearing of this program, Google engineers “exploded in profanity” and others issued a “giant Fuck You” to the NSA on their Google+ profiles.

How could these companies disclose such programs in their transparency reports — even if the current restrictions are lifted — if they are unaware of them in the first place? Vodafone raised similar concerns when it released a transparency report revealing that many European countries have direct access to its data centers. It said in the report that it can't reveal much information on its own without endangering employees; instead, it suggested that various governments should release their own reports instead of relying on private companies to do so:

In our view, inconsistent publication of statistical information by individual operators amounts to an inadequate and unsustainable foundation for true transparency and public insight. There is a substantial risk that the combination of widely varying methodologies between operators (leading to effectively irreconcilable raw numbers) and the potential for selective withholding of certain categories of agency and authority demand (for reasons which may not themselves be fully transparent) would act as a significant barrier to the kind of meaningful disclosure sought by the public in an increasing number of countries.
Dropbox's transparency report is a stark reminder of just how little we still know about what information law enforcement seeks from tech companies more than a year after many of the government's surveillance programs were first revealed. It's also the perfect opportunity to discuss the company's decision to appoint Condoleezza Rice, the former Secretary of State, to its board of directors earlier this year, given Rice's fondness for warrantless wiretapping.

Rice offers Dropbox the chance to learn more about the government's surveillance programs and bridge the gap between tech companies and the federal government. (Not that tech has had a problem with finding its way into governmental roles, as shown by the ascension of ex-Google vice president Megan Smith to the role of the US's "chief technology officer" earlier this month.) As Pando's David Holmes wrote when Rice's appointment to Dropbox's board was announced,

[T]the addition of Rice to the board could help Dropbox better navigate the thorny privacy issues that came to light after Edward Snowden leaked a trove of classified NSA documents. In many cases, from the NSA’s deliberate attempts to weaken encryption to its infiltration of Google and Yahoo’s data center links, the government often has the means to access data with or without these companies’ knowledge. By creating more opportunities for direct dialogue between the government and Dropbox, Rice’s appointment may potentially allow the interests of Dropbox’s customers to play a greater role in discussions over when data should be turned over to authorities and when it should not.
Maybe that will happen eventually. Until then, the government is still asking Dropbox to cover its tracks while it attempts to gather as much information as it possibly can about essentially anyone with an Internet connection.

[Image courtesy Hubert Burda Media]