I am interested in security and encryption in cloud backup and I think the recent Dropbox security failure raises some challenging questions.
Dropbox claimed that not even company employees can gain access to the data in user accounts and says that it uses Ďmodern encryption methodsí so that data is available only to users and that online access requires a user name and password. Apparently employees arenít able to access user files, and when troubleshooting an account they only have access to file metadata (filenames, file sizes, etc., not the file contents).
However, Dropbox recently changed its terms of service to incorporate the fact that the company will comply with a valid legal order to turn over user data. If employees arenít able to access user files then how can they unencrypt files to give to the government, if that becomes necessary? Employees forbidden by company policy rather than physically prevented from access from looking at file contents.
I would therefore like to ask forum users whether they think the recent DropBox security failure and also this change in terms and conditions raised awareness of cloud storage security amongst end users?