Why SpiderOak is a Better Choice for Lawyers than Dropbox

 

The hytechlawyer has been a fan of SpiderOak for quite some time.  In this month’s SpiderOak Newsletter, the company explains why SpiderOak is the superior choice from a privacy perspective– because it is always encrypted even if the data is leaked by negligence, intercepted or compelled to be produced by legal process, etc. SpiderOak also reasserts its focus on maintaining customer privacy in an update to its privacy policy.

_____________________________________________

“SpiderOak June 2012 Newsletter
Posted by Linzi Oliver at Jun 27, 2012 8:54 AM.
SAFE & SECURE
YOUR RIGHT TO PRIVACY

Judging by the popularity of criminal investigation and justice TV shows, it’s safe to say our society loves courtroom drama. In real life, although rare, we do receive a request from a law enforcement agency asking us to supply them details about a users. We publish the number of times this happens along with more information in our transparency report. Most of the time, the request isn’t even accompanied by a subpoena. The truth is, some companies immediately give the agents whatever they are requesting without making them go through due process. At SpiderOak however, when we get a request like this, we always tell them we only give user data in response to a subpoena from a court with proper jurisdiction. We also inform them of our Zero-Knowledge Privacy Policy which means our users’ data is encrypted such that we can’t decrypt it. Furthermore, unless they have the user’s encryption keys, they won’t be able to either. To date, this has always concluded the inquiry. In the event we need to comply with a subpoena we would notify the user prior to disclosure unless prohibited from doing so by statute or court order. To make this step more official we recently added this clause to our privacy policy. While the inside of a courtroom looks exciting on a late-night episode of Law & Order, we have yet to make any appearances.”

SpiderOak Privacy Policy Update
____________
Compare this to a DropBox Scenario– DropBox employees can access your data or be forced by legal process to turn over your data unencrypted– in fact, that is DropBox’s policy.   In contrast, data stored on SpiderOak is encrypted and inaccessible without your key– which is maintained on your computer.

DropBox’s Terms of Service provide in pertinent part:

“To be clear, aside from the rare exceptions we identify in our Privacy Policy, no matter how the Services change, we won’t share your content with others, including law enforcement, for any purpose unless you direct us to. How we collect and use your information generally is also explained in our Privacy Policy.”   So far sounds good– huh?– but read on–

The DropBox Privacy Policy provides in pertient part:

“Compliance with Laws and Law Enforcement Requests; Protection of DropBox’s Rights. We may disclose to parties outside Dropbox files stored in your Dropbox and information about you that we collect when we have a good faith belief that disclosure is reasonably necessary to (a) comply with a law, regulation or compulsory legal request; (b) protect the safety of any person from death or serious bodily injury; (c) prevent fraud or abuse of DropBox or its users; or (d) to protect Dropbox’s property rights. If we provide your Dropbox files to a law enforcement agency as set forth above, we will remove Dropbox’s encryption from the files before providing them to law enforcement. However, Dropbox will not be able to decrypt any files that you encrypted prior to storing them on Dropbox.”

Note that DropBox does not state that it will inform the customer before producing his or her data.  Thus, the customer does not have any opportunity to challenge the production. To add insult to injury, DropBox will decrypt the files when they produce the data.

So compare and contrast: SpiderOak gives customers notice of any attempt to compel production of their data [unless prohibitied by law], and even on the rare occasion where the data is produced, it remains encrypted.   SpiderOak cannot decrypt the data  it even if legally ordered to do so.   DropBox’s Privacy Policy, on the other hand,  does not indicate that it provides notice to its cutomers of requests for production and acknowledges that data is producted decrypted.   If you are concerned about privacy– and all lawyers should be– SpiderOak is the obvious privacy choice.


Leave a Reply

Your email address will not be published. Required fields are marked *


+ nine = 14


*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>