Dropbox Backpedals After Cloud Data Ownership Gaffe
Andrew R. Hickey
Dropbox has made sweeping changes to its terms and conditions, likely as a result of a security lapse in which an authentication bug made all users' Dropbox accounts accessible with any password for more than four-hours late last month.
But Dropbox quickly changed the language of some of its revised terms and conditions after the company stated that it has certain ownership rights over customer data.
Originally, Dropbox wrote: "By submitting your stuff to the Services, you grant us (and those we work with to provide the Services) worldwide, non-exclusive, royalty-free, sublicenseable rights to use, copy, distribute, prepare derivative works (such as translations or format conversions) of, perform, or publicly display that stuff to the extent reasonably necessary for the Service."
The updated terms of service, which was e-mailed to all Dropbox users, sent shockwaves through the user community.
"I'm deleting my account as I write this. I do not grant 'worldwide, non-exclusive, royalty-free, sublicenseable rights to use, copy, distribute, prepare derivative works' of my private documents, my work documents, my tax returns, my 1Password database, or any of my private files. I could accept this for what I put in my 'Public' folder, but I will not grant such license for my private files," wrote one angered Dropbox user on Dropbox's user forums.
Dropbox founders Drew Houston and Arash Ferdowsi quickly updated a blog post regarding the new terms and conditions in hopes of calming the firestorm.
In the first update, the Dropbox founders wrote: "You retain ownership of your stuff. You are solely responsible for your conduct, the content of your files and folders, and your communications with others while using the Services." They added that users only grant Dropbox license to use customer data "solely to enable us to technically administer, display and operate the services."
In a second blog post update, Houston and Ferdowsi clarified further: "We want to be 100 percent clear that you own what you put in your Dropbox. We don't own your stuff. And the license you give us is really limited. It only allows us to provide the service to you. Nothing else."
Dropbox's cloud data ownership backpedalling follows a rough several weeks for the cloud storage start-up, which in the wake of the authentication bug snafu also became the target of a class action lawsuit surrounding Dropbox's security lapse.
In the suit, filed in U.S. District Court in San Francisco, angered Dropbox user Cristina Wong of Los Angeles claimed she didn't hear about Dropbox's authentication bug and her data's potential exposure until reading about it well after the fact. The suit also claims Dropbox was negligent and that the glitch was an invasion of privacy and that Dropbox violated the California Unfair Competition Law and makes a claim of invasion of privacy and negligence.
Dropbox, meanwhile, held pat and said that less than 100 of its roughly 25 million users' accounts were accessed during the security lapse and none were accessed maliciously. Those users have been notified, Dropbox said.