Most U.S. government subpoenas for data on Dropbox users are accompanied with a request not to inform the user in question. Dropbox legal counsel Bart Volkmer said those gag orders are repelled unless there is a valid court order.
The revelation accompanied the release of the cloud storage service’s Transparency Report, which going forward will be released twice a year. Yesterday’s report covered January to June of this year, a period during which Dropbox received 268 requests for user information from law enforcement agencies. There were zero data request for Dropbox for Business users, the company said.
Volkmer said Dropbox received between zero and 249 national security requests.
Volkmer said Dropbox received between zero and 249 national security requests; companies are allowed to report national security requests in such ranges.
“While that number is small compared to our 300 million users, we treat all the requests we receive seriously and scrutinize them to make sure they satisfy legal requirements before complying,” Volkmer said. “We also push back in cases where agencies are seeking too much information or haven’t followed the proper procedures.”
One area where there is push-back is with requests not to inform users their data is being sought by the government. Volkmer said that gag orders accompanied 80 percent of the 109 subpoenas Dropbox received during the first six months of the year.
“Our policy is to notify users about requests for their information, so we push back in cases where an agency requests a gag order without the legal right,” Volkmer said.
Dropbox reported, also, that it received 120 search warrants on 174 accounts, and in 103 occasions it provided either content or user information. The 109 subpoenas affected 280 accounts; Dropbox said it produced user information 80 times, while never turning over content. Dropbox said government agencies rarely came knocking looking for content without a warrant.
Compared to its 2013 Transparency Report, Dropbox said the number of requests remained consistent.
“The number of requests received grew proportionately to Dropbox’s user base,” the report said.
In the meantime, Dropbox threw its support behind the Email Privacy Act and USA FREEDOM Act of 2015, which not only aims to check the government’s ability to vacuum up user data from online services such as Dropbox’s, but also would enable technology companies to be more transparent about the number of national security requests they receive.
Technology giants such as Google, Microsoft and others have argued that limitations placed on their respective ability to report on national security requests not only damages transparency efforts, but also infringes on First Amendment rights to free speech.
The Justice Department eventually conceded, giving companies reporting options for requests from the Foreign Intelligence Surveillance Court, including one option with exact numbers up to 250 requests and thereafter in bands of 250.
“We’ll push for greater openness, better laws, and more protections for your information,” Volkmer said. “We’ll continue to lend our support for these bills and for real surveillance reform around the world.”