I would be cautious in making the conclusions. Technically, it's quite trivial to implement precisely what you say is impossible.
How: give the private key of an RSA keypair to US Govt; use the public key of that keypair on the clientside to encrypt the key that is used for the symmetric encryption of the contents of the file.
The employee on the other end will be able to see the metadata, but he will not be able to access the contents.
The authorized government agent, on the other hand, would be able to read the file - he will have to subpoena dropbox to get the encrypted file data, and RSA-encrypted bulk encryption key, which they decrypt on their side.
What do you think ?
(As for my 2 cents on the story - someone claiming to be concerned with security who is not performing their own encryption of the data using the standard algorithms, tools and processes needs to rethink how concerned they are really).
It could be even simpler: Dropbox's admin interfaces for employees may simply not reveal data that could technically be revealed.
When I started my own law practice, my partners insisted that "everything must be encrypted" so that no third parties would have access to see any files. I had a feeling my partners were parroting this requirement and didn't really understand how security works. I tried to explain the pros and cons of this approach, but my warnings fell on deaf ears; the requirement was absolutely total encryption of all file data so that no third party could even theoretically peek at our data.
So, I set up JungleDisk backups to S3 with a key that only I knew about. This was an awesome solution that cost a few bucks per user per month.
Not long afterward, one of my partners insisted on having his home PC and his laptop synced. At the time, JungleDisk didn't offer syncing.
Sure enough, a few weeks later, I find out that the same guy who insisted I encrypt everything was secretly using Dropbox to sync his files. (I won't even get into the fact that he was backing up his sync folder to my JD solution!)
In summary, idiots are idiots, and security is often misunderstood.
By the way, I'm no longer working with people who fail to understand security, and we've got what I suspect are the most innovative, cost-effective and secure backups at any law firm in the world.
"Dropbox's admin interfaces for employees may simply not reveal data that could technically be revealed"
This is not the same as "is not accessible to employees". Interfaces are just that. There are quite a few very sharp developers at Dropbox if reputations are to be believed. I don't think an interface is a sufficient control.
Sharp developers != sharp developers who understand how to properly implement security into product.
I think it's been shown multiple times that smarts devs that do not do security all the time still are susceptible to making mistakes about security. IMO, this is one of those cases.
Miguel is right in calling for an audit but even better, Dropbox could just ask for help. I'm sure any number of savvy HN peeps would be happy to help.
Dropbox keeps your encryption key somewhere. They say that (a) the files stored with them are encrypted and (b) you don't have the decryption key. Conclusion: they have your plain-text key. Thus it is theoretically possible. I take their statement that their employees cannot view your files as "their employees are not allowed to view your files" with some basic precautions surrounding this. However, whoever wrote the code for revealing the plain-text key to the server when you request a file should be smart enough to figure out how to fake being that server.
Yes, I think this is exactly right. The key can be in some sort of 'escrow' where it is not accessible to DropBox employees, but accessible to the government upon subpoena.
How: give the private key of an RSA keypair to US Govt; use the public key of that keypair on the clientside to encrypt the key that is used for the symmetric encryption of the contents of the file.
The employee on the other end will be able to see the metadata, but he will not be able to access the contents.
The authorized government agent, on the other hand, would be able to read the file - he will have to subpoena dropbox to get the encrypted file data, and RSA-encrypted bulk encryption key, which they decrypt on their side.
What do you think ?
(As for my 2 cents on the story - someone claiming to be concerned with security who is not performing their own encryption of the data using the standard algorithms, tools and processes needs to rethink how concerned they are really).