On Saturday, Darrel Whitelaw, a designer and Dropbox user sent out a tweet that quickly caught fire on the Internet.
According to Whitelaw’s Tweet, Dropbox, which is a popular cloud storage and synchronization service, had removed content from a “personal folder” due to a DMCA request. He claimed that it raised issues about whether or not content uploaded to Dropbox was private or not.
However, that turned out to be exactly be what happened. Dropbox can be used both for private storage and for sharing files with others. Whitelaw had apparently shared a link on his dropbox to a folder that contained a copyrighted video. When he shared the link, Dropbox detected that some of the content was a match to another file that had received a Digital Millennium Copyright Act (DMCA) takedown notice and shuttered the link instantly, posting the DMCA warning.
This automated content matching is called hashing and it’s something that Dropbox has done for years. Historically though, it’s been used for de-duplication, meaning that if you and another person try to upload the same file, Dropbox only keeps one copy to save on storage costs.
But as the number of DMCA notices Dropbox received began to rise, it used the hashing system to proactively block links to infringing material. Once a file has become the subject of a DMCA notice, any future attempts to share it publicly are shut down instantly, preventing the rightsholders from having to file a second notice and also eliminating questions about whether Dropbox was complying with the DMCA, questions contributed to Megaupload’s fate.
So what exactly is Dropbox doing and is it unethical? The answer is no and, if anything, it’s a good role model for other cloud services to follow.
Hashing and Blacklisting
TechCrunch has a great explanation for how Dropbox’s system works for those who want more details. However, the basics of it are fairly simple to understand.
Every file that is uploaded to Dropbox is put through an algorithm that generates what is known as a hash. A hash is unique to each file For example, if you upload a text file of this post it would generate one hash. Add a sentence to the end and upload it again, the hash would be different.
This is just as true for a small text file as it is a large movie file.
As stated above, Dropbox uses this system to prevent the uploading of duplicate files. If you and a 1,000 other people all have the same MP3, it doesn’t make sense for Dropbox to store 1,000 copies. It can just store one and give every uploader private access to it.
However, when one user shares a public link to that file and it becomes the subject of a DMCA notice, all public links are removed. Though the file remains in the private lockers of those who upload it, no one can share the file publicly.
This file, or rather its hash, remains on a blacklist and as new users upload it and try to share it, they too find that their public links are being deactivated, usually as soon as they create them. The result is that no version of that exact file can be shared publicly again on Dropbox.
This process is very similar to the idea of “takedown and stay down”, which has been a particularly hot topic on DMCA safe harbor issues. Though many hosts claim such a system is impractical, Dropbox shows that not only is it possible for some hosts, but it can be very effective.
Some Key Points to Remember
There are several key points to remember about the way Dropbox handles these automated takedowns:
- Only Applies to Shared Documents: It only applies to documents that are shared. You are free to have all of the pirated and infringing content you want in your private locker, so long as you do not attempt to share it.
- No Documents Are Actually Deleted: Documents are not actually deleted, that would remove them from private drives. Instead, shared access to them is deleted, meaning that no one other than the original uploader(s) can access them.
- This is Done Without Snooping: Dropbox doesn’t need to know what is in the files, just that the file matches a hash on a blacklist. No one at Dropbox is looking into user accounts to remove infringements.
In short, everything Dropbox is doing is above boards and it’s things they have been doing for years now. None of this is new.
This is, simply put, an example of a narrative running off and gaining a lot of traction. It a narrative that even Whitelaw himself says is not the case.
The Silver Lining
While it’s always unfortunate when a person or a company gets unfairly maligned, even when they are eventually cleared, the case has been a useful one as it’s drawn a great deal of attention to Dropbox’s DMCA process and most of that attention has been in a positive light.
But perhaps what is most interesting about it is that Dropbox has been able to turn itself into one of the largest and most popular cloud storage/hosting companies with a DMCA policy that is very proactive on copyright issues.
Dropbox is proof that it is possible to build a cloud hosting service that takes copyright issues seriously. While it is just one example and one company, so it is not necessarily relevant to others, in a time where many file hosting services hide behind the DMCA and take only minimal steps to deal with infringement, Dropbox is a company that stands out for both having a strong copyright stance and being a great success.
However, it could be argued that Dropbox’s success is not in spite of its copyright policies, but in part because of them. Dropbox avoids many of the DMCA headaches that competitors see and, by being less of a haven for pirated works, it’s more appealing to enterprise customers, which has been the company’s focus.
In short, Dropbox has a very specific brand for itself and it’s a brand that is incompatible with piracy. Thus, it’s copyright efforts have done far more to help it than hurt it.
The main thing to remember is that Dropbox’s DMCA policy does not invade anyone’s privacy, it doesn’t delete private files, isn’t new and doesn’t do anything unethical. Instead, all it does is block the sharing of works that have already been the subject of a DMCA notice and it does it in a way that doesn’t require anyone to look at the files.
While this type of system likely won’t work for all hosts of all types, it’s worked very well for Dropbox, even giving them several advantages, and can work well for similar companies.
Still, the (temporary) frenzy over Dropbox’s DMCA process does show just how sensitive these issues are and it does provide a reminder that, whatever their policy is, they need to be transparent about it.
While Dropbox was able to turn the public relations disaster around quickly, other companies might not be so lucky, even if they too aren’t doing anything unethical at all.