2015 Transparency Report

July to December 2015

Because our users trust us with their most important stuff, we’re committed to being transparent about when and how governments ask us for our users’ information. Published since 2012, our biannual report publishes the number of requests we received and how we responded. We always apply our Government Data Request Principles to every request we receive, and remain committed to giving notice to users whose data is being sought, unless prohibited by a valid court order or a state law that specifically prohibits notice.

Each time we publish our report, we reevaluate the types of information we’re providing to see how we can be more transparent. This time, we’ve broken out the US requests we’ve received on a state-by-state basis to shed some light on where the requests are coming from.

Search warrants

What Dropbox received
Number of search warrants
Accounts listed in warrants
348
421
How we responded
To each warrant
To each account listed
Does not exist
17
1
Content provided
328
418
Notice provided
203
267
No information provided
3
2

Subpoenas

What Dropbox received
Number of subpoenas
Accounts listed in subpoenas
206
250
How we responded
To each subpoena
To each account listed
Does not exist
29
3
Content provided
0
0
Non-content provided
170
232
Notice provided
113
160
No information provided
7
15

Court orders

What Dropbox received
Number of court orders
Accounts listed in orders
11
9
How we responded
To each order
To each account listed
Does not exist
2
0
Content provided
0
0
Non-content provided
9
9
Notice provided
2
2
No information provided
0
0

US Government Requests by Location*

AK
2
AL
11
AR
1
AZ
27
CA
70
CO
8
CT
3
DC
6
DE
2
FL
48
GA
8
HI
0
IA
6
ID
6
IL
21
IN
5
KS
6
KY
7
LA
9
MA
9
MD
28
ME
1
MI
29
MN
16
MO
7
*Includes both requests from state law enforcement agencies and federal agencies with in-state offices.

 

MT
1
NC
5
ND
1
NE
3
NH
0
NJ
12
NM
4
NV
9
NY
26
OH
12
OK
1
OR
4
PA
13
RI
5
SC
6
SD
2
TN
10
TX
49
UT
7
VA
32
WA
15
WI
7
WV
4
WY
2
Total
566

National security requests

National Security Process received
0-249
Accounts affected
0-249

Non-United States requests

Non-United States requests
  • Australia — 1
  • Germany — 2
  • Italy — 1
4
Content or non-content provided
0

Government Removal Requests

CountryNumber of requestsNumber of accounts affectedContent blocked in response to requestContent blocked pursuant to Acceptable use PolicyNotice provided to user
Russia3131000

Beyond the numbers

We know that the numbers themselves only tell part of the story, so we also wanted to highlight some additional details to provide a more complete picture.

  • We did not receive any orders issued under the authority of the United States All Writs Act of 1789.
  • All requests for content information were accompanied by a search warrant, which is the legal standard that Dropbox requires.
  • We received one piece of legal process incorrectly addressed to the wrong company, but that sought Dropbox user information. We required law enforcement to remedy this error before accepting this request.
  • We received one court-ordered pen register/trap and trace order (PRTT), which required our production of IP addresses for a specified period of time after the service of the order. We did not notify the user because the court order disallowed disclosure.
  • In proportion to its population, Washington, DC had the highest number of law enforcement requests, followed by Rhode Island, Maryland, and Arizona.

Glossary

Types of legal process that Dropbox receives

Subpoenas:  Subpoenas include any legal process from law enforcement where there is no legal requirement that a judge or magistrate review the legal process. Local, state and federal government authorities may use subpoenas in both criminal and civil cases and subpoenas are typically issued by government attorneys or grand juries. We do not produce content information in response to subpoenas.

Search warrants:  Search warrants require judicial review, a showing of probable cause, and must meet specificity requirements regarding the place to be searched and the items to be seized. Search warrants may be issued by local, state or federal governments, and may only be used in criminal cases. In response to valid search warrants, we produce non-content and content information.

Court orders:  Court orders are issued by judges and may take a variety of forms, such as a 2703(d) order under the Electronic Communications Privacy Act, in both civil and criminal cases. In response to court orders, we will not produce content information unless the court order has procedural safeguards equivalent to those of a search warrant.

National security process:  National security process includes National Security Letters (“NSLs”) and orders issued under the Foreign Intelligence Surveillance Act (“FISA orders”). We’d like to be more specific, but Dropbox is not permitted by the US government to report the exact number received.

All Writs Act Orders:  All Writs Act Orders are issued by United States judges with authority from the All Writs Act of 1789. The statute gives courts the power to “issue all writs necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law.”

Non-US requests:  Non-US requests include any formal legal process from a non-US government seeking user data. At this time, we require non-US governments to follow the Mutual Legal Assistance Treaty process or letters rogatory process so that a US court will issue the required US legal process to Dropbox.

Government removal requests:  Government removal requests include court orders, and written requests from law enforcement and government agencies seeking the removal of content based on the local laws of their respective jurisdictions.

Information Dropbox provides in response

User Notice:  Anytime we receive a request from law enforcement for a user’s information, we notify the user unless we are legally prohibited from doing so. We send an email to the user, with the type of request, when we received it, what information it requests, and when we plan to comply. This gives the user an opportunity to object if appropriate. In limited cases we delay notice to the user until after we have complied, and in those cases we note the date we produced user records.

Non-content:  When we provide “non-content” information in response to valid legal process, that means we provided subscriber information such as the name and email address associated with the account; the date of account creation and other transactional information like IP addresses. “Non-content” information does not include the files that people store in their Dropbox accounts.

Content:  When we provide “content” information in response to valid legal process, that means we provided the files stored in a person’s Dropbox account, in addition to non-content information.

“No information provided”:  This means that we didn’t provide any information in response to the request for one or more of the following reasons: (1) the request was duplicative of a request that we already responded to; (2) Dropbox objected to the request; (3) law enforcement withdrew the request; or (4) the request failed to specify an account.

“Account did not exist”:  This means that law enforcement specified an account in their request, but that account did not exist.

2015 Transparency Report

January to June 2015

Search warrants

What Dropbox received
Number of search warrants
Accounts listed in warrants
227
338
How we responded
To each warrant
To each account listed
Does not exist
7
11
Content provided
213
280
Notice provided
120
160
No information provided
7
10

Subpoenas

What Dropbox received
Number of subpoenas
Accounts listed in subpoenas
179
430
How we responded
To each subpoena
To each account listed
Does not exist
23
75
Content provided
0
0
Non-content provided
140
228
Notice provided
106
150
No information provided
16
24

Court orders

What Dropbox received
Number of court orders
Accounts listed in orders
10
19
How we responded
To each order
To each account listed
Does not exist
1
1
Content provided
0
0
Non-content provided
9
11
Notice provided
2
3
No information provided
0
0

National security requests

National Security Process received
0-249
Accounts affected
0-249

Non-United States requests

Non-United States requests
  • France — 1
  • Germany — 2
  • Italy — 1
  • Israel — 1
  • Portugal — 1
  • Mexico — 1
7
Content or non-content provided
0

Government Removal Requests

CountryNumber of requestsNumber of accounts affectedContent blocked in response to requestContent blocked pursuant to Acceptable use PolicyNotice provided to user
Russia33123

2014 Transparency Report

July to December 2014

Search warrants

What Dropbox received
Number of search warrants
Accounts listed in warrants
137
260
How Dropbox responded
To each warrant
To each account listed
Does not exist
17
104
Content and non-content produced
113
149
Notice provided
39
49
No information provided
7
7

Subpoenas

What Dropbox received
Number of subpoenas
Accounts listed in subpoenas
116
758
How Dropbox responded
To each subpoena
To each account listed
Does not exist
4
112
Content produced
0
0
Non-content produced
106
640
Notice provided
37
129
No information provided
6
6

Court orders

What Dropbox received
Court orders
2
How Dropbox responded
Account(s) did not exist
0
Content provided
0
Non-content provided
2
Notice provided
2
No information provided
0

National security requests

National Security Process received
0-249
Accounts affected
0-249

Non-United States requests

Non-United States requests
  • Australia — 1
  • Brazil — 1
  • Germany — 5
  • Finland — 1
  • France — 5
  • India — 1
  • Italy — 2
  • Malta — 1
  • Spain — 1
  • United Kingdom — 2
20
Accounts affected
0
January to June 2014

Search warrants

What Dropbox received
Search warrants
120
Accounts identified
174
How Dropbox responded
Account(s) did not exist
14
Content and non-content produced
103
Notice provided
42
No information provided
3

Court orders

What Dropbox received
Court orders
2
Accounts identified
2
How Dropbox responded
Account(s) did not exist
0
Content and non-content produced
0
Notice provided
2
No information provided
0

Subpoenas

What Dropbox received
Subpoenas
109
Accounts identified
280
How Dropbox responded
Account(s) did not exist
16
Content produced
0
Non-content produced
80
Notice provided
47
No information provided
13

National security requests

National Security Process received
0-249
Accounts affected
0-249

Non-United States requests

Non-United States requests
37
Accounts affected
0

2013 Transparency Report

January to December 2013

Search warrants

What Dropbox received
Search warrants
118
Accounts identified
172
How Dropbox responded
Account(s) did not exist
9
Content and non-content produced
104
Notice provided
42
No information provided
5

Court orders

What Dropbox received
Court orders
0
Accounts identified
0
How Dropbox responded
Account(s) did not exist
0
Content and non-content produced
0
Notice provided
0
No information provided
0

Subpoenas

What Dropbox received
Subpoenas
159
Accounts identified
401
How Dropbox responded
Account(s) did not exist
37
Content produced
0
Non-content produced
94
Notice provided
61
No information provided
28

National security requests

National Security Process received
0-249
Accounts affected
0-249

Non-United States requests

Non-United States requests
90
Accounts affected
0

2012 Transparency Report

January to December 2012

United States requests

Requests for user information
87
Accounts specified
164
Response rate
82%

Non-United States Requests

Requests for user information
<20
Accounts specified
<20
Response rate
0%*
*In 2012, Dropbox required data requests to go through the United States judicial system.