2015 Transparency Report

January to June 2015

Because our users trust us with their most important stuff, we’re committed to being transparent about when and how governments ask us for our users’ information. Published since 2012, our biannual report publishes the number of requests we received and how we responded. We always apply our Government Data Request Principles to every request we receive, and remain committed to giving notice to users whose data is being sought, unless prohibited by a valid court order or a state law that specifically prohibits notice.

Each time we publish our report we reevaluate the types of information we’re providing and whether it can be improved to better inform our users. This year, for the first time, our report includes requests we’ve received from governments to remove or block content from Dropbox in the past six-month period. When we receive these requests, we carefully determine whether the content should be removed because it violates a law or our Acceptable Use Policy. As is the case with government requests for user data, we notify users of requests to remove their content unless legally prohibited.

Search warrants

What Dropbox received
Number of search warrants
Accounts listed in warrants
227
338
How we responded
To each warrant
To each account listed
Does not exist
7
11
Content provided
213
280
Notice provided
120
160
No information provided
7
10

Subpoenas

What Dropbox received
Number of subpoenas
Accounts listed in subpoenas
179
430
How we responded
To each subpoena
To each account listed
Does not exist
23
75
Content provided
0
0
Non-content provided
140
228
Notice provided
106
150
No information provided
16
24

Court orders

What Dropbox received
Number of court orders
Accounts listed in orders
10
19
How we responded
To each order
To each account listed
Does not exist
1
1
Content provided
0
0
Non-content provided
9
11
Notice provided
2
3
No information provided
0
0

National security requests

National Security Process received
0-249
Accounts affected
0-249

Non-United States requests

Non-United States requests
  • France — 1
  • Germany — 2
  • Italy — 1
  • Israel — 1
  • Portugal — 1
  • Mexico — 1
7
Content or non-content provided
0

Government Removal Requests

CountryNumber of requestsNumber of accounts affectedContent blocked in response to requestContent blocked pursuant to Acceptable use PolicyNotice provided to user
Russia33123

Beyond the numbers

We know that the numbers themselves only tell part of the story, so we also wanted to highlight some additional details to provide a more complete picture.

  • All requests for content information were accompanied by a search warrant, which is the legal standard that Dropbox requires.
  • We received six pieces of legal process addressed to the wrong company that sought user information. We required law enforcement to remedy these errors before accepting these requests.
  • We received one pen register/trap and trace order, which requires a company to provide information about “dialing, routing, addressing, and signaling information”, such as IP addresses which accessed a link. In this case, however, the order specified a link that did not exist so we provided no response.

Glossary

Types of legal process that Dropbox receives

Subpoenas:  Subpoenas include any legal process from law enforcement where there is no legal requirement that a judge or magistrate review the legal process. Local, state and federal government authorities may use subpoenas in both criminal and civil cases and subpoenas are typically issued by government attorneys or grand juries. We do not produce content information in response to subpoenas.

Search warrants:  Search warrants require judicial review, a showing of probable cause, and must meet specificity requirements regarding the place to be searched and the items to be seized. Search warrants may be issued by local, state or federal governments, and may only be used in criminal cases. In response to valid search warrants, we produce non-content and content information.

Court orders:  Court orders are issued by judges and may take a variety of forms, such as a 2703(d) order under the Electronic Communications Privacy Act, in both civil and criminal cases. In response to court orders, we will not produce content information unless the court order has procedural safeguards equivalent to those of a search warrant.

National security process:  National security process includes National Security Letters (“NSLs”) and orders issued under the Foreign Intelligence Surveillance Act (“FISA orders”). We’d like to be more specific, but Dropbox is not permitted by the US government to report the exact number received.

Non-US requests:  Non-US requests include any formal legal process from a non-US government seeking user data. At this time, we require non-US governments to follow the Mutual Legal Assistance Treaty process or letters rogatory process so that a US court will issue the required US legal process to Dropbox.

Government removal requests:  Government removal requests include court orders, and written requests from law enforcement and government agencies seeking the removal of content based on the local laws of their respective jurisdictions.

Information Dropbox provides in response

Non-content:  When we provide “non-content” information in response to valid legal process, that means we provided subscriber information such as the name and email address associated with the account; the date of account creation and other transactional information like IP addresses. “Non-content” information does not include the files that people store in their Dropbox accounts.

Content:  When we provide “content” information in response to valid legal process, that means we provided the files stored in a person’s Dropbox account, in addition to non-content information.

“No information provided”:  This means that we didn’t provide any information in response to the request for one or more of the following reasons: (1) the request was duplicative of a request that we already responded to; (2) Dropbox objected to the request; (3) law enforcement withdrew the request; or (4) the request failed to specify an account.

“Account did not exist”:  This means that law enforcement specified an account in their request, but that account did not exist.

2014 Transparency Report

July to December 2014

Search warrants

What Dropbox received
Number of search warrants
Accounts listed in warrants
137
260
How Dropbox responded
To each warrant
To each account listed
Does not exist
17
104
Content and non-content produced
113
149
Notice provided
39
49
No information provided
7
7

Subpoenas

What Dropbox received
Number of subpoenas
Accounts listed in subpoenas
116
758
How Dropbox responded
To each subpoena
To each account listed
Does not exist
4
112
Content produced
0
0
Non-content produced
106
640
Notice provided
37
129
No information provided
6
6

Court orders

What Dropbox received
Court orders
2
How Dropbox responded
Account(s) did not exist
0
Content provided
0
Non-content provided
2
Notice provided
2
No information provided
0

National security requests

National Security Process received
0-249
Accounts affected
0-249

Non-United States requests

Non-United States requests
  • Australia — 1
  • Brazil — 1
  • Germany — 5
  • Finland — 1
  • France — 5
  • India — 1
  • Italy — 2
  • Malta — 1
  • Spain — 1
  • United Kingdom — 2
20
Accounts affected
0
January to June 2014

Search warrants

What Dropbox received
Search warrants
120
Accounts identified
174
How Dropbox responded
Account(s) did not exist
14
Content and non-content produced
103
Notice provided
42
No information provided
3

Court orders

What Dropbox received
Court orders
2
Accounts identified
2
How Dropbox responded
Account(s) did not exist
0
Content and non-content produced
0
Notice provided
2
No information provided
0

Subpoenas

What Dropbox received
Subpoenas
109
Accounts identified
280
How Dropbox responded
Account(s) did not exist
16
Content produced
0
Non-content produced
80
Notice provided
47
No information provided
13

National security requests

National Security Process received
0-249
Accounts affected
0-249

Non-United States requests

Non-United States requests
37
Accounts affected
0

2013 Transparency Report

January to December 2013

Search warrants

What Dropbox received
Search warrants
118
Accounts identified
172
How Dropbox responded
Account(s) did not exist
9
Content and non-content produced
104
Notice provided
42
No information provided
5

Court orders

What Dropbox received
Court orders
0
Accounts identified
0
How Dropbox responded
Account(s) did not exist
0
Content and non-content produced
0
Notice provided
0
No information provided
0

Subpoenas

What Dropbox received
Subpoenas
159
Accounts identified
401
How Dropbox responded
Account(s) did not exist
37
Content produced
0
Non-content produced
94
Notice provided
61
No information provided
28

National security requests

National Security Process received
0-249
Accounts affected
0-249

Non-United States requests

Non-United States requests
90
Accounts affected
0

2012 Transparency Report

January to December 2012

United States requests

Requests for user information
87
Accounts specified
164
Response rate
82%

Non-United States Requests

Requests for user information
<20
Accounts specified
<20
Response rate
0%*
*In 2012, Dropbox required data requests to go through the United States judicial system.