For years now, Internet users have accepted the risk of files and content they share through various online services being subject to takedown requests based on the Digital Millennium Copyright Act (DMCA) and/or content-matching algorithms. But users have also gotten used to treating services like Dropbox as their own private, cloud-based file storage and sharing systems, facilitating direct person-to-person file transfer without having to worry.
This weekend, though, a small corner of the Internet exploded with concern that Dropbox was going too far, actually scanning users’ private and directly peer-shared files for potential copyright issues. What’s actually going on is a little more complicated than that, but it shows that sharing a file on Dropbox isn’t always the same as sharing that file directly from your hard drive over something like e-mail or instant messenger.
The whole kerfuffle started yesterday evening, when one Darrell Whitelaw tweeted a picture of an error he received when trying to share a link to a Dropbox file via IM. The Dropbox webpage warned him and his friend that “certain files in this folder can’t be shared due to a takedown request in accordance with the DMCA.”
Whitelaw freely admits that the content he was sharing was a copyrighted video, but he still expressed surprise that Dropbox was apparently watching what he shared for copyright issues. “I treat [Dropbox] like my hard drive,” he tweeted. “This shows it’s not private, nor mine, even though I pay for it.”
In response to follow-up questions from Ars, Whitelaw said the link he sent to his friend via IM was technically a public link and theoretically could have been shared more widely than the simple IM between friends. That said, he noted that the DMCA notice appeared on the Dropbox webpage “immediately” after the link was generated, suggesting that Dropbox was automatically checking shared files somehow to see if they were copyrighted material rather than waiting for a specific DMCA takedown request.
Dropbox did confirm to Ars that it checks publicly shared file links against hashes of other files that have been previously subject to successful DMCA requests. “We sometimes receive DMCA notices to remove links on copyright grounds,” the company said in a statement provided to Ars. “When we receive these, we process them according to the law and disable the identified link. We have an automated system that then prevents other users from sharing the identical material using another Dropbox link. This is done by comparing file hashes.”