Published since 2012, our biannual report makes public the number of requests we receive and how we respond.
What Dropbox received
Search warrants require a showing of probable cause, must meet specificity requirements regarding the location to be searched and the items to be seized, and must be reviewed and signed by a judge or magistrate. Search warrants may be issued by local, state, or federal governments, and may only be used in criminal cases. In response to valid search warrants, we may produce non-content and content information.
What Dropbox received
Unlike a search warrant, a subpoena only allows access to basic subscriber information. Subpoenas do not require judicial review and are typically issued by government attorneys or grand juries. We do not provide content information in response to subpoenas.
What Dropbox received
Court orders are issued by judges and may take a variety of forms, such as a 2703(d) order under the Electronic Communications Privacy Act. We do not provide content information in response to court orders.
What Dropbox received
National security process includes National Security Letters and orders issued under the Foreign Intelligence Surveillance Act. We received between 0 and 249 requests. We’d like to be more specific, but Dropbox is not permitted by the US government to report the exact number received.
What Dropbox received
A preservation request is a government request to preserve user data pending the receipt of formal legal process. When we receive these requests, we will temporarily retain a snapshot of the relevant user data for 90 days, but we do not disclose user data in response to preservation requests. To obtain preserved data, valid legal process is required.
What Dropbox received
Dropbox may voluntarily disclose information to law enforcement if we have a good faith belief that someone is at imminent risk of death or serious physical injury and we have information which may help prevent the threat. We require that law enforcement provides a written summary of the emergency and explanation of how the information requested will assist them in preventing the emergency. Every emergency disclosure request is carefully scrutinized on a case by case basis to determine if the standard for disclosure has been met, and if so, any information disclosed is limited to that which would avert or mitigate the emergency. Dropbox receives emergency disclosure requests for user data from law enforcement around the world.
What Dropbox Received
Pen Registers or Trap and Trace orders (“PRTTs”) are court orders that authorize the government to obtain certain non-content information (specifically, dialing, routing, addressing, and signaling information relating to communications) of a specific account on a prospective basis for a period of up to 60 days.
What Dropbox received
Government removal requests include court orders and written requests from law enforcement and government agencies seeking the removal of content from accounts based on the local laws of their respective jurisdictions.
“No action taken” may be due to circumstances where we were not able to review the content because the link provided to us was invalid or the content no longer existed, or where, upon review, the content was found not to violate our Acceptable Use Policy.
A note about international requests
International requests include any formal legal process from a non-US government seeking user data. At this time, we accept US and Irish government requests. We may also respond to requests made pursuant to international agreements on legal cooperation in criminal matters, including Mutual Legal Assistance Treaties or letters rogatory.
“Account did not exist”: The identifiers provided in the request were not associated with valid Dropbox accounts.
All Writs Act Orders: All Writs Act Orders are issued by United States judges pursuant to the All Writs Act of 1789. The statute gives courts the power to “issue all writs necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law.”
Content: Content refers to the content of communications, which includes any information concerning the substance, purport, or meaning of the communication. It includes the files stored in a person’s Dropbox account and the filenames associated with those files. A search warrant is required to compel the production of content. Often, search warrants will also seek basic subscriber information or other non-content records, in addition to the content of communications.
Emergency disclosure requests: Dropbox may voluntarily disclose information to law enforcement if we have a good faith belief that someone is at imminent risk of death or serious physical injury and we have information that may help prevent the threat. We require that law enforcement provides a written summary of the emergency and explanation of how the information requested will assist them in preventing the emergency.
“No information provided”: Common reasons that no information was provided in response to legal process include: (1) the request was a duplicate; (2) Dropbox objected to the request; (3) law enforcement withdrew the request; or (4) the request failed to accurately identify an account.
Non-content: Non-content records generally describes any available information other than the content of communications. It includes basic subscriber information, defined in Section 2703 of the Electronic Communications Privacy Act, and other information reflecting usage of an account. “Non-content” information does not include the files that people store in their Dropbox accounts.
Non-disclosure order: At their discretion, judges can issue court orders preventing or delaying Dropbox from notifying a user of a government request for their information. These orders often cite subsection 2705(b) of the Electronic Communications Privacy Act and can extend for any length of time.
Non-US requests: Non-US requests include any formal legal process from a non-US governmental entity seeking user data. At this time, we accept US and Irish government requests. We may also respond to requests made pursuant to international agreements on legal cooperation in criminal matters, including Mutual Legal Assistance Treaties or letters rogatory.
Preservation: A preservation request is a government request to preserve user data pending the receipt of formal legal process. When we receive these requests, we will temporarily retain a snapshot of the relevant user data for 90 days, but we do not disclose user data in response to preservation requests. To obtain the preserved data, valid legal process is required and those subsequent requests are (and always have been) included in the report.
User Notice: Our policy is to provide notice to users about requests for their information unless we are prohibited from doing so by law. In limited cases, we may delay notice to the user until after we have complied, and in those cases we note the date we produced user records.
Our tracking and reporting methods may evolve as we continually strive to improve the accuracy and clarity of our report.