Drew and Arash on the Dropbox Blog:
Some concerns have been raised about our Help Center article and other statements that discuss employee access to user data. We agree that we could have provided more details and we will be updating these to make them more clear. Like most major online services, we have a small number of employees who must be able to access user data when legally required to do so. But that’s the exception, not the rule. We have strict policy and technical access controls that prohibit employee access except in these rare circumstances. In addition, we employ a number of physical and electronic security measures to protect user information from unauthorized access.
That sounds great, but it’s far too short of an answer. Is this like setting off a nuke — where two people need to turn two different keys to make it happen? If not, why not? That’s what I want to know.