Named in the NSA's PRISM slides as 'coming soon'
June 2013
Among the classified NSA PRISM documents leaked by Edward Snowden, Dropbox appeared as a provider the surveillance program planned to add, listed as 'coming soon' — placing the company squarely inside the post-Snowden surveillance debate.
What happened
In June 2013 The Guardian and The Washington Post published leaked NSA materials describing PRISM, a program for collecting data from major U.S. internet companies. The slide deck, drawn from documents Edward Snowden removed shortly before leaving the agency in 2013, listed established participants such as Microsoft, Google, Apple, and Facebook — and noted that Dropbox was 'coming soon' as a future provider.
The 'coming soon' notation does not establish that Dropbox ever voluntarily joined PRISM, and the company has consistently said it does not give any government direct or unfettered access to user data. What the slide documented was the NSA's stated intention to extend collection to Dropbox. Like other U.S. companies, Dropbox can be served with legal orders, including directives under Section 702 of the FISA Amendments Act, and its server-side-key model means it is technically able to decrypt and produce files when compelled.
The disclosure landed at the worst possible moment for a company whose privacy promises were already under FTC scrutiny, and it became a fixture of the broader argument that storing unencrypted-to-the-provider data in U.S. cloud services exposes it to government surveillance.
Impact
Appearing in the PRISM slides cemented Dropbox's reputation as a surveillance liability among privacy advocates and helped drive enterprise and international customers toward providers offering client-side or zero-knowledge encryption. It set the stage for Edward Snowden's later, blunter criticism of the company and intensified scrutiny of Dropbox's board, its government-request handling, and the keys-held architecture that makes compelled decryption possible.