Dropbox has thrown in its lot with Google, Facebook, Microsoft, and other companies looking for permission to publish information about secret national security requests. The company has filed an amicus brief with the Foreign Intelligence Surveillance Court, requesting that the court give all internet companies permission to tell users how many national security-related information requests they receive and how many users are affected by them, even if the orders themselves are protected by a gag order. "The Court should not permit the government to invoke the mere label of 'national security' to justify the speech restraints it seeks," says the filing. While the filing isn't a lawsuit in its own right, it supports the suits filed by others, and a favorable result for any of them would also be an excellent sign for Dropbox.
Dropbox was one of the companies named as participating in the NSA's online surveillance program, and it's denied any broad information-sharing agreement with the government. While the orders remain secret, though, there's not much it can do to prove its innocence. After the leaks, companies won the right to publish rough numbers of national security-related requests, but only rounded to the nearest thousand. This policy, Dropbox says, is worse than useless. Currently, it can publish a number covering every non-gagged law enforcement request; 87 were reported in 2012. But "had Dropbox received just one national security request during that period, and had it wished to include that single request in its report," it would have had to replace that with a vague "1–1000" label.
This change "would shed almost no light on the data requests Dropbox receives, and could foster the impression that Dropbox received many more national security requests than it did," the brief says. While the NSA is attempting to declassify more information about its surveillance efforts, the FISA Court is currently handling suits from Google, Microsoft, Facebook, and Yahoo, all asking for permission to publish exact numbers of requests, though not the requests themselves. Like Dropbox, these companies have said they're being hamstrung by secrecy requirements, unable to stem public speculation about widespread spying.