I have a security question regarding snapshot and privacy shield

I was just wondering about Snapshot. Managed Backups is a pretty sweet feature.
Where are the servers located that you are using? And is there any way to encrypt the backup automatically before it is uploaded?

Germany/Europe has some pretty strict laws regarding the handling of personal data. So all the best precautions you take on the blog to be compliant are all voided if you make an unencrypted backup that is stored on servers outside of Europe.

As far as I understand European laws, this would only work if Amazon is participating in Privacy Shield. And since you are in the middle of the whole process you would probably also have to sign up for that. In order for any European company to be able to use that service and be legally on the safe side.

  • Tyler Postle

    Hey Peter,

    We're a US registered corp and are using the AWS S3 US East data center with resting encryption. http://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html

    So we do everything possible to secure the data at rest and in transmission. That should cover privacy, security, and NSA spying concerns. If you have further questions on that then let us know :slight_smile:


  • Peter

    Hi Tyler,
    thanks for the feedback.

    Unfortunately I don't think this solves the legal problems for European clients:


    If I understand the information correctly in the link above AWS has not signed up for EU-US Privacy Shield compliance, since they solve the problem by giving their customers the choice where the data is stored. So if I sign up for an account with AWS directly and choose that only European servers are used everything should be fine even without Privay Shield compliance on Amazons's end.

    But since you are using a US based data center we are right back in that issue. I suppose if my data was locally encrypted with only me having the key so neither you nor AWS having access to it you might argue, that the data is safe and more important: Privacy Shield compliant. Essentially since it is encrypted gibberish. But even then this would probably be asking for trouble if some bureaucrat decided so.
    But if I understand correctly AWS is handling the encryption for you and they have the keys. Which means storing EU based user data this way is not an option. Apart from that since the contract for service is between WPMUDEV and me - you would have to sign up for Privacy Shield compliance. Which you wouldn't be because all of the above issues.

    Possible solitions for the current situation:
    AWS needs to sign up for Privacy Shield. If they haven't yet - not likely. Then the data could be stored in the US. But you still need to sign up too.
    If AWS doesn't sign up: only severs in EU as a choice for your customers.
    Maybe client side encryption with no access to keys for neither AWS nor WPMUDEV. But again. Somebody will probably challenge that.
    Every EU website that is using Snapshot managed backups could probably inform their users and get their consent to transfer their data to a US data facility. That might cause a lot of users to stay away though since there is technically no real need to use a server outside of the EU.

    Germany has another special problem. Currently it mostly affects online shops. But basically there is a whole industry targeting sites that have legal errors. It's really bad. E.g. one study claims that in 2013 60% of all German webshops had been hit by this and were sued. Usually the amount is somewhere in the range arounds hundreds to thousands of Euros accompanied with a cease and desist with a penalty clause for future failure to comply. Of course with a much steeper penalty.
    Another younger study showed that 20% of all German webshops were sued at least(!) once during 2015.

    Basically you can't even use Facebook Like on your site in Germany anymore without asking for trouble. Just to give you an idea how challenging things currently are.

    And of course somebody might argue that the EU-US Privacy Shield agreement is a bad deal for the US and cancel the whole thing - which would leave the EU in the same legal predicament from January 2016 when the old agreement Safe Harbor got terminated by a European Court. Leaving a gap of nobody knowing what they needed to do to be legally safe until Privacy Shield finally took effect in August 2016. Heavily criticised as being not safe enough by EU standards.

    Hope I could clarify the problem a bit :slight_smile:


  • Tyler Postle

    Hey Peter, yeah I'm by no means an expert on the legality of storage for different countries - so this is all quite interesting hearing how strict it gets over there. I did ask our system admin and we don't ever have the backups on our servers at all - it goes straight to S3 and we do plan on adding a switch so members can choose to store it on either EU or US servers. So progress towards making it more EU compliant is being worked on :slight_smile:

  • Peter

    Hi Tyler,
    things certainly are a tad different here. So far blogs have not been targeted as hard as online shops. Probably due to easier exploits on the shop side. After all you need to prove that somebody is breaking some laws before you can sue them. A lot harder to trace and prove where somebody is storing their backups - or if they create any backups at all.

    Still. Nice to hear you're working on that switch for EU/US servers. Hope that solves the issue :slight_smile:

    But since we're on the subject of data safety - would there be any chance at all that you have plans to implement a client side encrpytion before the data gets transfered to the backup server?