On July 16, 2020, the European Court of Justice (ECJ) issued a ruling with respect to the Privacy Shield framework as it relates to transfers of data from the EU. We recognize that our EU customers may have questions as to how this ruling will affect their continued use of the Keeper Security platform.
Keeper Security is—and has always been—wholly committed to protecting the privacy of our customers’ personal information. As a zero-knowledge security provider, Keeper’s password manager is specifically designed to ensure that the user is the only person who can access data stored in their Keeper vault. Further, Keeper utilizes Amazon AWS in multiple geographic locations, including the EU, ensuring that all data, at rest and in transit, is fully isolated in each customer’s preferred global data center. Put simply, what is stored in the EU, stays in the EU.
With respect to any EU-US transfers of data, our EU-based customers can be assured that Keeper continues its obligations under Privacy Shield. We are in the process of reviewing these transfers, and we will make modifications to our policies where appropriate and in due course.
Keeper’s industry-leading security architecture reflects our fanatical commitment to protecting the privacy of our customers’ information. Let’s examine how this works.
What does it mean to be a “zero-knowledge” security provider?
Keeper’s password manager (“Keeper”) utilizes a zero-knowledge security architecture. This means that each user has complete control over the encryption and decryption of all personal information saved in their Keeper vault, and none of their stored information is accessible by anyone else, not even Keeper employees. As discussed in detail below, the encryption key that is needed to decrypt a user’s data always resides with the Keeper user on their device. Keeper cannot decrypt a user’s stored data, access their master password, remotely access their device, or otherwise access their vault data.
A new Keeper user selects a master password, which is known only to the user. Access to an individual’s Keeper vault is protected by a unique username and the selected master password. Neither Keeper Security employees nor any Keeper contractors can ever obtain or access a user’s master password.
When a user creates a password record for storage in their personal vault, the record is encrypted and decrypted on their device. We refer to this as “client encryption,” because the client (e.g., the user’s iPhone, Android device, desktop app, etc.) is performing local encryption and decryption of data. Each individual record stored in a user’s vault is encrypted with a random 256-bit AES key (“record key”), generated by the user’s device. The record keys are further protected by the data key, which is encrypted by a key derived on the user’s device from the user’s master password. Adding an additional level of encryption and protection, data stored at rest on the user’s device is encrypted by another 256-bit AES key, called the client key. This multi-tiered encryption model provides the most advanced data protection available in the industry.
As described, all user data is wholly encrypted on the user’s device prior to transmission to Keeper’s security vault. The Keeper vault is Keeper’s proprietary cloud-based software and network architecture, which is physically hosted within Amazon Web Services’ (AWS) infrastructure in multiple data centers throughout the world, including the EU. Each individual record stored in a user’s vault is also further encrypted in transit between the user’s device and the KSI’s security vault with 256-bit and 128-bit transport layer security (TLS). This is the same level of encryption trusted by millions of consumers and businesses for web transactions that require high levels of security, such as online banking, online shopping, trading stocks, accessing medical information, and filing tax returns.
Once transported, a user’s vault files are stored in the security vault in a 256-bit encrypted ciphertext, which cannot be decrypted without the data key. Compromising a symmetric 256-bit key requires exhausting the 256-bit keyspace, which would take 3×1051 years to accomplish. Therefore, even if user data is captured during transmission between the user’s device and the security vault, it cannot be decrypted.
When a user authenticates on their device, the encrypted ciphertext stored in the Keeper vault is synchronized down to the device, then decrypted at the device level using the data key on the user’s device. When changes are made to any vault record on a user’s account (or to any shared record), a push notification is sent from Keeper’s secure vault to the user’s device, instructing the device to perform incremental sync. If the user is logged in to their Keeper vault, the local device will then perform incremental sync and decrypt the record changes locally on the device. Record version history is maintained for every change made to a record.
Where is my personal vault data stored?
Our EU-based customers can be assured that not only is their vault data securely encrypted, but it will also not be transported out of the EU. Keeper utilizes AWS’ hardened cloud infrastructure in multiple geographic locations throughout the United States and Europe. Business customers may elect to establish their Keeper solution in a data center located in either the U.S. or Europe. Consumers who sign up directly on the EU web vault will have their information stored in an EU data center. Further, user data is fully isolated in a customer’s preferred global data center, both at rest and in transit. Therefore, all personal vault data belonging to our EU customers remain in the EU, and, thanks to Keeper’s industry-leading zero-knowledge security architecture, the customer is the only person who can ever access their data.
Will my vault data ever be transported out of the EU?
No. All customers who elect to establish their Keeper solution in an EU data center can be assured that their personal vault data will remain in the EU. For more information on Keeper’s commitment to Individual Privacy Rights, please reach out to firstname.lastname@example.org.