Re: EU based server & storage

[George MacKerron <g.j.mackerron@lse.ac.uk>]

>> Exactly what do you hope to gain from a Tarsnap running on Amazon's EU
>> infrastructure? I can imagine it being faster (for EU residents), but
> Amazon is > still an American company and will still hand over your data
> to the American > government, even if it's stored outside the US.
>> 
>> Either trust Tarsnap's encryption or use something else.
> 
> Some companies have security audits from their customers, which
> specifically ask if data is stored outside the EU. It makes it easier to
> tick the boxes on these audits.

EU data protection law requires that personal data not be moved into jurisdictions with lesser protection of personal data. See:

http://www.dataprotection.eu/pmwiki/pmwiki.php?n=Main.EU#transfer

Of course, Tarsnap data is (given bug-free client software) heavily encrypted, and Amazon appear to have Safe Harbor registration. But it's not been clear to me whether the encryption helps in law, or whether their registration covers AWS/S3 -- as far as I can see, the AWS docs are completely silent on the issue. Keeping data within Europe is much more clearly and obviously within the law.

Incidentally, until Tarsnap offers a European backend, Duplicity seems a reasonable option.

Please access the attached hyperlink for an important electronic communications disclaimer: http://lse.ac.uk/emailDisclaimer