[LINK] Geolocation of Au citizen data

Paul Brooks pbrooks-link at layer10.com.au
Wed Oct 2 13:50:00 AEST 2013


On 2/10/2013 10:37 AM, Jan Whitaker wrote:
> At 10:24 AM 2/10/2013, Bernard Robertson-Dunn wrote:
>> Some consumers might be interested in the potential impact of the
>> Patriot Act on the data that Amazon holds on behalf of its business/org
>> users.
>>
>> We all have complete trust in overseas governments, don't we?
> Now *that* question was asked and he answered that it was ASIO in the 
> case of Australia, which can pretty much do what it wants. His 
> solution was to encrypt everything. They don't do back-ups 
> automatically for customers and he said that deletion is completely 
> in the hands of their client. Back-ups are left to the customer to 
> design into their use of AWS as part of their data recovery strategy.

The issue is not only about physical location. Even if Australian data was kept in a
datacentre on Australian soil, under the Patriot act if that data is held on hardware
owned by a US organisation or subsidiary, or any organisation in any location with a
US 'nexus' (which might be as tenuous as having a .com domain name), the US government
also reserves the right to do whatever it wants with the data.

Store it with Amazon in the US, you only have to worry about one government. Store it
with Amazon in their Australian walled-garden, and you have to worry about two
governments.

Encrypt it, and then store it under your own bed with an offsite backup under the
neighbours bed over the road. Multi-terabit storage arrays are fairly cheap these days :-)

P.



More information about the Link mailing list