The simplest design for an eternity service is to mimic the printed book. One might pay 100 servers worldwide to retain a copy of the file, remember the names of a randomly selected 10 of them (to audit their performance and thus enforce the contract), and destroy the record of the other 90.
Then even if the user is compelled by authority to erase the file and to hand over the list of ten servers where copies are held, and these servers are also compelled to destroy it, there will still be ninety surviving copies scattered at unknown locations round the world. As soon as the user escapes from the jurisdiction of the court and wishes to recover his file, he sends out a broadcast message requesting copies. The servers on receiving this send him a copy via a chain of anonymous remailers.
Even if the protection mechanisms are simple, the use of a large number of servers in a great many jurisdictions will give a high degree of resilience.