Comment by justinclift

2 years ago

Sure, if its LEO. That's not the threat model for most organisations encrypting their data at rest though. :)

---

> should absolutely not do things that can be construed as destroying evidence.

It'd be a very long stretch to successfully argue "removing access to the key" is destroying evidence. The data would still be intact, and available, to anyone with the key.

Just not to whoever physically grabbed the server. ;)

2 comments

justinclift

Reply
cryptonector  2 years ago

I would get legal advice on that, from a lawyer in the relevant jurisdiction, before going with that.

  • justinclift  2 years ago

    Of course. And I'm just pointing out a commonly implemented approach.

    LEO isn't generally the consideration of places encrypting their stuff. Businesses dealing with sensitive data (PII, etc) are required to as a matter of course.