Evidence: “We know you had this data based on emails between you and X entity, who already gave us emails and confirmed it was with you who they were communicating. We know you destroyed hard drives based on the fact that we found hard drive remains in your trash within 24 hours of receiving the subpoena. Cough up the data or face prison time.”
It’s not hard to solve for X when you know the rest of the equation.
It very much depends on your local laws. Despite the current administration, the law in the US, for example, is that you do not have to divulge passwords (a Fifth Amendment right to silence). You can hand over your entire encrypted database intact, no destruction needed, and unless the authorities can decrypt it, it’s useless evidence in court. Prosecutors may still try to build a case without that evidence (as you pointed out by getting decrypted correspondence with an accomplice), but it’s not illegal to hand over encrypted data, even if they demand that you decrypt it; you are under no legal obligation to help incriminate yourself.
That right may not exist in other countries, so as always, one should know their individual rights and threat model.
Destruction of evidence is also a crime in most places.
What evidence?
Evidence: “We know you had this data based on emails between you and X entity, who already gave us emails and confirmed it was with you who they were communicating. We know you destroyed hard drives based on the fact that we found hard drive remains in your trash within 24 hours of receiving the subpoena. Cough up the data or face prison time.”
It’s not hard to solve for X when you know the rest of the equation.
It very much depends on your local laws. Despite the current administration, the law in the US, for example, is that you do not have to divulge passwords (a Fifth Amendment right to silence). You can hand over your entire encrypted database intact, no destruction needed, and unless the authorities can decrypt it, it’s useless evidence in court. Prosecutors may still try to build a case without that evidence (as you pointed out by getting decrypted correspondence with an accomplice), but it’s not illegal to hand over encrypted data, even if they demand that you decrypt it; you are under no legal obligation to help incriminate yourself.
That right may not exist in other countries, so as always, one should know their individual rights and threat model.