> Failure to comply means you sit in a jail cell until you cough up the password.
So, keyfiles on easily-destroyable thumbdrives, then? If they say the only copy of the key (that they're aware of) was destroyed, that's basically equivalent to saying they wiped the disk; you can't really hold them expecting them to magically recreate it, right?
"Tampering with evidence is the knowing and intentional physical manipulation, altering or destruction or falsification of evidence relevant to a criminal case or investigation. It is important to note that tampering is not the accidental destruction or modification of evidence, it is only if the individual had reason to believe the material or item was part of an investigation."
Evidence tampering often carries much harsher penalties than the crime in question -- if a company is in trusteeship, wiping the disk (or doing the equivalent) can quite possibly be the dumbest possible thing you can do.
That's only in the case where you can prove that someone knew there would be an investigation and destroyed the key as a result. The nice thing about thumbdrives: they're incredibly easy to lose. If it's only needed for startup, you can just say that you lost it a long time ago, but it wasn't a problem because you just left the machine running. To disprove that, they'd need to check the system logs, which are, of course, also on the encrypted disk. :)
So, keyfiles on easily-destroyable thumbdrives, then? If they say the only copy of the key (that they're aware of) was destroyed, that's basically equivalent to saying they wiped the disk; you can't really hold them expecting them to magically recreate it, right?