Is anyone else thinking that their systems should include a self-destruct button? (for LavaBit I'd imagine a process that e-mailed each user the SSL key used to encrypt their mailbox, then deleted the key from the system. A user could still decrypt their mailbox by downloading it and using the key).
The problem is that services like Lavabit want to do something that is technically not possible: give you access to your encrypted mail from any computer i.e. the convenience of webmail. If I can just download a key and keep it on my computer, why would I not just generate the key on my computer by e.g. using PGP or S/MIME?
This isn't any different than shredding all your business documents when you hear the cops knocking on your door. It was frowned upon when Enron undertook a mass shredding during their investigation.
It was frowned upon because what Enron was doing was both illegal and immoral. What Lavabit was doing was neither. Further, Lavbit's founder took a stand on a believe in the right to anonymous communication. Compare this to Enron, where destruction of evidence was purely in an effort to hide evidence of culpability by those who ordered the destruction.
Knowingly and willfully destroying evidence that's been legally subpoenaed is indeed illegal, whether done by Enron "immorally" or $tech_company "morally".
