@ Robert T,
I have been having a further thought on your "destroying evidence" dilemma, and I suspect the solution is not to destroy evidence but not have it available at the point of inspection.
First however you realy need to decide what data / evidence you are talking about as we know there is,
1, The raw data (bits and integers stored in a file).
2, The meta-data (data structures and ranges) that turn the raw data into usable information.
3, The meta-meta-data (file system entry) that puts the file into a time frame and place.
4, And the various meta-meta-meta-data (file system strata) that points indirectly to a file's previous storage at some previous time and place.
5, Subsiduary or "smoking gun" information (in other files) that point to the existance of a file.
From a very narow legal view point deleting any of the above could be considered "destruction of evidence", but you then have "reasonable behaviour". Afterall in files systems terms copying a file destroys some of the evidence whilst moving and changing other evidence, very much dependent on the way the App / OS / File system behave.
For instance a custom application and data files are two seperate but necessary components to make the information available. However normal usage would have a different strategy for both storage location and backup policy. Thus an application stored on a laptop hard drive may well point to data files stored on a files system that is not attached to the laptop when inspected. That is the normal data storage location is on a network files system or removable drive.
Likewise it is unreasonable to accuse some one of destroying evidence in the last three cases as they rapidly age under normal usage of the technology, and as with any limited resource you cannot be expected to maintain "cruft" indefinatly.
Of interest is some work activites (ie software development) as part of normal activity they can rapidly age file system evidence. Likewise software testing would frequently involve compleate reformating and re-instalation of an OS and other applications. Thus activities that would appear unreasonable for an accountant's PC would be normal on a an almost daily basis for a software tester or journalist (or other) reviewing new software.
Thus in many circumstances not having a data file or it's corresponding application on the hard drive is quite normal and thus "reasonable". Importantly the data / application file level "evidence" is not in anyway destroyed it is just not available at the point of inspection.
Importantly if you do not have access at the time of inspection it is not possible to determin if the file exists or not, it is simply (and quite reasonably) "unavailable" which is as far as I'm aware is not of it's self a crime (it comes down to intent).
In this respect it is a little like documents stored in a security box keyed by a biometric in a bank vault. Whilst at the point of inspection because it is not in the same geophysical location it is not possible to provide access to the contents of the security box, because you have to be where the box is for it to be opened. It is after all quite reasonable to not be able to be in two different places at the same time.
The usuall solution is for the person trying access to get a judge to provide access either by warrant or by compulsion order.
However judges have a limited domain that is they are limited to their jurisdiction, and have no power to compel those outside their jurisdiction to do anything.
Thus the judge has a catch22 if the information or access to it is outside of their jurisdiction, they can order a person inside their jurisdiction to produce the information but if the person can provably not comply within the judges jurisdiction an impass is reached.
The impass resolution available is,
1, Imprison you indefinatly.
2, Alow you to leave the juresdiction.
3, Use an extrajurisdictional intermediary.
Whilst the first is quite likley in many parts of the world including the UK (see RIPA), and the second unlikly in a number of cases, the third case is the real one of interest.
Who is the intermediary and under who's control are they. Clearly they are out of the judges juresdiction and unless there is some treaty the control options are limited.
Thus the intermeduary if not controled by the judge has three basic options,
1, Ignore any "requests" from the judge.
2, Fully comply with the judge's request.
3, Respond with usless information.
This third option has two basic forms which are send false information and send encrypted information without the decryption key.
As we know some forms of encryption (OTP) are "decrypt to what you want" and some encrypted files can actually be archives or containers of other encrypted files...
Thus what happens if the file is stored in an encrypted form in one jurisdiction and the key held in another jurisdiction?
Belive it or not this is one upside of the "cloud" ;)
With "cloud storage" this is rapidly becoming normal and thus quite reasonable behaviour.
But as indicated the intermediary does not have to supply the actual file just something that looks like the file, neither the judge nor the person requesting the information via the judge can tell unless they have a known point of refrence to work against.
So when you think on this not unknown issue you end up with a number of scenarios. One of which is for a software development and test engineer who frequently trials / reviews new development tools,
It is quite reasonable for them to have a series of basic OS and application images stored for use on their laptop stored on a server in the cloud.
Which for the purpose of contractual confidentiality and licence compliance are stored encrypted with secure keys held on a key server controled by another person in the organisation with the appropriate administrator rights.
As the developer works from a field office and the Admin works at head office in another country they have never met, as often happens with personnel who work in large organisations that trade in multiple countries.
Because of this lack of contact the admin provideds the developer with a private key for key managment and and administrative purposes.
However as the developer works in many locations in many different places and on projects for different customers who may well be competitors of each other, all documents and other work are encrypted on a project by project basis and stored on different "cloud storage" providers for secure availability.
Because of this the developer does not carry data files in transit nor project related keys, only theeir administrative public/private keys as these enable them to get the required disk image with custom application, keys and files etc via the respective project administrator and cloud storage server.
Now as they always work through the custom application they have no need to know and therefore no idea what is stored on which of many cloud storage servers.
Is it the developers fault if the administrator they have never met, under direction from senior managment (guided by their insurance providers) implements as standard a duress system such that if the organisation has any reason to belive the developer is under duress of any kind then they are automaticaly supplied with a "duress application" that only accesses files striped of any usefull content... Again due to the requirments of the insurance company the developer is of course compleatly unaware of this duress system. As is the representative who had been sent to meet the developer on the landside of the airport to take them to their hotel, and has reported back to the company that the developer "did not show as expected". The company now assumes the developer has been taken hostage and is now under duress and thus compleatly untrust worthy.
Even quite repressive regimes have been known to recognise the futility of trying to extract information by hostage taking and thus after an interval kick them out of the country. This is because it is fairly well known that fairly large companies have proceadures in place similar to those described just in case their representatives get taken hostage by terrorist or criminal organisations. There are even specialsied security companies who will set up such systems for those with sufficient money to afford their services.
If you come over to the UK at the appropriate time with an invitation to a specialised arms / security exhibition you will get to see such organisations touting for business. Unfortunatly the event in question is "invitation only" and getting an invitation can be difficult, the easiest way is to be an exhibitor there...