Ha! Absolutely right you are (note my use of the qualifier “properly subpoenaed” ) From reading the DH blog, and other threads involving abuse issues (DCMA take-down notices, etc.) DH has a record of thoroughly evaluating the “legality” of demands made upon them , and I probably should not have sounded that dismissive.
I actually believe they would produce whatever their counsel advised was legally appropriate, and move to quash overly-broad or abusive subpoenas. Given that each case would likely be evaluated on its own merit (or lack thereof), I just choose to take the “worst case” possibility as being likely, - and plan accordingly.
Unfortunately, I really don’t know offhand of a good process for encrypting the data in a database while making it readily available “online” and real-time accessible to multiple users. That whole concept actually goes against my methodology of approaching such thing, and I have never really researched it.
The “pessimist” in me (and my experience in working military signal security and traffic analysis mission during the Cold War) causes me to refrain from putting truly sensitive data online, on a shared server, at all!
One alternate modelmight be to always maintain the data in an encrypted file (batched dump encrypted with pgp?) for download to users’ machines where it could be decrypted for use with offline processing programs, but that may not work well at all depending upon your application(s) (will the data be interactively updated by the users, are you able to properly “batch” updates to maintain data integrity and editing conflicts?, etc.).
It’s an interesting problem, and I hope someone else can offer you real advice (instead of mere commiseration).
Edit: You got me thinking, and, though you have probably already done so, this google search produced some interesting and and relevant reading including:
At least there are some good ideas there, and a place to start?