Exactly. And think about private keys for SSL certificates. I'm not even sure if those are covered by the legal wording, but I wouldn't be surprised if they were.
Still, I'm not sure how that will work.
Say I spawn a VPS, and I start my VPN server in there. Can Amazon just go in there and snoop somehow?
My keys are encrypted, even if they can see the disk they are on, and the traffic also.
All it can do is see the network traffic that originates from that machine, and log that.
They can easily look at the RAM of the VM and get the plain-text encryption keys for SSL or VPN or whatever.
I'm absolutely sure by now someone has written a program to automate this, and to be honest I expect some governments already force some companies to do this.