[winstonwinston]

> to protect against really only physical attacks where someone directly steals the data storage.

Yes, physical access poses a significant risk to data security, it should not be ignored.

[ozlikethewizard]

Aren't we legislating the wrong problem here then though? I'd argue prioritising the physical security of your drives over encrypting them is a better aim for services. As if someone can physically steal your drives they've still DOSed your system even if they cannot accesd the content.