What if you, as business manager, do not ever possess your private keys, merely use them to set things up and then ship them off someplace for safe-keeping? Then run your servers in the clear, but the content encrypted. If anyone wants the private keys, they'll have to hunt down that third entity. Or don't do this. Just encrypt and if the feds ask, hand them the keys... because....
The backend encryption should sit on top of per-user encryption. So even if things were decrypted on the backend, they would need to be decrypted again on a per-user basis, i.e. the law would have to go after the individual users who set up their own private encryption.
And be selective about what you keep in your logs and for how long; don't leave a paper trail of non-technical, per-user transactions unless it's necessary.
Anyways, I know people have already thought of this stuff and there are fancy acronyms for it; I just can't recall them.