Looking at the "Lavabit" incident, there's obviously some legal framework that allows a government entity in the USA to force a company to surrender a copy of the private key used for email encryption.
If said company would change the private key, obviously the same legal framework can be used to get this new key, in turn. So it's fruitless.
Of course, if it's an "inofficial" leak, a revocation and renewal of keys makes sense.
If said company would change the private key, obviously the same legal framework can be used to get this new key, in turn. So it's fruitless.
Of course, if it's an "inofficial" leak, a revocation and renewal of keys makes sense.