I've read previous posts that have discussed encrypted PDF documents and search/indexing capabilities and thought I'd ask a few more defined questions:

Scenario:

ECM in use: SharePoint 2010

DRM solution in use: LiveCycle Rights Management ES - assume two policies are set up on the policy server

Assume the LiveCycle connector for SharePoint 2010 is installed and configured properly

Suppose a user authors a PDF document that is not DRM-protected. The user uploads this document to a document library in SharePoint 2010. The appropriate iFilter is in place to allow SharePoint to crawl and return search results for PDF files. There is an incremental crawl schedule set to run on a predefined interval.

Now suppose the user takes that same document that now exists in a SharePoint 2010 document library, and selects from the context menu the option to "Secure with Adobe Policy".

Question #1: Assuming both LiveCycle policies encrypt the entire PDF document, including its metadata, does the document immediately become encrypted while in the document library or does it only become encrypted when it's being retrieved from the document library? This is an important distinction for me, as if the document is encrypted immediately, the file is essentially updated and the next time an incremental crawl is run the search index will remove the data associated with the unencrypted copy of the document and replace it with basically nothing as the latest copy of the document is encrypted.

Question #2: If the answer to question #1 is that the document immediately becomes encrypted, why did Adobe design the connector that way knowing that immediately applying the protection while the document is contained in the ECM solution would negate things such as search?

Question #3: Again, if the answer to question #1 is that the document immediately becomes encrypted, is the only workaround to make the service account used by SharePoint 2010's search service have "read" rights as defined in all the LifeCycle policies?