Basically, we could give non-superuser ssh access to one of the security folks that we trust, so that they could at any time, ssh in and verify the logs are not being kept.  Then they publish what they find periodically.  Kind of like how companies do independent security audits.