When it comes to protecting your data from prying eyes, there are few better programs than the free and open source (FOSS*) TrueCrypt, as Scotland Yard found out when it was unable to access David Miranda’s hard drive in the recent shocking incident where partner of Brazilian journalist Glenn Greenwald, a Guardian reporter involved in the release of documents leaked by whistleblowing here Edward Snowden, was illegally detained under the UK’s Terrorism Act. ‘TrueCrypt,’ said Detective Superintendent Caroline Goode, ‘renders the material extremely difficult to access.’
We have written a couple of articles on how to use TrueCrypt (Part 1 and Part 2), but we feel it important to bring to our readers attention a possibly fatal conceptual flaw in this otherwise exceptional program, and an issue that rarely gets raised when TrueCrypt gets discussed.
*Strictly speaking, some elements of TrueCrypt are source available, rather that truly FOSS (Free Open Source Software). However, we don’t think makes much difference to most end-users.
In many ways the fact that TrueCrypt provides ‘plausible deniability’ is one of its greatest strengths, as it is impossible to prove that a hidden volume exists. In most situations, if an adversary (such as law enforcement officials) cannot prove that a volume exists due to lack of evidence, then there can be no case against you.
However, the flip side of this is that it is also impossible to prove that a hidden volume does not exist inside a TrueCrypt container. There are situations where the mere lack of proof that a volume actually exists will not deter an adversary who believes or suspects that it does, and in such situations the fact that any TrueCrypt container could potentially contain a hidden folder could be extremely dangerous.
Consider the situation in a country where the law provides no presumption of innocence, and the burden of proof lies with the accused. In such a situation, while an adversary may not be able to prove that a hidden volume exists, he could also not prove that it doesn’t, and could consequently face jail or worse if the adversary felt that he hiding information (even if he was not).
A similar situation might exist for a Mafia whistleblower facing torture if he does not reveal the password to a suspected hidden volume. Without being able to prove that such volume does not exist, he could be in deep trouble.
In the UK for example, you can be jailed for refusing to hand over encryption keys to data the police believe contains criminal content. However (at least at present), the police do have to demonstrate that some encrypted data exists that you have keys to. If there is no evidence that such data even exists, there is no case.
A TrueCrypt hidden volume makes it impossible to know (and therefore prove) that hidden data exists, which is what lies at the heart of the concept of ‘plausible deniability’. The problem comes when you are dealing with an adversary who doesn’t care about proving the data exists, and will imprison or torture you simply on the grounds of suspicion.
In such a situation, using TrueCrypt to protect your files may be especially dangerous, since if no hidden volume actually exists then you can neither prove this to be the case, nor surrender the non-existent keys. Is your adversary chooses not believe you, then you have nowhere to go.
A potential workaround
At least in theory*, one possible solution to this problem could be to create a hidden volume even if you do not plan to use it. In this way, should you decide that the consequences of revealing your TrueCrypt protected data outweigh the benefits of keeping it secret, you can also reveal your hidden container key to show that there is no further hidden data (only one hidden volume TrueCrypt can be created in each TrueCrypt volume).
*Please note that this is a personal suggestion, and while we have run tests to confirm that only one hidden volume can exist in a TrueCrypt container (if you create a second, the first is deleted), the above idea is just that, and we take no responsibly on how events might play out in practice.
TrueCrypt is probably the best means currently available to keep data safe, and its hidden volume feature could be a life saver in many situations. However, the fact that the existence of a hidden volume cannot be proven one way or another, and may exist within any TrueCrypt container, can under certain circumstances be viewed as a dangerous liability that all users of TrueCrypt should be aware of.