When most of us begin using encryption, the intended goal is to be able to protect certain types of data from certain types of individuals. You might be interested in saving your trade secrets from would-be industrial spies and I may be interested in hiding unfinished novels from prying eyes. But the strength of commonly-available encryption aims at giving governments some trouble in getting to that data. Well, the technology is available, but now they’ll just force us to hand over the keys or face jail time.

Good encryption is not easy to analyse. We give away the fact that we may have encrypted data by means of filenames and obvious other slip-ups¹. How do you achieve plausible deniability? Write bad poetry, encrypt it and use a hidden TrueCrypt volume inside the first and you should be set. It’s just a random stream of bytes, after all.

Well, here lies the problem. Say the government really wants you out of the picture² but they don’t have anything conclusive. How about a random stream of bytes stored somewhere on your hard-drive? You can’t provide an encryption key even if you want one; they don’t really want anything more than to shut you up or scare you into a very bad deal. They have the means to legally detain you for something that can, in certain circumstances, be very hard to prove or disprove.

So should you stop encrypting? Definitely not. Obscure what you need to hide, split it up so that you can make it hard to reconstruct, use TrueCrypt where possible and hold up on the technological front. Also remind those around you that few things were gained throughout history through inaction; as doctors say, prevention is better than curing.

1. How about those files named secret-aes1024-txt.gpg? [↩]
2. For all you nay-sayers, think of China as a well-known example and remember that there are many, too many others like it [↩]