[pppp]

Here's my theory (step-by-step):

1. Truecrypt is a gigantic pain-in-the-side for US intelligence agencies.

2. Intelligence agencies brainstorm about the best way to deal with the situation.

3. Taking over and tampering with the current code is deemed unrealistic. The user base of Truecrypt is very sophisticated and even minor changes to the source code would be scrutinized.

4. "How can be get people to stop using Truecrypt?" "We can discredit the project - get people to voluntarily stop using it because they don't trust it".

[DanBC]

Your (1) partly fails because they'd just toss you in jail until you hand over the key. If they think you're a terrorist that jail might be overseas with no access to lawyers. If they think you're a paedophile they'll just leak that info (and this your life is destroyed).

Also, "Truecrypt properly used is a gigantic pain" and although I have nothing to support it I reckon many people use it incorrectly. Has anyone done any research?

See "deanonymizing alt.anonymous.messages" for examples of people doing crypto wrong.

[knodi123]

Or they could simply use rubber-hose cryptanalysis.

http://en.wikipedia.org/wiki/Rubber-hose_cryptanalysis

[dendory]

Actually I disagree. The NSA is all about spying. If they can't decrypt what you do without going to you and asking you for the keys (or throwing you in jail) then I would say it -is- a major pain for them. Remember we're talking about an agency who routinely targets one person in the hope to find dirt on others.

[sliverstorm]

On the other hand, the NSA is all about spying. If they can't encrypt their data and keep it secret, they can never get the upper hand.

(The most valuable information is info your enemy doesn't know you know. Information your enemy knows you know is not as powerful)