← Back to Index

Cryptography / Gag-Order Theory

TrueCrypt — The Honourable Shutdown?

28 May 2014: the world's most-trusted open-source disk-encryption tool vanishes overnight with a bizarre warning telling users to migrate to Microsoft BitLocker. The official story is "unsupported." The popular theory is that the anonymous developers were served a secret order and chose to walk rather than backdoor. This page sets out what is documented and what is honestly still speculation.

1. What Actually Happened

On 28 May 2014, the official TrueCrypt website at truecrypt.sourceforge.net was replaced, without warning or prior announcement, by a single page that read:

WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues This page exists only to help migrate existing data encrypted by TrueCrypt. The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images.

The page recommended that Windows users move to BitLocker — Microsoft's closed-source, government-friendly disk-encryption product. A new binary, TrueCrypt 7.2, was released the same day. The 7.2 build could only decrypt existing volumes; encryption was completely disabled. Cryptographic signatures matched the previous TrueCrypt developer keys, so the shutdown was either an inside job or a very thorough compromise of those keys.

To users, security researchers, and the open-source community, the message was both shocking and obviously strange. TrueCrypt had been the gold-standard cross-platform disk encryption tool for over a decade. It was the recommended choice in Edward Snowden's leaked NSA training documents as an encryption tool the agency could not reliably break. And the developers had, just months earlier, been actively cooperating with an independent cryptographic audit that was finding no significant flaws.

The shutdown was so abrupt, so out of character, and so peculiarly worded that the entire security community immediately suspected it was something other than what it claimed to be.

2. Timeline

2004
TrueCrypt 1.0 released, derived from the older Encryption for the Masses (E4M). Original author Paul Le Roux is the only named individual; subsequent versions are released by an anonymous "TrueCrypt Foundation" with developers using only pseudonyms like "ennead" and "syncon."
2004–2012
TrueCrypt becomes the de facto standard for free disk encryption. Used by journalists, lawyers, doctors, dissidents, criminals, and ordinary users. Cross-platform, open-source-ish (under a non-standard licence), audited informally over the years.
June 2013
Edward Snowden's NSA disclosures begin. Internal NSA training documents from the leak identify TrueCrypt as one of a small number of crypto tools where mass interception fails. Subject access to TrueCrypt-encrypted volumes is described in those documents as a "major problem" for NSA collection.
October 2013
The Open Crypto Audit Project (OCAP), led by Matthew Green and Kenneth White, raises funds to formally audit TrueCrypt. Phase 1 is the bootloader and Windows kernel driver.
April 2014
Phase 1 of the audit publishes its results: no evidence of intentional backdoors, but several non-critical implementation issues identified. The developers indicate they will cooperate with Phase 2, focused on the cryptographic primitives themselves.
28 May 2014
The shutdown. SourceForge page replaced. TrueCrypt 7.2 released, decryption-only. Developers vanish without explanation. The recommendation to move to BitLocker is widely read as deliberately absurd given BitLocker's closed-source, government-cooperative nature.
April 2015
OCAP Phase 2 audit results published: no backdoors found in the audited cryptography. A small number of weaknesses identified, none of which would justify the "not secure" framing of the shutdown notice.
2014 — present
Forks emerge. VeraCrypt (by Mounir Idrassi) becomes the de facto successor, retaining backwards compatibility and patching the OCAP-identified issues. CipherShed attempts a full clean-room rewrite. The original TrueCrypt developers remain silent. None of them have ever publicly identified themselves.

3. The Gag-Order Theory

Within hours of the shutdown, the dominant interpretation in the security community was that the developers had been served with a secret legal order — a National Security Letter, FISA §702 directive, UK Technical Capability Notice, or equivalent — demanding either backdoor cooperation or surrender of signing keys, and that they had chosen to terminate the project rather than comply. This theory rests on several specific signals.

A — The "warrant canary" reading

The shutdown notice itself contains language that no developer would write voluntarily. The phrase "TrueCrypt is not secure as it may contain unfixed security issues" is grammatically odd and factually unsupported by the audit work going on at the time. Some readings:

B — The behavioural signal

Developers who have been working publicly for ten years on a project, cooperating with an active audit, and shipping regular updates, do not silently disappear overnight without a single explanation, blog post, or signed-off message of farewell — unless they are legally prohibited from doing so.

National Security Letters in the US, Technical Capability Notices in the UK under the Investigatory Powers Act 2016 (or its 2014-era predecessor, RIPA), and FISA gag orders all share one core feature: the recipient cannot publicly acknowledge that the order exists. Telling friends, lawyers (outside the narrow privileged scope), journalists, or the public is a criminal offence. The recipient's options are:

  1. Comply secretly
  2. Challenge in the issuing court (rarely successful, never public)
  3. Walk away from the activity that triggered the order

Option 3 — closing the project, destroying the keys, and refusing to continue — is consistent with everything observable about the TrueCrypt shutdown.

C — The Lavabit precedent

The TrueCrypt shutdown happened less than a year after the most well-documented public case of exactly this dynamic: Lavabit.

Documented Precedent

Lavabit, August 2013

Ladar Levison · Eastern District of Virginia · later partially unsealed

Encrypted email provider Lavabit was served a FISA-style order demanding turnover of its master SSL keys — keys that would have decrypted not just the target user's mail (Edward Snowden) but every Lavabit user's communications. Owner Ladar Levison refused, then complied under contempt threat by printing the keys in 4-point font, then immediately shut down the service. He was barred by gag order from publicly explaining why for weeks, eventually testifying in carefully sealed court proceedings. His own description of the situation: "I would strongly recommend against anyone trusting their private data to a company with physical ties to the United States."

Lavabit's shutdown was triggered by exactly the kind of order the gag-order theory of TrueCrypt suggests. Whatever the specific mechanism, the outcome was identical: a privacy-protecting service shut down rather than betray its users.

D — What the audit found (and didn't)

The Open Crypto Audit Project's results matter because they cut both ways:

This mismatch — a mild audit verdict versus a wholesale "the product is not secure, walk away" public statement — is the strongest single argument that the public reason given was not the real one.

4. Counter-Arguments — Why the Gag-Order Theory Might Be Wrong

An honest assessment also has to engage with the reasons not to immediately accept the theory.

Burnout is real

Long-running anonymous open-source projects with hostile audiences (legal, regulatory, criminal-misuse pressure) often end with their maintainers quietly walking away. There's no requirement that anyone explain.

The licence was always messy

TrueCrypt's licence was a custom non-OSI-approved document with awkward provisions. The developers may simply have lost interest in maintaining something they couldn't cleanly hand to others.

No developer has confirmed

If the gag-order theory were exactly right, you might expect — over a decade later, possibly in a different jurisdiction — at least one of the anonymous developers to have surfaced, even pseudonymously, with confirmation. None have.

"BitLocker" might be a red herring

The recommendation to use BitLocker was so absurd that it could equally well be read as a deliberate troll by burned-out developers, not a coded warning.

The honest position is that the gag-order theory is strongly suspected, circumstantially supported, never proven. Anyone who tells you they know for certain either way is overstating their evidence.

5. Why It Still Matters

Whether or not the TrueCrypt developers were specifically served with a gag order, the broader question the episode raises is real and unresolved:

The systemic problem

Modern Western surveillance law — UK IPA 2016 Technical Capability Notices, US National Security Letters and FISA §702 directives, the Five Eyes intelligence-sharing framework — gives the state the power to compel private companies and individual developers to secretly modify their products to facilitate state access, with criminal sanctions for disclosure. The recipient is gagged for life unless and until the issuing authority chooses to unseal the order.

Under that legal architecture, every cryptographic product anyone sells or distributes is, in principle, one secret order away from being silently weaponised against its users. Whether TrueCrypt specifically was that case or not, the architecture that makes it plausible is real, documented, and on the books in every Five Eyes country.

The only defensible long-term response is open-source code, reproducible builds, and active community auditing — so that if a backdoor is ever introduced, it can be found by anyone with the time to look. TrueCrypt's afterlife in VeraCrypt is the practical embodiment of that response.

The "honourable shutdown" framing

The way the popular reading frames the TrueCrypt story — "they were forced to backdoor or shut down, and they chose to shut down" — is morally satisfying and probably partly true. But it understates the cost. Whoever the TrueCrypt developers were, they:

That is not a clean win. That is what a working secret-order regime looks like when it bumps into someone with principles: the project dies, the public narrative is controlled by the order's issuer, and the user community is left to guess. The "honourable option" framing is sentimentally true and structurally wrong — there should not be a situation in which a developer's choices are limited to "betray your users" or "destroy your work and never tell anyone why."

A society in which the people who build privacy tools can be ordered, in secret, to either undermine their own product or destroy it — and forbidden from telling anyone which — is not a society that has chosen privacy. It is a society that has chosen to permit the appearance of privacy while reserving the right to revoke it at any time, against any individual, with no accountability and no possibility of public oversight.

6. Bottom Line

Verdict

Is it true that TrueCrypt was forced to backdoor or shut down, and they chose the honourable option?

Probably, in essence. Definitively, no. The shutdown is consistent with a gag-order scenario, the audit results undermine the public reason given, the timing relative to Snowden's disclosures and Lavabit is suggestive, and no rival explanation accounts for the bizarre wording or the abrupt manner. But the original developers have never confirmed it, no order has ever been unsealed naming TrueCrypt, and a fully-documented benign explanation (burnout + licence frustration + the audit work surfacing things the team didn't want to maintain) cannot be entirely ruled out.

What is certain is that the legal architecture that would have enabled exactly this scenario was, and remains, fully in force. So even if TrueCrypt itself wasn't the specific case, the next time it happens to a similar project, the public won't be told either.

Primary Sources & Further Reading