IMO, the secret to keeping your data safe is a combination of both high-tech and lo-tech. I will discuss techniques to truly avoid data that you own being discovered by most means available to a government, criminal or law enforcement agency, save them torturing you. Before I start, bear in mind this is written in the mindset that the government, GCHQ and all the hounds of hell are after your data. No paranoia is too deep, no conspiracy theory too outlandish. Better write more and have you ignore half of it than write less and it be half complete.

First up, do not rely on the Constitution (or equivalent) to protect you in any way shape or form. Do not rely on any law of any kind, they will shift like sandbanks and turn on you like attack dogs pretty damn quick. Here in Britain the Regulation of Investigatory Powers Act makes it legal for the government to demand your decryption key or passphrase, refusal punishable by 2 years imprisonment. Bear in mind that they probably have your web access logged somewhere, so if you visit crypto sites every day they WILL have several nice juicy supercomputers waiting just for you before they break down your door. So first up, we'll go with high-tech methods.

The Machine
Making the wild assumption that you will be using a computer for your datastore and not a mathematically gifted rodent in a cardboard box, choosing the right machine for the job can be hard. For pure data storage and communications, a minimal setup is needed. A laptop is a VERY good idea, easy to hide and easy to transport. Typical specs are as low or as high as you want, they need only to be able to store as much data as you have, communicate with the internet (if necessary) and run the programs you need. If you want to avoid having your calls tapped (at least temporarily) buy an acoustic coupler and connect it to the modem. They connection rate is slow, 300 baud typical, but you can connect it directly to the handset on a phonebox, so you can drive into the middle of nowhere, get your mail, transmit some data, and screech (or stealthily creep) away into the night. Avoid wireless communication at ALL COSTS. I doubt I have to explain why. If you plan on keeping your data really secret, follow the guide above to making a secure computer with the use of ramdisks and CD-ROM drives. Bootable linux CDs abound, the largest being the SuSE Live! Evaluation CDs.

Ideally, linux should be your operating system of choice. Windows does too much secret logging to be called a secure OS, whereas linux has distributions designed with security in mind. On a related topic, the NSA-endorsed secure linux distribution is actually a good distro, but your using it boils down to how much you trust the NSA not to bury something in the source code. The linux OSDN community is active, but reading through the entire linux source for backdoors is heavy going. Whatever you choose, keep it simple and clean. More programs means more swap file use, which may endanger your data.

It is highly advisable to build in several safeguards that would make recovery of your data difficult. If you are at all skilled in programming or electronics, your task should not be difficult. For example, you may be forced to give up your login passwords etc to the machine. However, you could (for example) add a small program that expected you to hold down a few specific keys immediately after login. If this was not accomplished, the program would begin a secure delete or wipe of all your files, and then (most importantly) erase all traces of itself. It can then never be proven that there was ever any data to begin with unless they take out your hard-drive and examine it forensically instead of accessing your machine directly. If you are very good with electronics or know someone who is, you may build a short-range radio-frequency transmitter/receiver device. If your computer were activated beyond the range of this signal, all data is destroyed. Once again, this could be defeated by forensic techniques. Using explosives to physically destroy your computer is a little extreme, and could be construed as an attempt to murder law enforcement officials (which is waaay worse than computer crime). Simpler stuff like magnesium ribbon or the wonderful substance Thermite can burn your disks to cinders in seconds, and can be activated by electric charges.

If you are using your computer as a communications device, use PGP to encrypt all of your external communications. Do NOT keep mail archives, even encrypted, unless you desperately need to do so. It is advisable to use PGP 2.6.3i, as it contains only the core modules, is fully peer-tested (no real vulnerabilities found in pre-V6 releases), and has no 'bloat' modules like firewalls and built-in eggtimers and god knows what else. Plus, you can run it on a *very* low-spec machine, which if you computer is a pure datastore it may very well be. If you are truly paranoid, seek out the CryptoKnights Templar (CKT) versions of PGP, which support truly ridiculous keysizes and would try even theoretical machines like Quantum Computers. Also attempt to get ahold of PGPfone, for encrypting voice communications on-the-fly. This application is extremely effective if you get it working, because cryptanalysis routines work less well against a datastream that may have errors in it, like a telephone line would introduce. Using sound instead of text also cuts out half of the techniques a cryptographer would use to crack your code. For safety's sake, encrypting twice is always a good plan. For the record, encrypting and then compressing under PGP is utterly useless - PGP compresses data BEFORE encrypting it anyway. If possible, avoid using new and user-friendly mail clients like Netscape or Outlook, they are closed-source and probably leave logs and traces all over the place. Really, there is no need for a PGP key of greater than 4096 bits, other than giving yourself RSI by banging on the keys for half an hour. It can take over half an hour for even a modern PC to generate a 10,000 bit (CKT PGP supports such a staggering size) key.

If your machine is also a store of sensitive or illegal information (such as accounts records or DeCSS) then you should use a symmetric encryption cypher, such as AES, Twofish,CAST or Serpent. If possible obtain standalone encrypt/decrypt executables, and keep them well seperate from the data itself. Knowing which algorithm was used to encrypt can aid a cryptographer in breaking your codes. If you cannot find or create from source code standalones, later versions of PGP do allow use of conventional symmetric encryption. In these circumstances it is a very good idea to compress your data first, as this defeats several common cryptanalysis techniques and cuts down your opponent's mathematical toolbox. Use the maximum keysize available, and preferably encrypt two or three times with different keys and passphrases. This may seem like overkill, but bear in mind that the Director of the NSA went on record saying PGP was virtually uncrackable, even for the NSA. Why would he say this on public record? I will let your paranoia do the thinking.

Store your keys on a disk, keep the passphrases in your head. As mentioned, it is highly advisable to keep this disk either on your person or *very* well concealed, but not in your house or place of work. Seperate court orders (at least in the UK) are required for every property, and a magistrate here will not grant six orders for every place you visited in the last month month. I do not advise the above suggestion of hiding it amongst thirty nearly identical disks. They *will* check them all, and if they are all encrypted they will make you tell them which one it is. If you have many keys (as you should) it may be a good idea to stash these in seperate places. Giving it to a friend to hold onto is a bad idea, it puts them at as much risk as you and they are unlikely to hold out under the kind of pressure a criminal organisation or government can apply when they want something. It is also not a good idea to simply store your keys on a CD for instance. If you have a 650mb disc with your keys on, it wont take long to find. Fill it up with anything and everything you like, and hide your key within a file somewhere in there. True they will check and will probably find it in the end, but why make life easy on them. Using the black art of steganography to hide your key in an image is a great idea, especially on a CD containing maybe over 2000 images. Steganographise a load of random sequences too that look like keys, it is possible to analyse images for steganographic signatures. Physically writing your key in an image may sound like a good idea, but you try writing out 256 characters with the Pen tool. Using that for passphrases may work though.

The Law
As stated earlier, the crooked arm of the law can array against you just about anything. In modern society if it doesnt make the papers it never happened, and a determined government can ensure that this remains the case. You may have to prove, in court, that you do NOT know the keys and do NOT know where they are. Doing this is somewhat difficult, as it reverses the common innocent-until-proven-guilty method. If you have several keys on seperate discs in seperate places, giving up all but one or two will yield the authorities little, but may show you as being a co-operative suspect and save you somewhat. I do not claim to be a legal expert though, so I will leave this section shortened. If anyone has greater insight into the intricacies of privacy laws, please add them to this node.