When the anonymous authors of the Truecrypt security tool mysteriously yanked their software last month, there was widespread suspicion that they had been ordered by the NSA to secretly compromise their software. A close look at the cryptic message they left behind suggests that they may have encoded a secret clue in the initials of each word of the sentence ("Using TrueCrypt is not secure as it may contain unfixed security issues"), the Latin phrase "uti nsa im cu si" which some claim can be translated as a warning that the NSA had pwned Truecrypt.

The final and best criticism of this article is the fact that the hidden message is bad Latin. It's bad enough, so say some people, that it could just be a coincidence or a random accident. Essentially, they say that there is no hidden message, because there is no Latin, but I think that's going too far, and I disagree. The critics are correct, it is bad Latin. But, the English phrase it came from was bad English too. The only important thing is that the Latin was good enough for the meaning to be apparent, and I think the odds of that happening completely coincidentally are too small to be believable. If it looks like a duck, walks like a duck, and quacks like a duck, it's a duck!

On the other hand, there are some good reasons to formulate a hidden message in bad Latin. Firstly, what I'm claiming is going on here is the TrueCrypt developers are giving us a warrant canary, which is a warning that they're being forced to do things with TrueCrypt that they don't want to do (Apple has a warrant canary too). If their warrant canary is too obvious, it could cause serious legal troubles for them, so the wisest thing to do is to make the warrant canary deniable. I believe they have done that. The bad Latin is bad enough that anyone can credibly state that it's a hugely unlikely coincidence, but still only a coincidence.

The important thing is that the hidden message – even if it doesn't exist – has succeeded in getting people to question whether the NSA might be trying to tamper with the security of TrueCrypt. That's a bona fide "mission accomplished" from the point of view of the TrueCrypt developers, and there's really nothing more to say about it.