The new version posted is almost certainly compromised; don't download it, or at the very least, run it in a VM on non-networked hardware you can reimage after finishing using.
Edit: Forgot this before, but BitLocker is definitely completely broken as it sends your recovery key to MS anyway ( https://twitter.com/TheBlogPirate/status/471759810644283392/... ).
BitLocker in it's "click click next" incarnation stores keys in the cloud, but it is fairly trivial to install in a manner that uses the TPM or external media for key storage.
For example, NIST publishes guidelines for FIPS compliant BitLocker configuration that gives some guidlines re: the different operating modes:
If you have the technical chops / willingness to download TrueCrypt, you should have the ability to spend 10 minutes googling for instructions on a customized configuration of BitLocker.
The more plausible potential for Bitlocker being broken is that there is some subtle flaw in their crypto implementation.
Or perhaps an optional Microsoft-account feature to back up your encryption keys. Something that most normal users would want, just like they want it on Apple devices? Because a lot of common users aren't going to want FDE if it means "oh and lose your key and say goodbye to your data".
As far as I know, there's only been speculation on what PRISM is. Nothing that suggests it couldn't be a frontend to CALEA or warrant-based systems.
Subsequent Snowden releases made it clear that thdatee NSA has many sources of information that are only "legal" because they said so, including intra-datacenter and international fiber taps, zero day exploits, and physically modified equipment (see photos of network gear being intercepted and bugged).
In other words, this paragraph might have been reasonable a year ago, but is now grossly out of date
Bitlocker is not trustworthy as an overall method of FDE.
It's fine and perfectly reasonable not to trust closed-source code, but no reason to spread half-truths about it.
"Hey, how should we deal with resetting people's passwords and keys when they forget them?"
"Tell them to get a safe deposit box"
"And when they're traveling or really need a report and the bank's closed?
"They shouldn't have lost their keys. Stupid lusers."
"Hey, who are you and how did you get in this meeting?"
"I'm the new intern. From the CIA."
"Oh, okay, yeah, let's do that."
People seem to keep forgetting this (I'm sure it's simply unintentional), but PRISM was and still is nothing much more than an automated warrant/NSL compliance system.
You're basically saying that Microsoft is complicit in divulging information in response to specific requests made under specific legislative authorities, which was standard hat since even before Smith v. Maryland.
license plates on cars wasn't a big deal, it was primarily used to identify stolen cars and track drivers breaking the law. Then automation entered the picture and it became feasible to track the movements of everyone, aggregate it in a huge database, and claim "they might be criminals later".
PRISM is more of the same, they could of compelled Microsoft to do this long before, of course, but PRISM is one of those compromise everything initiatives. Meaning that even if the possibility existed before, it definitely exists now.
so it's not unjustified bringing it up.
Remember, with PRISM each and every request has to be approved by the company in question before it proceeds, which is still a manual step. So the license plate reader example doesn't apply directly; Rather it might be like a license plate reader that only works when activated by a remote magistrate, only for the one car permitted by that activation, but can continue scanning that one car's license plate from then on wherever it's seen in the city until the permission expires.
Are you sure it's the later, and not the former?
Suddenly (while there is an audit), they quit everything, change the assemblies and the website, so users can get to another product... It seems weird that after 10 years of hard-work, they suddenly quit without further explanation.
Lavabit was a service, TrueCrypt is a product.
Lavabit had access to all their customers' data, and told investigators that they had it. It's completely straightforward law that, given a subpoena, Lavabit must turn over evidence to the government.
TrueCrypt is a product. They do not have access to customer data. There is no requirement for TrueCrypt to "help out the government" in this case.
If you want to hang a conspiracy theory on this news, find some hook besides Lavabit.
 And I can't fault the conspiracy theorists for trying to find some explanation over this, because the damn thing is so weird and unusual.
But what makes you think U.S. law treats them any differently, assuming TrueCrypt's creators and maintainers can be identified?
Here's my article from 8 years ago talking about how the FBI was demanding that makers of certain products include backdoors for FedGov surveillance:
The FBI has drafted sweeping legislation that would...force makers of networking gear to build in backdoors for eavesdropping... FBI Agent Barry Smith distributed the proposal at a private meeting last Friday with industry representatives and indicated it would be introduced by Sen. Mike DeWine, an Ohio Republican, according to two sources familiar with the meeting...
Anyone can "draft legislation." I can draft legislation right now. That doesn't make it U.S. law. Getting it passed is the hard part.
Phone companies are required to enable wiretaps. But that happened through the public legislative process, and the legislation even lets the phone company bill the government for costs to comply. (Your linked article explicitly points out CALEA.)
So you, a non-lawyer developer, get one of these letters. You are pretty damn sure it is a bluff (didn't that clause in NSLs get shot down? Pretty sure I heard something about that... Something about Nicholas Merrill?). What if you are wrong though? What if this is a different kind of letter that you and the rest of the general public are currently unfamiliar with? What if the government has found a new way to create such a clause? Is "pretty damn sure" a high enough standard of sureness for you to call their bluff and talk to a lawyer anyway? How much do you value your freedom, and how much do you value your work?
Not being willing to call their bluff and contact a lawyer means that you are not able to question or interpret anything else in that letter as well. The best you can do is ask the government to interpret the letter for you, and tell you exactly what you need to do in order to comply.
The next best option is likely to burn what they want to the ground.
Linking an abuse like you describe to Lavabit only harms developers, who if they were to receive such an illegal demand might remember "wait, Lavabit was required to install back doors, right? I guess I have to, as well!"
Until the current regime is dismantled, we cannot rule out the possibility that these abuses are ongoing. To label it as a conspiracy theory is just shameless apologetics.
What's "this"? Is it "the USG compels vendors to install back doors into their software products they ship to others, under threat of jail time and/or fine and/or vacation at Gitmo"? To whom was this done?
NSLs are nasty in many ways. That doesn't mean they are nasty in any way you can imagine.
If you want examples of FBI surveillance untethered to the law, we can provide those. Look at the video of the public forum I hosted with Ladar (of Lavabit) in SF last fall. Look at warrantless cell tracking, which I was the first to disclose circa 2006, and which is now the subject of significant litigation. Look at the warrantless use -- not just by the bureau but other police agencies as well -- of physical GPS tracking devices. How about surreptitious black bag jobs to install key loggers to extract PGP passphrases before this was authorized by the 2001 Patriot Act?
Here's another from last summer, which I was the first to disclose:
"The U.S. government is quietly pressuring telecommunications providers to install eavesdropping technology deep inside companies' internal networks to facilitate surveillance efforts..."
Huh! Where does the FBI get the legal authority to do that? Shouldn't, you know, Congress set the rules here after openly debating them in a public hearing?
Again, all these points are tangential to the question of FedGov product backdoors. (Note I'm expressing no opinion here about what's going on with TrueCrypt.) This survey I did in 2007 is probably worth repeating:
I'm no longer doing this kind of reporting (and left to found the SF-area startup http://recent.io instead) but I hope someone tries to replicate it today with a broader set of companies.
Something must be wrong because this is 100% the question I believe I responded to. I will attempt so again now:
* Statute gives the government the right to compel certain service providers to actively assist in wiretapping. Example law: CALEA
* There is no U.S. law that gives the government the right to compel arbitrary third-parties to modify their products to make wiretapping easier.
You give a long list of bad things the USG has done, but none of them involve vendors being compelled to modify products.
(In another domain, banks have to report transactions over 10K, but that's completely the result of statute, the Bank Secrecy Act.)
This is an interesting claim. It would be more interesting if the U.S. government publicly said its interpretation of the law is the same as yours. It has not. :)
That's what the publicly available laws say, but America has secret interpretations of laws now. We know, for example, that every Internet service is, in theory, free to provide tools that would put user data out of reach of anyone with, or without a warrant. And yet, nobody has.
Nobody except Silent Circle, who have decided to domicile their company in Switzerland, is a new entrant based on the premise of providing truly secure communication. So, what to make of all the CEO-level complaining but no end-to-end encryption tools and no web-of-trust?
If a major Internet portal provided end-to-end secure mail, real-time communications, and secure storage we would know that, yes, there is no legal or extralegal obligation to keep us all naked in the panopticon. But so far all the indicators are in the wrong direction.
If you have a business in America, you signed the Patriot Act. That's probably the law they are using for coöperation :)
The fact that nobody is doing that is a kind of probe. Do we really live in a free country, or is pervasive monitoring a condition being imposed on us, with no choice of services that would prevent it?