In all seriousness, is it possible to design a system where it is simply impossible to hand over data to a third party?

I believe Julian Assange worked on a system that would make it impossible for an external entity to determine if there is any useful information on a data partition. Basically you would have a hard drive full of random numbers and it would be unfeasible to determine if there is any actual information on it, without the right keys and tools.

I have never heard Assange's name in connection with this, but that's what Truecrypt purports to do: http://www.truecrypt.org/hiddenvolume

He did. It was a project called rubberhose.

Its at two levels.

Its trivial to make a system where the content of the messages can only be read by the recipient. PGP and GPG email is an example of this end-to-end encryption.

The weakness in these schemes is two-fold: the update mechanism for the software (e.g. if its web-based, do you trust the server that serves the page?) and authentication: how do you know that the credentials you have for the recipient are accurate?

Its less trivial to make a system where who-is-corresponding-with-whom is obscured. Onion Routing (e.g. TOR) is in this direction, but there are laborious ways to peel the onion.

All in all, a hard problem.

If you can access it, then so can someone else. If you can't access it, then why bother building the system in the first place?

It's not exactly the same, but a TPM does something very similar by keeping it at the hardware level.

Yes. You can use HSMs to load the keys; there are various other ways to handle upgrades. It's "non-trivial" in practice.

> Best to have hardware from which it is impossible to export a key.

How is that best? Just hand over the hardware.

one 4 point character per page, delivered as a stack, but unstapled. Bonus points if the pages are numbered, but are sampled from a psuedo random number generator with large cycles.

> sampled from a psuedo random number generator

This shouldn't present much of a problem to the NSA.