VeraCrypt/TruCrypt - I can't understand why you'd want to create a "hidden" volume...?
Your first question is really a legal one, and you seem to be assuming two things:
- The attacker is a government of some sort.
- That government actually respects citizen privacy and requires some sort of reasonable suspicion before it can force people to give up encryption keys.
Neither of those assumptions are necessarily true. For all you know, some random thief could grab your laptop while you are using it, notice a VeraCrypt file sitting on the desktop, and pull out a gun and force you to decrypt it. It's not super realistic, but definitely possible.
And even if it is indeed a government, not all countries have privacy protections or require reasonable suspicion. Even in ones that do (e.g. US and many European countries), there have been lots of cases where courts have forced people to supply their decryption keys because it is deemed relevant to an investigation. Whether they have the authority to do so is a subject of current debate, especially in the US where there is supposed to be protection against self-incrimination. Here is one such case:
http://www.cnet.com/news/judge-americans-can-be-forced-to-decrypt-their-laptops/
For your second question, try it out yourself: Create a 500mb outer volume, containing a 300mb hidden volume. Completely fill the hidden volume with files. Then mount the outer volume. The outer volume will still show 500mb of free space.
How does this work? The idea is that you're never supposed to write to the outer volume once you have created it, as doing so could corrupt your hidden volume. If you open the outer volume, even veracrypt does not know that the hidden one exists. There is no way to tell that a hidden volume exists because the hidden volume is indistinguishable from free space (which is why veracrypt still shows 500mb free space when you mount the outer volume). That's the whole idea of plausible deniability; there is no technical way to prove that there is more encrypted data.
You're wrong in your assumptions. There are many legal jurisdictions where you can be required to produce passwords for encrypted data on suspicion, rather than proof, that the data may be relevant to a criminal investigation. If you don't provide your password, you can be jailed. But if there's no encrypted volume visible, they don't know to do it. For example, the United Kingdom, under the Regulation of Investigatory Powers Act 2000.
Your assumptions in 1 are just false in many places. In the US, you cannot be forced to hand over encryption keys. That is not generally the case; in the UK, the Regulation of Investigatory Powers Act makes it a criminal offense to not surrender encryption keys when asked. Assuming "just because they know I encrypt my data doesn't mean they think I'm breaking the law" is also misguided; someone who wants access to your data and sees it's encrypted may well think you have something to hide. Even when the law prohibits it, or if it's a criminal trying to access your data, you expose yourself to the $5 wrench attack: someone beats you with a wrench until you give them your password.
As for "no proof:" You forget that they can have some idea what it'll contain before looking at it; in fact, they often have a pretty good idea, because they know something about you. While it could have anything, no court in the world will be so stupid as to pretend that you've actually encrypted random files. In reality, this sort of thing happens all the time: police have some good reason to suspect they'll find evidence somewhere, and so they get a court order to look for it. In the US, you can get a search warrant on probable cause, which is way below the threshold to convict of a crime. The whole point of search warrants is to allow police to search something, when they have a decent idea that they'll find evidence of a crime there, even though they can't know for sure what's in it. Even in the US, the reason you can't be forced to disclose keys has nothing to do with "it could have anything in it" and everything to do with "that's self-incrimination." So the fact that an encrypted volume exists means people know where to look, plus some reason to suspect that you have evidence of a crime hidden somewhere, is a risk.