I've just read a piece
by Bruce Schneier, a prominent expert on computer security, describing in some detail what the NSA can currently do and how one can or cannot protect oneself. The basic message is that you cannot prevent the NSA from accessing your computer and getting any information you have on it by precautions that ordinary users are likely to use, but they
probably won't bother unless they have some special reason to target you. Most NSA spying is done by targeting the network not the end point, and you can, by making the correct choices in encryption software, make it difficult to impossible for the NSA to read your messages without going to the effort to access your computer.
An important point is that the NSA attack on encryption consists in large part of weakening, in non-obvious ways, publicly available encryption, at least sometimes with the cooperation of the firms producing the software. That is important because once the NSA has done it, there is nothing to prevent other people from taking advantage of the weaknesses, provided they can discover them. That makes the NSA efforts, at least potentially, a large benefit to computer criminals interested in stealing trade secrets, credit card numbers, or other valuable information, as well as to foreign governments interested in stealing information for their purposes. As I put it some years back in my Future Imperfect
, discussing the desire of law enforcement for ways of overcoming encryption:
Encryption provides the locks for cyberspace. If nobody has strong encryption, everything in cyberspace is vulnerable to a sufficiently sophisticated private criminal. If people have strong encryption but it comes with a mandatory back door accessible in half an hour to any police officer with a court order, then everything in cyberspace is vulnerable to a private criminal with the right contacts. Those locks have billions of dollars’ worth of stuff behind them – money in banks, trade secrets in computers.
From time to time, U.S. officials complain that the Chinese have been breaking into U.S. computers and stealing trade secrets. It now appears that the National Security Agency has been spending hundreds of millions of dollars a year making it easier for the Chinese to do so.