Bruce Schneier's 'How to remain secure against NSA surveillance'

Security guru Bruce Schneier has posted a typically pragmatic and passionate overview of why you can, and should, follow practices that improve your odds of being able to communicate privately in the face of the NSA's vast surveillance programs.

"I understand that most of this is impossible for the typical internet user," he admits, and even Schneier doesn't use "all these tools for most everything I am working on."

The NSA may have converted the internet into one big surveillance platform, he says, "But they are not magical. They're limited by the same economic realities as the rest of us, and our best defense is to make surveillance of us as expensive as possible."

"Trust the math. Encryption is your friend. Use it well, and do your best to ensure that nothing can compromise it. That's how you can remain secure even in the face of the NSA."


Notable Replies

  1. IMB says:

    I wish someone would translate some of what is gobbledygook to those of us who are less well versed in technology. Also, he says some things that I suppose insiders understand like "use encryption not made by any major US company". Okay, I get that Apple is probably not a good source for encryption which comes with the computer. But how does someone find good encryption? How do you know where to look, and which ones always have a backdoor way in and which don't? I have many questions, but will read it all over again when I am fresh.

  2. pjcamp says:

    Isn't it simpler if we all agree to use "Death to Obama, Long Live Osama" as our sigs?

    I mean, if everybody is a terrorist, nobody is a terrorist.

  3. I would start with gpg to protect the contents of your email. Gpgmail is a plugin for your apple mail application. Now this program will only work if the people you communicate with use gpg too.

    Here is a demonstration of the problem. We have these great tools but they are hard to work with and they only work if they are broadly adopted. This is the challenge if you're an engineer, coder, or admin.

  4. Basically it says you don't have a glimmer of a hope to secure your communications against NSA surveillance.

    Even a noted security expert like Schneier finds it to be far to onorous to actually implement it for any but his most sensitive communications, and presumably he has some communications a lot more sensitive than you and many of the people he communicates with are also security experts.

  5. Do I care if the NSA reads it, if they are listening? Well, no, and it's not worth the effort to encrypt it all

    That's the problem, though. I think the overall solution is a hybrid political-technological movement that involves most Americans whether you care if someone at the NSA reads certain particular love letters or not.

    Everyday email communications are basically an unwrapped postcard and that makes encrypted emails stand out like a clownish, sore thumb with unicorn sparkles all over it.

    I think you may be missing Schneier's overall point when he says, "... They're limited by the same economic realities as the rest of us, and our best defense is to make surveillance of us as expensive as possible."

    If we all start using encryption en masse for everyday email communications, it'll shut down (or at least massively slow down) aspects of the NSA's draconian system for all of us. They might have to resort to things like legal warrants again to focus on individuals instead of suspicionless spying on most Americans. It'll simply become too cumbersome to spy on all of us at once if most all of us use encryption.

    Encrypting your love letters (even those sent to your wife's personal account) is the patriotic, civic thing to do. The technological challenge is to make encrypting email easier for average people, and the political challenge is to educate one another on why it's important to use it even for our love letters.

Continue the discussion

30 more replies