NSA FUD. Ain't acronyms fun?

Photo credit: Poster Boy NYC

You know what the NSA is and FUD is simply, Fear Uncertainty & Doubt. Certainly and absolutely, the NSA and the feds in general are out of control. However, there is a bit of FUD going on about the actual level of encryption compromise.  

Probably more information in this article on the NSA surveillance issue than many of you are interested in reading, but I couldn't help pointing out Bruce Schneier's agreement with my Security Basic #5: If someone wants to "get" you, they willBruce puts it this way:

About Bruce Schneier.

Photo by Geoffrey Stone.


"These are hacker tools designed by hackers with an essentially unlimited budget. What I took away from reading the Snowden documents was that if the NSA wants in to your computer, it's in. Period."

OK, now that we've got that little self-plug out of the way (everyone's heard of Bruce, not many have heard of me!), let's get back to some FUD removal. Has encryption technology of all types been defeated? Has code-breaking gotten so good that using encryption isn't worthwhile? As the article notes, no, good encryption algorithms are still solid. This is why the NSA has undertaken so many different methods to defeat not the math, but the systems that run the math or even the crypto standards themselves. As Snowden is reported to have included in an online Q&A:

"Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on."

As Leo Laporte mentions in this short discussion of the topic, it is because of the strength of encryption technology that the government got concerned as more and more of the internet "went dark" and hidden from their view that they realized they needed a large, multi-front effort to keep things where they could see them.

So what's a normal person to do? Is there any point? 

Bruce Schneier provides 5 pieces of solid advice. The only minor, and I stress minor, quibble I have with his advice is that I'd put his #3 item as the #1 item to bear in mind. Given the opening point about the fact that if the NSA wants to get you, they will. It is important to also remember that if you undertake some reasonably good practices, it makes the NSA have to do some work to get at what you want to hide. The effort you go to to hide various elements of your data should be commensurate with the contents of the data you want to hide and from whom. Hiding data from ID thieves and hiding it from the NSA are very different things. The feds already know or have ready access to everything about you that ID thieves and other criminals are after.

I was happy to see several things I use on Bruce's list such as TrueCrypt.

Funny thing is that with all the FUD and furor around the revelations of the NSA programs, many people post information for anyone to use against them via social media!