Can I trust that all these encryption companies haven't given the government keys? Can I trust that the Government isn't recording keystrokes so that they get the info prior to encryption?

What do we know about complicit behavior between any author of software and the government?

We are getting into fascism when the two are so linked. I have to assume that it isn't a one way street. What are corporations getting for cooperating?

Which is a much bigger worry.

Encrypted traffic they can store if they pick it up incidentally. I wish them luck breaking it...

There is a fundamental level of trust you have to accept, and ultimately it may be misplaced. But there are a lot of smart people who work with encryption whose sensibilities are pro-privacy, and as ingenious as it is the math is not all that complicated (I work with encryption all the time).

Among Snowden's revelations is the acceptance that they DO target encrypted communications first. There is an implication that if you want to keep something secret, you're doing something nefarious. But hacking even casually encrypted communications is not simple, and the NSA has shot themselves in the foot - millions of people will be using encryption now and it will be even more difficult to find the people who really want to do us harm.

I trust that the EFF is not a secret branch of the NSA (they've sued them). If government agencies want to go to the effort to decrypt my communications they're welcome to because it will be a colossal waste of time, and hopefully if enough people start using encryption they will redirect resources to where they really matter (and not spying on their own citizens).

That seems obvious to me. The question is what does it take to get on that list? Does stating your displeasure with the government now put you under scrutiny?

Do posts on DU put us on that list?

Is political activism dangerous?

I'n general I'm skeptical and not the paranoid type, but I've had experiences which have convinced me there is no doubt I'm being surveilled at a higher priority than the general population. I'll be the last to exaggerate my own importance, but the point is this: we're all on the list, but it's so easy with software to prioritize hundreds of millions of "potential threats" that both you and I are digitally unequal to John Doe who goes to church every Sunday and doesn't follow the news.

Practically speaking it probably won't affect us. What bugs the hell out of me is when an investigative journalist like Laura Poitras, who's committed no crime, is put on a terrorist watch list and detained at the airport. That is harrassment which has the potential to get completely out of control.

And we pay for this. Sick.

I'd suggest using open-source encryption, such as GnuPG - the source code is there, you can examine it for back-doors, and lots of software engineers and cryptologists already have. You create your crypto keys yourself, so you don't have to give them to the government.

That's why the NSA targets it - they fear encryption, because they can't break the good crypto.

I know nothing about programming language.

Not that I have anything worth the trouble anyway, but it bugs me a hell of a lot that they spy on us.

Any time you have a URL with "https://" instead of "http://", that means you're using encryption.

But I'd say that GnuPG's the gold standard of encryption software - it's embedded in lots of other software to improve their security. It's a little tricky to use if you're a beginner, but I'll say you can learn it if you take a little time.

For general-purpose use, I'd suggest a GUI front end, so you don't have to be a command-line commander.

Here's one called Cryptophane, which is a front-end that lets you do general-purpose encryption in Windows:

https://code.google.com/p/cryptophane/

Other front-ends for various platforms, and for various purposes, such as email encryption, can be found here:

http://www.gnupg.org/related_software/frontends.html

Oh, and you want GnuPG itself: http://www.gnupg.org/index.en.html

In short, you don't need to know actual programming, but it might take some time to learn how to use cryptography effectively.

Or android or any mobile device? Do we need to go to pcs to have any hope of encryption?

How do I protect my DU perusing?

Hmm if Apple won't go this route I may have to switch.

Sadly I now trust the S. Koreans more with my data than the US or US corps. May have to go with Sam Sung.

but as I don't own those devices, I don't know.

to sell something.

That was "security" after 911, too.

Not likely to work, as most people will not really feel like they are in some kind of danger of government spying on them directly.

but EFF is non-profit, and there are open-source solutions which are effective (Snowden has admitted as much).

For me, it's not useful, since my activities everywhere are far too mundane to be of interest to anyone other than myself and those with whom I communicate, and that's a short list.

However, I have very low confidence that readily-available encryption tools are secure against the cryptologic capabilities of the NSA. That is based on knowledge from many years ago, of course, but I assume that that agency has advanced steadily.

What is more interesting about this readily-available encryption capabilities is that any data-collection system would probably flag encrypted communications as something worthy of interest. Un-encrypted communications, on the other hand, probably are of less interest, since people with nefarious goals generally try to conceal their communications in some way.

Now, maybe easily-available encryption tools are completely secure. That could be, I suppose, but I have little confidence that such a thing is so.

Were I a person who wanted my nefarious communications to be secure, I would not make them using any networked system at all. Not cell phones, not landline phones, and most certainly not the Internet. I would use other methods of communication if I really wanted to keep something from being monitored and tracked by others.

And so it has been for a very long time. People involved in things like terrorism, organized criminal activities, and others generally do not commit their communications to public systems.

So, why are the NSA and other intelligence-gathering agencies collecting all that stuff? Stupidity. People are stupid, and do not do clever things. If you have the capability to collect and analyze a large proportion of public communications, and you have computer systems capable of filtering out interesting stuff from all of the mundane stuff, I guess you'd want to do that. However, getting rid of the mundane stuff would have to be a high priority in that effort. No agency has the resources to find out who contacted their local dealer to buy a small quantity of grass. No agency has the resources to deal with all of the morons on the Internet who daily declare that a revolution is the only solution to something. They'll note that stuff, but will soon realize that it's of no interest and dump it with the rest of the mundane stuff.

The sheer volume of public system communications creates an enormous task, if the goal is to filter out what is truly of interest. It's almost an unimaginably complex task. Are the intelligence agencies able to do it? That I do not know. I'm sure they're trying to do that, in hopes of catching some terrorist trying to smuggle a dirty bomb into some city somewhere. They certainly aren't interested in the activities of the vast majority of people who communicate publicly. They're interested in some microscopic minority of communications that are actually significant.

So, I'll pass on the stuff at the link in the OP. I can't see any reason to bother with it, frankly.

Does political activism mean extra scrutiny by the government?

Personally, I don't include posting on DU as any type of activism that would be of much interest to anyone but other DUers. I can't imagine that the government has much, if any, interest in DU, generally. If some moron posted some sort of threat here, then that might be of interest. However, it wouldn't not last long here if it were really credible. It would be hidden quickly by a jury.

Frankly, most of us think we're more interesting than we really are.

Studies in Iraq showed the more data they input the better their results and predictability.

I neither underestimate or overestimate those capabilities. I do not know those capabilities. I knew what they were in the past, but that was a long time ago. I can estimate what they might be today, but my estimate would be crude, since I'm not really involved in gigadata analysis at all.

What I can think about, though, is the likelihood that they would be interested in some sort of information or not. Given what is known about how many cases derive from likely use of that gigadata analysis, I can infer that they're not using it on an enormous range of individuals. I think the things they're interested in are pretty damn esoteric and rare.

All that data and all that analysis end up being filtered down to a microscopic subset that is actually of interest. The rest ends up being sent to the null device. I can't see how it could be any other way, given what we know about the actual amount of data involved.

I sure there is a jobs motivation to keep this going. "Does political activism mean extra scrutiny by the government?" it certainly did in the 60's.

Lots of tech craziness but also a good summary at this link:

"In your code, you can return "practically infinite" as cracking time for all key lengths. A typical user will not break a 1024-bit RSA key, not now and not in ten years either. There are about a dozen people on Earth who can, with any credibility, claim that it is conceivable, with a low but non-zero probability, that they might be able to factor a single 1024-bit integer at some unspecified time before year 2020.

(However, it is extremely easy to botch an implementation of RSA or of any application using RSA in such a way that what confidential data it held could be recovered without bothering with the RSA key at all. If you use 1024-bit RSA keys, you can be sure that when your application will be hacked, it will not be through a RSA key factorization.)"

http://security.stackexchange.com/questions/4518/how-to-estimate-the-time-needed-to-crack-rsa-encryption

"botching" an implementation might also include deliberate "botching" of that implementation at just about any level, including the coding of the encryption application. I'm sure you see where I'm headed with this.

My confidence level that backdoors are not included in those applications is very low. These days, few pieces of software are created by anything other than a pretty good-sized team, and it would be rare if there was anyone who actually knew and had examined all of the coding in it.

In fact, I would imagine that I was the only person who could have made sense of the source code of any of the applications I wrote for my little shareware company a number of years ago. I'm a very eccentric programmer, and was prone to using things like huge numbers of undeclared global variables in my source code. I could remember them all and they made a certain sort of sense to my fevered brain, but anyone else faced with analyzing my source code would be hopelessly confused by it. I'm not a good, organized programmer.

But, that's not how most software is created. Instead, teams of people work on it. It would be pretty easy to conceal a backdoor in most major pieces of software without anyone detecting it.

I think the point is that if you make your encryption a step above what the value of your information is, you're probably in good shape. And ironically, your software approach is probably as confounding to them as anything. Simply obfuscating your messages or deliberately creating false positives may work even better than encryption.

Exploiting boredom is probably the best way to protect ourselves, and the most dangerous tool used against us. It literally made 9/11 possible.

but now we know the NSA rolled them even before they were bought by Microsoft.

People use it for all kinds of international communications, including, I suspect nefarious ones. I assumed that before I opened a Skype account, which I, too, use for international conversations. None of those communications, however, would be of any interest to anyone other than me and my friend in Europe.

Other conversations, however, might well be of interest, and those are the ones being looked for.

which is why people considered them safe.

Possibly Snowden will be able to divulge whether NSA actually has backdoor keys or is just collecting metadata.

Snowden accessed a bunch of briefing documents that the NSA uses to let people know some stuff about what they're up to.

I remember seeing similar documents over 40 years ago when I was briefed in at that agency as in E-4 in the USAF.

They're classified, but very general in nature.

I doubt that Snowden knows much beyond that general information. Exactly how Skype data is use and how it is collected and analyzed would not be within his ability to discover. Compartmentalization is intense at that agency.

Briefing documents.

who are gathering much of this information. How do you feel that might have changed since you worked for NSA. I assume at that time information gathering wasn't being "outsourced" like it is now where there are much fewer controls. Would it revise your opinion if these "Private Contractors" could share information with entities other than NSA?

Compartmentalization is intense at that agency.

Beyond that, I have no idea what's going on there now. No idea at all. But private contractors have always been involved.

How was the information controlled by them? Were they allowed to share outside the Government? If not, then who was "watching them" to see that they didn't since they were not housed at NSA. Or, at that time were they just allowed to come into NSA (given security clearance) and then could walk out with the info to use for ...What Purpose?

My access level was what you might expect for a lowly USAF E-4, although it was high enough that I could pretty much go anywhere. Most of the time, though, I was a gopher of one sort or another, assigned to various menial things due to my clearance level, except at my primary work. So, I can't answer any of your further questions. I knew people who worked for private contractors. Can't remember any of the contractors' names, though.

I'm inferring a lot about today's situation, based on what was happening then. While that may seem to be a stretch, organizations don't change how they operate a lot or how they are organized.

Or did they come and go. Did you find that concerning?

I would think since you left (was it 25 or more years ago) much has changed because of the Downsizing of Government that began with Carter through Reagan and was pretty far along in Clinton's second administration. Bush certainly did his part and Obama, also.

So the number of Private Contractors to NSA (in house) Government workers might be quite different from when you were there. Particularly given how the Internet is so widely used these days and computerization is even more widely involved in every part of our lives, industry and military.

Could you accept that there could be abuse of information that would not have been possible when you worked there that the American people need to know about?

Private contractors during my time there did both. Some were stationed in-house and some were TDA here and there.

Keep in mind that computerization was limited at the time. My desk had a typewriter on it, and there were TTY machines all over the place. The computers were somewhere else altogether.

I can accept almost any possibility, actually. However, I know very little. None of us writing on DU know very much. We're all inferring lots of things from insufficient data. There's very little of real substance in any of these discussions, and most people who are writing long posts have no direct information at all, and no connection to the intelligence community now or at any previous time.

Lots of words, and not much substance.

I can tell you, though, that all of the released information is little more than briefing documents designed for people outside of the actual organizations. They're the kind of thing shown to Congressional committees and to brief new hires. You can't say much, really, based on them about what the programs are actually doing, and nobody's going to be revealing more information that what's in those documents.

You may have noticed a good deal of silence from members of the Intelligence Committees. There's a reason for that.

I'd really like to know more about the "Public/Private" relationship in NSA. I think that's a key to some of our concerns. Is there abuse for profit? It's time we knew. The computerization has advanced so fast that it's way beyond the laws that need to be in place to deal with protecting the people's rights to privacy. It's a new somewhat uncharted territory. The ability for people with special interests to knowingly abuse information for profit or control, or both, is vast. And, it's global.

As I said in another post: How would we feel if the "former Blackwater" was working with the NSA in collecting private information on us. We saw what private contractors did in Iran and Afghanistan...working with our Military. I want to know about these NSA private contractors.

Anyhow, I'm not defending. I'm just describing.

using good open-source cryptography software like GnuPG, even the NSA can't crack it.

regardless of what any person ever did, said, typed, emailed or thought.

If a person is going to be framed and then not allowed any representation it doesn't matter what history or evidence there is, none will ever be looked at. Therein lies the real problem of unchecked and unregulated governments.

In my naive youth I used to think a contract would protect you against anything. It took some decades of business experience to learn that any contract can be rendered meaningless by a determined adversary.