Not much we can do about it, to be fair. I'd like to think the people would get a say and be able to stop this kind of espionage, but ultimately we're fairly powerless apart from abandoning all forms of communication. Like you said, they've been doing this for a while now anyway.
Edit: The only way to beat them is to join them.
This attitude is wrong. There's plenty you can do to make it significantly more difficult for the NSA or any outside observer to capture your packets and communication. Here are a few options in order of ease of use:
- Use SSL. For both your personal outgoing and on your websites; If an incoming connection is not SSL, redirect to SSL. With the proliferation of AESNI, this is getting extremely cheap for longer connections and only marginally more expensive for single ones. Cheap enough now with free ssl cert providers (e.g. startssl) that you can do it on pretty much any site.
- Contact your government reps and express your concern. It may not get a lot done, but this is how the process works.
- Use VPN. Find an anonymizing provider you like and start using them frequently. @wlanboy, posted an abbreviated quickstart guide (full guide) for getting started with openvpn on your dd-wrt router and get it to the point where you forget its even on. Any kind of *nix router that allows you to install binaries should be able to make it nearly transparent with some DHCP + openvpn/l2tp+ipsec/softether. with VPN endpoints in the 10-15$ per year range, you can with reasonable safety push your personally identifiable web traffic off your ISP to someone who is making their living off maintaining trust with their clients by providing anonymizing.
- Secure your email. As a user, enable encryption for those recipients who support it and sign everything. Granted signatures don't prevent people from reading your mail, but it does provide assurance that you are who you say you are and a recipient might send a pubkey back for you to encrypt future emails. If running your own mailer daemon, configure it to try ssl first and verify certificates. Only provide IMAPS/993 (or POP3S if you're still using that) to off-server access.
- Compartmentalize web browsing and network access. On your desktop, set up some lightweight VMs that boot from a shared, read-only disk image w/ distinct home directory mounts per VM. Spin one up when you need it and suspend when you're done. google apps in one. financials in another, social networks in a third, shopping in a fourth. If you really want to go nuts, you can have these go out different VPN endpoints pretty easily. There are probably web browsing sandboxes that do this easier, but most of those let flash out of the sandbox. Granted, this alone won't help against monitoring by IAs, but it'll limit your XSS & CSRF damages and mess with advertising people a fair bit.
- Host your own services or find a provider who cares about security. Use services that are modeled like email; multiple hosts can group if they want (e.g. jabber) or can be completely separate.
- Use darknets. Get your friends together and start carving up some fd00::/8 (IPv6 ULA) and link your VPNs together. You can set up routing manually with some GRE-in-IPSEC links or use something like cjdns. Maybe get a little crazy with some BGP.
- Configure opportunistic encryption. Get some DNSSEC and IPSECKEY records for your in-addr.arpa delegations. Set up your IPSEC stack to attempt opportunistic encryption.
In the end, intelligence agencies will win the security game if they want to. These options only make it harder for them to opportunistically monitor that which they should not be monitoring without a court order.
Not really, when you think about it. When has government EVER done something more efficiently than a privatized competitor? The DMV and Post Office are two examples of that.
The administrative overhead of Medicare is quoted at 1% when executed in-house and 6% through privatized outsourcing by
independent (scholarly journal) study. Private medical insurance agencies have an administrative overhead typically greater than 10%, usually in the high teens range. This suggests a significant cost advantage to federalized medical insurance.
The Post Office delivers last mile service to rural america where many privatized services (e.g. FedEx, UPS) do not because it doesn't make them money. In fact, they often hire the post office to do last mile delivery for those areas. IIRC, their budget deficit is due to a government mandate that they forward fund their retirement plans for all employees (even those not yet hired) through 2019 to the tune of 3-4B/annual. They're also much cheaper than fedex/ups at any distance delivered for first class, media mail, and flat rate, and approximately on par for costs for overnight, etc. The addons for delivery confirmation, package tracking, etc, bring them up to cost with their private competitors. I think they do pretty well for themselves.
