When asked if email encryption could defeat NSA surveillance, NSA whistleblower Edward Snowden responded that it could; but not all encryption is created equal.
NSA whistleblower Edward Snowden responded today to a series of questions delivered to him in Reddit’s famed Ask Me Anything (AMA) format, at the Guardian’s website. The exchange, known as “AskSnowden”, was held between 11 AM and 4 PM BST, and among many political, practical and technological questions that were asked, one in particular bears significance to regular technology users.
A commenter with the username Mathius1 left the following question for Snowden:
“Is encrypting my email any good at defeating the NSA survelielance[sic]? Id[sic] my data protected by standard encryption?”
Snowden then left the following words that are encouraging, and also provide a bit of good advice:
“Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on. Unfortunately, endpoint security is so terrifically weak that NSA can frequently find ways around it.”
In the answer, Snowden explains that the government cannot break through strong email encryption. At the same time, regular endpoint security is not strong, and does not provide adequate protection from a snoopy intelligence agency.
It is possible to truly protect your email data using third party systems such as the GNU Privacy Guard (GPG), and the Pretty Good Privacy program (PGP).
On a related note, Apple, who was caught up in the recent PRISM controversy, recently defended itself by claiming that iMessage and FaceTime users were completely safe from surveillance, since both services use encryption at both ends which make monitoring impossible.