When the power of a nation-state is directed upon you, they have resources that completely boggle the mind. This applies even if it’s a minor power: Estonia, Hungary, and Cambodia all have their own capabilities and, while very small compared to some, your ability to hide from a country that makes you Priority One is limited. They have seasoned pros that are in all likelihood a lot better than you are, and the allies they call in when they need help are even more dangerous to you.
But of all the agencies, the National Security Administration possesses perhaps the most impressive capability for finding information on the planet. This comes largely from being funded at a level that completely dwarfs every other nation (he NSA’s actual budget is classified, but it is believed to have received at least $10 billion and perhaps as much as $20 billion in the 2012-13 intelligence community budget) and having access to an array of locations and technologies that few if any other nations possess. Many of its listening posts (not including temporary posts on ships, in aircraft, and set up in vehicles or shacks) are known even if exactly what each does is not, and their presence around the world shows the reach the NSA has through US allies. Their technological edge includes supercomputers, interception methods, and hacking capabilities that render most defenses nearly moot.
The previous article discussed the difficulties associated with encryption, both in getting it right and in circumventing it by accessing the data via other means when it’s not encrypted. In short, it requires some very careful planning to make sure that your implementation, both from a technical and an operational perspective, are as solid as they can be, and this is where most people fail.
This is not to say that encryption is useless. Far from it. If you’re trying to secure information from competitors, random attackers, or other enemies, it’s one of the best tools available. Even if you’re doing something that a national agency doesn’t want you doing, it’s better to encrypt than to not, if possible and practical. And there are ways to give even the most powerful adversary a headache. But if you come under the scrutiny of the NSA, it becomes exceptionally difficult to effectively hide the contents of the message unless you take very specific precautions and you do it without failure every single time.
From this rises the second question from the last article: how do you avoid the NSA if they’re looking for you? This turns out to be extraordinarily difficult not only because of the NSA’s reach into the world’s communications but also the legal framework in which the NSA operates. We’ll start by looking at how far and with what difficulty the NSA can actually look.