I must first say that when I first heard about the leak of NSA’s PRISM project I was entirely unsurprised. I really thought it was little more than a ‘public secret’ that digital communications were being monitored and stored by secret services. It’s a Spy vs. Spy world we live in, fueled by political, economic and military interests. And the technology for it is apparently available, so if you’re in the business of covertly scanning for nutcases who want to blow up stuff then why not use it? I would think it very unlikely that the NSA is the only intelligence organization with a PRISM program and intelligence gathering via the PRISM programs is probably widely shared with allies of the USA anyway.
But of course no-one will ever actually read your emails—no human anyway. I believe that globally nearly 300 billion emails are sent every day, which is a lot to go through. But most of it is spam though, so let’s assume the NSA has a decent spam filter. Then they only have to wade through around two billion emails every day. Now let me illustrate just how mind-bogglingly large this torrent of communication is. If it would take just a a minute on average to read an email, then one secret agent would have to read non-stop for nearly four thousand years to process them all. Perhaps a blessing in disguise, since it would would probably take him centuries to learn all the languages emails are sent in anyway. And when further taking into account that many emails tend be written less like a Shakespearean sonnet and more like what a monkey produces when left alone with a typewriter for five minutes, I think we should first and foremost pity the NSA people who would have to suffer reading them all. That’s probably why they would just write clever software to filter out ‘interesting’ emails anyway, just like Gmail does to target their ads. You would probably first have to try and get their attention with your behavior, such as ordering “Terrorism for dummies” on Amazon.com or whatever to show up on their scanners. So unless you’re a terrorist attending a discussion in the Al-Qaeda whatsapp group about a diabolical plan to attack the next world curling games, I daresay not a single spy is going to be very interested in reading any of your digital communications.
Furthermore, you only have to look at recent hacking affairs such as the Climatic Research Unit email controversy or the recent leaking of 6.5 million LinkedIn user passwords to realize that digital communications should never be considered to be private or secure. A wise user of email services, social networks and chat clients should act accordingly, such as not forgetting to log out when leaving the computer unattended (frape anyone?). Many GNU/Linux operating systems will offer you the option of encrypting your personal files upon installation, by using filesystem-level encryption or even disk encryption. And software such as GNU Privacy Guard and PGP have been around for many years now. I started toying around with these programs ten years ago and nowadays they are just so trivial to set up—a child of five can do it.
Yet in all these years I have not once signed someone else’s PGP key or received any email communication from my friends and family in which encryption was used to keep the contents of the email private. Part of me sometimes thinks some people secretly want to be spied on, and that everyone else simply doesn’t care. But maybe that will all change now. Perhaps we will also see a revival of the mail industry? I doubt the NSA will have the resources to photocopy two billion handwritten letters every day.
For what it’s worth, my new PGP key ID is 0x26D63236
You can look it up on a PGP public key server, such as pgp.mit.edu