How
to remain secure against NSA surveillance, "Guardian", by Bruce
Schneier:
As was revealed today, the NSA also works with security product vendors to ensure that commercial encryption products are broken in secret ways that only it knows about. We know this has happened historically: CryptoAG and Lotus Notes are the most public examples, and there is evidence of a back door in Windows. A few people have told me some recent stories about their experiences, and I plan to write about them soon. Basically, the NSA asks companies to subtly change their products in undetectable ways: making the random number generator less random, leaking the key somehow, adding a common exponent to a public-key exchange protocol, and so on. If the back door is discovered, it's explained away as a mistake. And as we now know, the NSA has enjoyed enormous success from this program
US
and UK spy agencies defeat privacy and security on the internet,
"Guardian":
Analysts on the Edgehill project were working on ways into the networks of
major webmail providers as part of the decryption project. A quarterly
update from 2012 notes the project's team "continue to work on
understanding" the big four communication providers, named in the document
as Hotmail, Google, Yahoo and Facebook, adding "work has predominantly been
focused this quarter on Google due to new access opportunities being
developed".
To help secure an insider advantage, GCHQ also established a Humint
Operations Team (HOT). Humint, short for "human intelligence" refers to
information gleaned directly from sources or undercover agents.
This GCHQ team was, according to an internal document, "responsible for
identifying, recruiting and running covert agents in the global
telecommunications industry."