That is the worst case scenario. Yes, the NSA is definitely slurping up scads of information about your phone calls. It probably isn't storing your Facebook chats, emails, and Skype calls. Our goal with this guide is to detail exactly what you need to do to assure that it can't, even if it wants to. As you will see, it is a cumbersome process.
For assistance in fleshing out this guide, we spoke with Micah Lee, a staff technologist with the Electronic Frontier Foundation who has also written a guide to some of the tools mentioned below.
First, the really bad news.
The world learned about PRISM thanks to a series of slides leaked by Edward Snowden. Among those slides was this one.
On this slide, you can see the companies that participate in the program but also the data they offer the NSA, if the agency asks. Microsoft, Google, Yahoo (complete with trademark exclamation point), Facebook, YouTube, Skype, AOL, Apple. All of the logos smushed into the header of the slide. And all of the companies to be avoided if you don't want any chance that the NSA can surveil what you're doing.
Again: We are not saying that you should not use Facebook. What we are saying is that if you are desperate to prevent the NSA from knowing what you're doing, you shouldn't use Facebook. And there's nothing you can do to make using Facebook better—no encryption, no anything can make Facebook safe from the NSA. (We'll discuss this more a little later on.)
But it gets worse. These are the companies known to be participating in PRISM as of last October (when Apple was added). Since then, others may have been added; others may be added in the future. The truly paranoid, then, will have second thoughts about nearly any major Internet company.
And then it gets worse still, as Lee pointed out. "Any company that's inside of U.S. jurisdiction," he said, "can get government requests for data. Even if they're not listed in the PRISM slides, that doesn't mean the government isn't getting data from them." If the NSA wants your data, in other words, it can probably get it. It just might not be in real-time. (We'll get back to this, too.)
Before we continue, we should flesh out an important distinction. When you think of an email, what you generally think of is the content of the email, the message. In order for that message to get to you, though, the email also needs to contain metadata, a term loosely-and-not-entirely-accurately used to refer to information about the email message itself. For example: who it is addressed to, who it came from, what its subject is. (We have gone deeper into this before.)
That distinction is important because email operates like a letter sent through the post office. A letter, sealed in an envelope, can be hidden from the mailman. But the mailman needs to be able to read the address, or your letter won't get there. In this case, the metadata is what appears on the envelope; the content is the letter.