On American Public Media's Marketplace program this morning I heard the host, Ben Johnson, interview Molly Wood, executive editor at CNET. Ms. Wood argued that "encryption of data does, at least, slow down the NSA."
The error in this statement is that the content of data exchanges across the Internet, while interesting to the NSA, is not as important to signals intelligence as the who, where, and when of communications. What those of us who understand the implications of NSA surveillance are concerned about is the potential for profiling us through metadata and the idea that encryption slows the NSA down in any meaningful way is simply wrong.
But the big topic of the interview was on a way to theoretically avoid NSA surveillance completely by using wireless mesh networks. These are local wireless networks unconnected to ISPs with transceiver nodes run by private citizens intended to service a community. Ms. Wood suggested "if you don't believe in the possibility of new encryption software the key is to just get a new Internet."
The first problem with this "solution" is that if a mesh network isn't connected to any other network and just provides services for a few hundred or even a few thousand people it won't have the utility value of the Internet, it will just be a local resource limited to things local. There'll be no buying from Amazon and eBay, no social media other than on a small scale, no Netflix, and no online gaming.
But the argument that these mesh networks would limit the NSA's surveillance abilities is just as wrong. The idea that these mesh networks would truly standalone and remain completely unconnected to the Internet is simply something that could not happen. It would only take one node to connect to both networks and the privacy and integrity of the mesh network would be potentially compromised. And by connect I don't mean in realtime.
Let's say the rule is you disconnect from the Internet before connecting to your local mesh. Even then it would only require a not particularly sophisticated rootkit designed to store and forward intelligence between the different sessions to expose the communications of the theoretically private exchanges on the theoretically private mesh network. Where would the rootkit come from? NSA phishing expeditions, already baked-in backdoors in applications and operating systems ... the list is wide and deep.
And even if the mesh network could somehow be completely isolated from any Internet connections at all the idea that the NSA wouldn't have backdoors into the operating systems of mesh network access points and the ability to crack the network's privacy if they wanted to is optimistic at best.
In short, local, private wireless mesh networks aren't a solution to privacy concerns and under the current political and judicial climate of the US the NSA will do whatever it deems necessary to fulfill what it sees as its mission.
John Gilmore, the Internet activist and one of the founders of Electronic Frontier Foundation is famous for his observation that "The Net interprets censorship as damage and routes around it." When it comes to government surveillance you might say that "The NSA interprets anything that gets in the way of its mission as trivial and will find a way to route around it."