(An aside: The NSA will assert that if the "you" to which we are referring is an American citizen, they can't read your data, by law. Except that there are big loopholes, like "accidents" or if you are very loosely connected to an overseas suspect.)

Our question to Galperin was whether the NSA introducing back-doors to encryption standards or working with tech companies meant online communication was necessarily unsafe — or if hackers could use the same tools to access our information. Her answer, in short: it doesn't matter much. First, because of the list of ways the NSA can spy on you if it wants. But mostly because you should be using different encryption anyway if you're concerned about privacy.

The NSA has a "store of zero-day vulnerabilities," she said, a collection of known security flaws that have never been used publicly (ergo, have been known about for "zero days"). But it isn't just the NSA that does. "There are entire exploit markets out there," Galperin said, that allow hackers to share known exploits. Companies and the government buy zero-days and exploits from hackers; it's one of the reasons that the government is deliberate about building relationships with the hacking community. In other words, there are so many ways that your privacy is at risk and from so many actors.

Galperin pointed to a Guardian article by computer security specialist Bruce Schneier, who wrote on Thursday, "Try to use public-domain encryption that has to be compatible with other implementations." By using open-source encryption tools, like PGP, entire communities of people watch the code to ensure that no back doors exist like the ones the NSA added to at least one international standard. ("The good news," Galperin said of that standard, "is that cryptographers had noticed before now that the standards were weaker.") By using that encryption, you force the NSA to use tools that either require "more overhead" — like banks of servers or analysts specifically targeting your computer — or that it can't reuse, like the zero-day exploits which could lose effectiveness after being used once.

Another of Schneier's points — "Assume that while your computer can be compromised, it would take work and risk on the part of the NSA — so it probably isn't" — would resonate with Galperin. "Even though this is a big story about how the NSA owns everything," Galperin said, "it's really a call to action." Use more encryption in your communications — see our guide to doing so — and it makes the NSA's job more resource-intensive across the board. Once upon a time, internet users relied on "privacy through obscurity," the unwise idea that your own online existence was unknown enough as to ensure no one ever saw it. Now, a revision: "privacy through increased overhead." It's not a perfect response, but it is apparently one of the better responses we've got.

This article is from the archive of our partner The Wire.