GnuPG.. have you ever wondered 2156

It's interesting that in 1995, PGP was almost outlawed because the NSA found it too difficult to decrypt. The creator made a concession which made the decryption more managible.

The NSA is always walking a fine line. They understand the need for secure encrypted communications which can't be intercepted by the average hacker or wiretap, but at the same time, they need to be able to monitor communications.

Both Triple-DES and PGP are normally almost too secure. They are painfully hard to decrypt even with smart approaches (as opposed to "Brute Force Decrypts"). Fortunately most organizations use Public Key Infrastructures - they use a certificate authority who validates signatures, and sends the private key to the parties exchanging information - but if there is a court ordered wire-tap, the CA can also send the private key to the NSA.

Most corporate sites are required to use CAs, both as a practial matter, and in compliance with directives from the FBI, the FCC, and other regulatory agencies.

The few leaks of "clear text" messages are usually because someone wasn't paying attention. More often, the messages intercepted weren't sent clear text, but they were pbutting through monitor points which could be decrypted under court order.

When private keys are used or public keys are exchanged without a CA, the NSA can often use hacker tactics to access one or more of the private keys. It could be as simple as sending you what looks like spam - but contains an ActiveX control that reads the Microsoft certificates or the ssh directory for the key files.

Until recently the buttumption was that these wiretaps could only be used under a court order, but it seems that this is not the case.

Most of the techniques used by the NSA are confidential and disclosure involves a 10 prison term - or worse ;)

They don't watch everybody, but if they feel you need watching, it really isn't that hard.