Encryption is likely to be most effective against upstream data collection efforts, said Matthew Green, a cryptographer and research professor at the Johns Hopkins University Information Security Institute in Baltimore, via email.
The challenge is what kind of encryption to use, Green said. SSL is the most common way to protect data transmitted over the wire and the protocol is actually fairly strong, but SSL keys are relatively small and it's not outside the realm of possibility that an organization like the NSA could obtain these keys at some point, he said.
There is already evidence that the NSA is performing upstream traffic interception on the networks of high-level ISPs that operate Internet backbone infrastructure, as shown by the case of Room 641A, an NSA Internet traffic interception facility located in a AT&T building in San Francisco that was exposed in 2006.
"We have no idea what the NSA can do," Green said. "However it's reasonable to assume that even if they can break modern encryption schemes -- a pretty big assumption -- it's going to be pretty expensive for them to do so. That rules out massive non-targeted eavesdropping on encrypted connections."
The feasibility of breaking SSL encryption is also determined by the different configurations in which the protocol can be used. For example, the Diffie-Hellman -- DHE and ECDHE -- configurations of SSL are much more difficult to tap than the RSA configuration, Green said.
In order for encryption to completely prevent unwanted surveillance, the data must be encrypted throughout its life, said Dwayne Melancon, chief technology officer of IT security firm Tripwire, via email. "If it is in the clear at any point (at rest, in use, or in motion) it could potentially be accessed by others without credentials."
This means that data needs to remain encrypted not only as it travels across the global Internet and passes through routers and servers in different jurisdictions, but also while it's used in real time by applications, as well as when stored for backup purposes.
Ensuring that the private keys used to encrypt the data remain secret at all times is paramount. That's not easy to do when running live applications and hosting databases on cloud servers or when relying on other cloud services.
"If an organization relies on the cloud service provider [CSP] for encryption, the CSP holds the encryption keys," said Steve Weis, chief technology officer at PrivateCore, a company that develops technology for encrypting data during program execution, via email. "The organization has no knowledge or control when someone lawfully attempts to access encrypted data. The organization is blind."