The NSA versus the CIA: How to protect yourself from both

NSA vs. CIA: Which is worst for spying? The NSA want to collect it all, whereas the CIA prefer direct targeting. Here's how to defend against both.
Tips & tricks
4 mins
NSA v CIA

In 2013, Edward Snowden showed the National Security Agency (NSA) has a global surveillance apparatus covering all our digital communications.

Then, in 2017, Wikileaks released a trove of data from inside the “other” U.S. intelligence agency, the Central Intelligence Agency (CIA).

The leaks expose the workings of the otherwise hermetically sealed spying agencies of the world’s most powerful nation.

We have learned that the NSA and the CIA are very different in their spying techniques and hacks.

The NSA mostly relies on intercepting mass amounts of data, breaking encryption protocols, and penetrating telecommunications providers.

The CIA, however, focuses on the endpoints—compromising devices and humans instead.

NSA vs. CIA: How their spying techniques differ

While the NSA might attempt to intercept and break the encryption of all of the world’s chat messages, the CIA would try to retrieve the messages directly from your phone.

Likewise, the NSA is interested in knowing where all cars are at all times, while the CIA is only interested in hacking your car (and how to use it to assassinate you).

How the NSA spies on everyone

How the NSA surveils the planet

The NSA doesn’t have any field agents. Their employees almost exclusively remain at the NSA’s physical locations and data centers, most notably Fort Meade in Maryland or the Utah Data Center.

While the NSA does have agents stationed in listening outposts around the world, it relies on help from other agencies or government branches to physically infiltrate the world’s internet infrastructure and undersea cables.

Because of this, you’re physically safe from the NSA. They might try to hack your systems remotely, but it’s incredibly unlikely they’ll come to you in person to take your laptop (although they might intercept and install spyware on your shipments).

The NSA aims to “collect it all,” meaning they want to build a database of every piece of information ever exchanged across the internet.

Mass encryption is a hindrance to the NSA spying machine, but it’s not enough

Before encryption was widespread across the internet, the NSA’s US$11b annual budget made it easy for them to hoover data. By tapping central points of global internet infrastructure, they collected most emails, phone calls, browsing sessions, and data.

Where encryption is applied, the NSA will attempt to strip protections from communications. Interfering with connections can trick participants into thinking there’s an error. The hope is people will revert to unencrypted channels to circumvent the fabricated error.

If protection stripping doesn’t work, the NSA will break into data centers where emails or phone calls are stored or compromise the service providers. If the NSA can’t intercept data in transit, they can access it at the data center

Additionally, the NSA will attempt to weaken or break encryption systems or introduce backdoors (often through secret payments). These last steps, in particular, have left our networks more vulnerable to hackers.

Indeed, given their budget, size, and sophistication, the NSA is likely the first to find significant vulnerabilities in tech products and protocols. But they are not the last, and any vulnerability, if not fixed immediately, is eventually discovered by other governments and criminals.

The government is picking our locks, sneaking around our private lives, and leaving the door open for others to come in.

How the CIA hacks people

How the CIA will hack you

Unlike the NSA, the CIA has agents in the field. You can expect them to find you wherever you are in the world.

But the CIA does not monitor or hack the internet on a massive scale (the NSA does that already).

The CIA uses hacking techniques to extract intelligence directly from the endpoints, like your phone or computer. It’s difficult to hack devices on a large scale, and targeted attacks wield better results.

The CIA employs many computer scientists and researchers to find weaknesses. Their goal is to get into your device, either remotely or directly, to extract data and intelligence, or perhaps even control it.

Similarly to the NSA, the CIA also hoards vulnerabilities instead of disclosing them to manufacturers.

How to protect yourself from the NSA and the CIA

Unless the U.S. government has targeted you, you shouldn’t fear the CIA.

It’s creepy and uncomfortable, not to mention unjust and illegal, to have your every move recorded in perpetuity by the NSA. Their actions also expose you to others, like stalkers, local governments, or criminal enterprises.

“The government is picking our locks, sneaking around our private lives, and leaving the door open for others to come in.”

Use encryption whenever you can. Consider encrypting your sensitive emails with PGP or move to more secure instant messaging platforms.

To stop the NSA tracking you:

  • Always pay with cash or Bitcoin
  • Avoid ridesharing apps and online shops
  • Search with DuckDuckGo
  • Encrypt your chats
  • Don’t use email
  • Browse with Tor and a VPN
  • Block ads and third-party cookies
  • Avoid social networks

It’s tough to do, but turning your phone off (or getting rid of it) will make it more difficult for the NSA to track your movements. You could also make an effort to disappear completely.

To stop the CIA tracking you:

  • Use devices that receive regular security updates
  • Always update your phone and computer (to protect against known security vulnerabilities)
  • Don’t leave your devices unattended
  • Don’t put unnecessary networked devices in your home (cameras, smart TVs, fridges)

And remember, if you’re at risk of assassination, avoid newer car models altogether!

Lexie is the blog's resident tech expert and gets excited about empowerment through technology, space travel, and pancakes with blueberries.