precautions to be taken to improve Internet Security explain
Answers
Answer:
Rethink your email setup. Assume that all "free" email and webmail services (Gmail etc) are suspect. Be prepared to pay for a service, such as Fastmail,that is not based in the US – though some of its servers are in New York with backups in Norway. (My hunch is that more non-US email services will appear as entrepreneurs spot the business opportunity created by the Snowden revelations.) It would also be worth checking that your organisation has not quietly outsourced its email and IT systems to Google or Microsoft – as many UK organisations (including newspapers and universities) have.
The real difficulty with email is that while there are ways of keeping the content of messages private (see encryption), the "metadata" that goes with the message (the "envelope", as it were) can be very revealing, and there's no way of encrypting that because its needed by the internet routing system and is available to most security services without a warrant.
2 Encryption
Encryption used to be the sole province of geeks and mathematicians, but a lot has changed in recent years. In particular, various publicly available tools have taken the rocket science out of encrypting (and decrypting) email and files. GPG for Mail, for example, is an open source plug-in for the Apple Mail program that makes it easy to encrypt, decrypt, sign and verify emails using the OpenPGP standard. And for protecting files, newer versions of Apple's OS X operating system come with FileVault, a program that encrypts the hard drive of a computer. Those running Microsoft Windows have a similar program. This software will scramble your data, but won't protect you from government authorities demanding your encryption key under the Regulation of Investigatory Powers Act (2000), which is why some aficionados recommend TrueCrypt, a program with some very interesting facilities, which might have been useful to David Miranda.
3 Web browsing
Since browsing is probably what internet users do most, it's worth taking browser security and privacy seriously. If you're unhappy that your clickstream (the log of the sites you visit) is in effect public property as far as the security services are concerned, you might consider using freely available tools such as Tor Browser to obscure your clickstream. And to protect yourself against the amazingly brazen efforts by commercial companies to track your online behaviour you should, at the very minimum, configure your browser so that it repels many of these would-be boarders.
4 Cloud services
The message of the Snowden revelations is that you should avoid all cloud services (Dropbox, iCloud, Evernote, etc) that are based in the US, the UK, France and other jurisdictions known to be tolerant of NSA-style snooping. Your working assumption should be that anything stored on such systems is potentially accessible by others. And if you must entrust data to them, make sure it's encrypted.
5 File storage and archiving
An option that an increasing numbers of people are exploring is running their own personal cloud service using products such as PogoPlug and Transporter that provide Dropbox-type facilities, but on internet connected drives that you own and control. And if you carry around confidential data on a USB stick, make sure it's encrypted using TrueCrypt.nation: