| There are two issues with this statement. Firstly - you compare securing against the NSA to securing against "hackers". This massively underestimates the reach and resources of the NSA (or any nation-state actor).
You can, to a point, keep out all but the most determined and skilled individuals.
You almost certainly cannot keep out the NSA if they really want to target you. Even a physical airgap may not be enough (see: stuxnet). Your example mentioned HTTPS specifically - how does this help if they can force/compromise the host to give up their TLS keys and MiTM your connection? Secondly - all this does is encrypt the contents of your communication - it doesn't hide who you are, it doesn't hide who you're talking to, and other metadata besides this (yes, I know metadata is at this point a painfully overused term - sadly I can't think of a good synonym right now).
You significantly undervalue how important it is to hide this information from an adversary. Right now, if a major nation state targets you specifically, you have almost no chance. You'd need perfect operational security to anonymise yourself, encryption that can't be broken by forcing a local entity to surrender the key, and to implement this every time without making a mistake. Some people have managed this, but not very many. If you're just looking to avoid dragnet surveillance, you're in a bad place too. The information we have suggests that it's the metadata, not the content of the communications, that is stored - and very little of that is hidden by using HTTPS rather than HTTP. None of that should suggest that HTTPS isn't worthwhile - it very much is. And there's little reason not use use HTTPS everywhere these days. But it won't on it's own protect you very much from the NSA - that's why court cases like this are being raised (though I doubt it'll achieve anything in practice). |