No, there is no typo in the Subject, this advice is from NSA and should be good if you want to secure your data from NSA. The Register had this excellent write up on Guardian could have protected Snowden. I also like what The Register say:
Use an old-fashioned air gap. Be paranoid
You also could Steganography, using something like SteganPEG, but that is more obscurity, rather than security. The advice from The Register is sound and essentially is good if you are interested in protecting sensitive data. There are essentially four steps parts to this.
- Encryption – whilst it might seem hard to the non-geeky (I think we need to find a name similar to ‘Muggles’ – some reference for non-techy folks – of course in a good and constructive manner), it is not very hard. You should use something like GnuGP and create a asymmetric key pair (i.e. a pair of public and private keys). I would recommend you use a RSA based key pair which is 4K bits in length, using a SHA2 512 as the hash function. You should also consider the expiry date for this no more than a year, which will prevent some old keys lying around and being recycled or compromises.
- Use Clean Machines – You don’t know what is lying around on that OS and machine – could be some keyloggers for example. It is best to start with a brand new machine, which you re-install. You could either use the Security Enhanced Linux distro, or a harderned version of Windows or something else; NSA has a handy guide. You should also look to use something like BitLocker or TrueCrpyt and use that on a VM which you have built from scratch and is running on that clean machine.
- Moving the Data Securely – I think, this is the most difficult thing to do. The only way you can come close enough to do this is using Tor and a hidden service. Of course all the entry and exit points to Tor would be monitored and cannot be trusted. If you don’t know much of Tor, you can read up this guide.
- Using a Hidden Service – Use your clean machine only to interact with the absolute minimum to download data and then ensure it always remains disconnected from any network.
I also think the amount of data and information that Google and Facebook has one someone is scary. I like how The Registered ended their article with the quote from one of the UK government security staff:
You would not believe the hoops we have to jump through to access an email, all the legal paperwork that needs completing, when Google has everyone on file and no one blinks an eye