No more secrets
So if even the people in the secure email business are saying email isn't secure, what is?
It sure isn't mobile phones. GSM and CDMA — phone technologies used in the U.S. — both encrypt the digital audio of your conversation, but it's decrypted once it hits the telephone network, and hackers or law enforcement can intercept it at any number of places. And besides that, whether you're being tracked by cell towers or eavesdropped by voice command bots, there are plenty of known privacy leaks in today's smartphones.
Some leaks are even features. "Google's new phone listens to you 24/7," said Schneier, referring to the Moto X. "Does that sound like a good idea?"
If you want privacy while talking on the phone, you'll need to get off the voice network and use encrypted data instead; apps like Silent Voice create an end-to-end encrypted channel between two phones, but both sides have to have the app — and at $120 a year, that's a tough sell for some.
The same thing goes for online voice and video chatting. Skype was once renowned for being friendly to the security-conscious, but since its purchase by Microsoft in 2011, the service has failed to assure its users that it still has the same commitment to confidentiality.
Apple boasts of end-to-end encryption for FaceTime, saying that "no one but the sender and receiver can see or read them." The company adds it doesn't "store data related to customers' location, Map searches or Siri requests in any identifiable form." What doesn't it say? That it stores other metadata associated with the session.
"When you connect to your friend, you're relying on Apple to connect you. They're like the phonebook," Christopher Soghoian, technologist and analyst for the ACLU, told NBC News. "Apple occupies a trusted position in that ecosystem, and what you really want is a system where users don't have to trust any company."
The same metadata conundrum vexes Apple's iMessage, and third-party messaging services like SnapChat and WhatsApp. BlackBerry Messenger was an early precursor to these, providing end-to-end encryption to businesses exchanging sensitive data. Governments around the world demanded access to these confidential communications, and RIM, to its credit, publicly fought such requests. But even with BBM there's a trail of metadata.
Services that don't rely on middlemen like Apple and BlackBerry are being developed; WebRTC is one that could potentially allow secure communications between any two IP addresses, without the need to consult a central directory.
'Not a technical problem, a legal problem'
The solution may be out there, but we may be looking in the wrong places. Is it reasonable to expect privacy from a company like Google, which makes money selling ads based on tracking everything you do online?
"I'm not saying Google is evil — they're not," said Soghoian. "But they're an advertising company. The wolf is providing the tools to the sheep."
Schneier concurs: "There's a lot of tech you can bring to bear — but remember, the business model of the Internet is surveillance."
He suggests the solution does not lie in a technological breakthrough or even simple consumer awareness. "This is not a technical problem," he said. "This is a legal problem."
It's been just a few months since the NSA revelations began shifting the debate on security away from paranoiacs and cautious journalists to everyone who uses the Internet. We may not see the results of that for years, as individuals, companies and regulators update their definitions and expectations of privacy.
What can you do in the meantime? A few downloads and settings can help you keep a lower profile, but until the next generation of privacy tools hits, your best bet for a confidential conversation might be at a quiet bench at the park.
—Devin Coldewey is a contributing writer for NBC News Digital. His personal website is coldewey.cc.