- The Latest
  Regular reporting on government secrecy, surveillance, and the rights of reporters and whistleblowers.
  - The Classifieds
  - News Releases
- Technology
  Working open source software products to protect journalists, newsrooms, and their sources.
  - SecureDrop
  - Dangerzone
- U.S. Press Freedom Tracker
  A database of press freedom incidents in the United States.
  - Data Visualizations
  - Explore the Database
- Digital Security Education
  Digital security trainings and resources for journalists.
  - Request a Training
  - Guides & Resources
- About Us
  Protecting and defending press freedom when we need it the most.
- Our Team
  - Staff & Contributors
  - Board of Directors
- Transparency
  - Reports & Financials
  - Announcements
- Get in Touch
  - Jobs & Internships
  - Contact Us
Take action
Donate

Ask a security trainer: What about NSA surveillance?

Published March 31, 2026 Updated March 31, 2026 / Trevor Timm

Header image reading "Ask a security trainer" — Freedom of the Press Foundation (CC BY 4.0)

Welcome to “Ask a security trainer,” the column where the digital security training team at Freedom of the Press Foundation (FPF) answers your burning questions at the intersection of journalism and security. Submit yours here! This week, we’re joined by our executive director, Trevor Timm. Let’s jump right into the question.

Dear DST,

I watched a Freedom of the Press Foundation (FPF) webinar recently about the privacy and press freedom dangers of FISA Section 702 and its upcoming renewal in Congress. It sounds like the NSA and FBI are able to access all sorts of Americans’ communications without a warrant. I already used your action center to contact my member of Congress (thank you!), but what am I supposed to do if it passes? Is there anything I can do to protect my privacy?

Signed,

Calm, but Collected

–

Dear Calm,

The debates around NSA surveillance powers can often be depressing, given it seems like — at least when it comes to these 702 debates — Congress always renews the government’s power, even when they could easily pass reforms that force the government to get a warrant for Americans’ communications.

Section 702 works like this: The NSA is allowed to “target” international individuals or groups of people who talk to Americans. It vacuums up huge numbers of these conversations and then puts the American side of the communications in a database, which the FBI can access without a warrant for all sorts of unrelated, domestic reasons. In the past, the FBI has improperly accessed communications from protesters on the left and right, journalists, judges, and even members of Congress.

The good news is that technology can help you here — at least as far as we know. (While the NSA keeps a lot of its capabilities secret, and we can’t guarantee these tips will 100% prevent all NSA surveillance, there’s no public evidence to suggest otherwise.)

Use end-to-end encrypted messaging apps whenever possible. End-to-end encryption can prevent the NSA from accessing the content of your communications, and many popular messaging apps — like iMessage, WhatsApp, and Signal — all provide E2EE. E2EE means even the service provider, like Apple or Meta, cannot access your messages. Given the NSA collects a lot of data under Section 702 by forcing the tech companies to hand it over, if the companies can’t access it in the first place, the NSA may be out of luck.

But if you’re a journalist, you’re probably not just concerned about the content of your communications but also the metadata, or the information that surrounds your conversation, like who you’re talking to, when, or how often. For example, if you talk to a source five times the night before a big story, the government may not need to read your messages to guess what you’re talking about.

This is why we always recommend Signal above all other end-to-end encrypted messaging services. Facebook and Apple may log the metadata of WhatsApp and iMessage, so it’s possible they may be forced to hand it over to law enforcement or intelligence agencies.

In contrast, Signal encrypts almost all of the useful metadata as well. The Signal servers only know when you created your account; they don’t know who you’re talking to, when, or how much.

Tens or hundreds of millions of people use Signal now, so it’s likely that a lot of your international contacts do too. If not, let as many people in your circles know, Signal is the most secure way to engage in day-to-day conversations. And you can also read our guide on Signal for the best practices on how you can change settings on Signal to make it even more secure.

All the best,

Trevor Timm