Depends what level you're talking about. Can the NSA intercept server/switch/router shipments, alter the firmware/BIOS and send on? Sure (plenty of data about that). We build our own servers (not primarily because we love wearing tin foil hats, more likely we can't be arsed with blame games and wait times if an issue occurs). Does Microsoft et al potentially access your emails, hand off data to relevant parties etc? Sure, that's quite possible on a technical level. We host our own servers, both on an exhange level for mailboxes and processing against spam before reaching exchange servers, plus the client on-site servers managed by us. Once we receive the emails from the Internet, we're also transmitting that data via our own WAN. Weakness to this is of course mobile devices receiving data, most of which have security/management on them (subject to client willing to spend of course). VPNs are perfectly possible as well but there are pros and cons.
As Aklze says, stuff like calls/SMS can all be retrieved at the carrier level not involving your mobile. On-device encryption is available, just depends how usable you want it I guess. BlackBerry was quite famous for one. I can encrypt entire operating systems on machines if I need to, but it means your options around recovery/migration are much harder. I do have a section of my laptop disk encrypted and it holds all my emails and sensitive data. Chuck in a secondary password after login (and login passwords are easily beaten - I've needed to do it several times) otherwise Outlook is useless and the two operating systems just have applications, all the data is encrypted (and that password is over 15 characters)...
Again though, you gotta figure out just how much security is necessary vs the inconvenience/cost. I've had several clients (and potential) list security concerns, we propose a system to meet requirements and then find their idea of spend is the very basics... Ultimately security is a layered approach, both digitally and physically.
Bookmarks