It's not one or the other, and the NSA has demonstrated that it will use all the resources at its disposal to circumvent any technical protection.
The NSA also holds a trump card: the law and the US government. I assume at some point that Congress will pass laws, or the secret court will authorize, compelling every American company to essentially open itself to unfettered access and surveillance. US companies already are subject to NSLs, and the Law of Boiling Frogs suggests that it's only a matter of time until surveillance is openly and explicitly compulsory.
The only long term effective way to cut this off is to cut off the NSA's budget and scale back their efforts. But I also believe that will not happen until the first ski resort opens in hell.
This is why I am increasingly convinced that GPL(v3) is going to become a bastion of hope for privacy. The major problem is that companies want to make money off the software, close it up and proprietize it, and then the gov comes along with a NSL or blackbox or other comprimise and backdoors/weakens the system, and all of a sudden all the customers of the company are vulnerable. FOSS and in particular GPL, is the way around this. Software companies should be selling support, not the software (IMHO).
Software can always be disassembled. I'm much more concerned about proprietary firmware and hardware backdoors. You should be too. Another thing also, is that the NSA have been shown to be weakening crypto standards like RNGs and, possibly, ECC. The problem with this is other standards like TLS and such ultimately use this infrastructure and that affects all software, FOSS included.
I agree with you about firmware, but you will notice a very important overlap between the firmware and the software sectors here, in that it tends to be true that you end up with closed software to match the closed hardware (cellphone radio modems having DMA to the same address space as the CPU all under proprietary firmware and software blobs is a good example). I very much agree that we need open hardware, but it doesn't seem to be much of a priority for any of the big players that I am aware of.
Regarding the weakening of crypto standards, this is why I think everyone is wrong when they tell you not to roll your own. Even William Binney (NSA whistleblower) has been saying so recently.
The NSA also holds a trump card: the law and the US government. I assume at some point that Congress will pass laws, or the secret court will authorize, compelling every American company to essentially open itself to unfettered access and surveillance. US companies already are subject to NSLs, and the Law of Boiling Frogs suggests that it's only a matter of time until surveillance is openly and explicitly compulsory.
The only long term effective way to cut this off is to cut off the NSA's budget and scale back their efforts. But I also believe that will not happen until the first ski resort opens in hell.
We're burning our own village to save it.