Keylogging can be done in the following ways.
* With hardware or software installed on the target machine (either directly or through trojans, malware, etc.).
* By acoustic analysis from a physical location very near the target machine.
* By visual analysis with cameras or a line of sight to the target machine.
* By way of getting login information for the target machine and logging in to that machine from a remote machine or otherwise cracking the machine.
* Electromagnetic emissions (requires receiver to be near machine).
* Various methods of sniffing or grabbing packets (example: getting the information en route to web forms).
There’s no magic way to detect keystrokes from afar. If the signals are not leaving the machine and no nearby surveillance methods are used, it’s not happening. Software for monitoring outgoing signals is one of many ways to detect keyloggers. The best preventions are good local physical security, hardware security and operating system security. Avoid popular closed-source operating systems and software.
What do you mean by closed-source operating systems and software?
Seems like malware is probably the most likely way.
If the NSA is using keylogging, would they be doing it through malware? Making it difficult to prove who was actually doing it? Is our government engaging in computer hacking on normal (non-military, non-espionage-type) people?