It all depends on the sort of surveillance you expect. Only digital? Or do you expect your analog life to be monitored as well?
In the end, it comes down to trust
. A single 'compromised' module makes the entire system void, which essentially means you cannot even trust the OS you use. An example: think of the Debian OpenSSL vulnerability that happened by accident a year or two ago. of which similar tricks could easily be implemented by governments on purpose.
Another mind game to serve as an example is as follows... suppose your system is compromised. But you have the full source code, and you could rebuild it from scratch. The problem is.. what will you rebuild it with? Even if your source code is safe, what is to say about the compiler, maybe it is rigged so everything you compile with it has a backdoor. Or maybe only very specific stuff like security software has a backdoor! Fine, you say, I'll make sure my build environment is safe, and check MD5 or even better a SHA hash that's not been cracked yet. But how can you check it? The md5sum tool or whatever may also be backdoore. Copy it to a system that is theoretically safe? Who knows, your copy command might remove the backdoor...
Long story short: without a clean-room to pick the machine apart in, you can not be sure your system is secure. Sure, there's projects like TinyCC which are built for transparency to combat this sort of dilemma to a point, but they are not performant and take a lot of expertise to use properly to combat this problem. (And _really_ rebuilding a system from scratch, to vet every single piece of code... can easily take months, or even years.)
Do you trust your OS? Do you trust the people who made it? Do you trust the people who supplied it? Do you trust the people who create your encryption software? How about your communication channels? And this is not 'trust to make a good product', nor is it 'trust to mean well', and it isn't 'trust to make a perfect product' either.
It is a 'trust these people with your life' sort of trust. Because once you talk state-sponsored surveillance, that is obviously how high the stakes have gotten.
The safest way would be to layer, layer, and layer more. Do manual encryption based on code books. Throw that through military grade encryption. Don't send it through digital means only, use pre-arranged drop spots. Digital stuff can be monitored for far more easily than drop spots and the sort, which take human sentience and human attention to be on your person or your receiver in order to get caught. Etc. If the state is your enemy, no precaution is a precaution too many.