Last summer, the world’s largest Internet companies learned they’d been hacked by the U.S. government.
Their answer for 2014: encrypt everything.
Over the last eight months, Yahoo encrypted its e-mail service and Google extended encryption to every search term that users enter. Microsoft said that by the end of this year it plans to encrypt all the data traveling to and from its networks. “Encryption on the Web is expanding enormously,” says Peter Eckersley, technology projects director at the Electronic Frontier Foundation (EFF), which grades companies on how well they do at protecting users’ privacy.
The EFF believes that within a few years, every file crossing the Internet could be protected with encryption, which uses mathematics to scramble and unscramble messages.
Encryption does not guarantee complete privacy—ciphers can be broken or compromised. But its widespread use could seriously hinder both cybercriminals and bulk collection of data by governments. That’s because even someone who is able to pilfer encrypted data can’t easily read it.
Encryption was already a rising trend, even before the spy scandal. Major security breaches have shown that computer networks are not safe from intruders. Last year, hackers stole millions of credit card numbers from Target and Neiman Marcus after finding clever ways to gain access to their systems.
“Today’s networks are like Swiss cheese. It’s very easy to get in, move laterally, and exfiltrate data,” says Dmitri Alperovitch, cofounder of the security firm CrowdStrike. “People are using tools from the 1990s to do it.”
Encrypting data, like customers’ credit card information, is an additional line of defense. But encrypting stored data (as opposed to data in transit) turns out to pose a difficult puzzle. Encrypting the data protects it but also makes it difficult to search or process—rendering it less useful.
Encryption also takes up computer time, the main reason Web companies like Yahoo didn’t always use it before. But Internet firms realize they must now take extraordinary steps in response to extraordinary new threats.