The New York Times has published another set of revelations about secret spying programs at the NSA, and this time they have major implications for developers. According to documents provided by leaker Edward Snowden, “The agency has circumvented or cracked much of the encryption, or digital scrambling, that guards global commerce and banking systems, protects sensitive data like trade secrets and medical records, and automatically secures the e-mails, Web searches, Internet chats and phone calls of Americans and others around the world.”
The article also alleges, “The agency used its influence as the world’s most experienced code maker to covertly introduce weaknesses into the encryption standards followed by hardware and software developers around the world.”
So have encryption technologies like SSL and AES, on which developers rely every day, been broken? Do they contain backdoors that enable government snooping? ZDNet notes, “The reports don’t give us enough detail to spell out what security standards and products were actually broken.”
For now, it seems developers will have to wait for more information about which standards are “secure.” And some developers will no doubt get to work creating new security protocols that the NSA hasn’t yet breached.