When Marissa Mayer, Yahoo?s chief executive, recently announced the company?s biggest security overhaul in more than a decade, she did not exactly receive a standing ovation.
Ordinary users asked. Mayer why Yahoo was not doing more. Privacy activists were more blunt. ?Even after today?s announcement, Yahoo still lags far behind Google on web security,? said Christopher Soghoian, a technology analyst at the American Civil Liberties Union.
For big internet outfits, it is no longer enough to have a fast-loading smartphone app or cool messaging service. In the era of Edward Snowden and his revelations of mass government surveillance, companies are competing to show users how well their data is protected from prying eyes, with billions of dollars in revenue hanging in the balance.
On Thursday, Microsoft will be the latest technology company to announce plans to shield its services from outside surveillance. It is in the process of adding state-of-the-art encryption features to various consumer services and internally at its data centres.
The announcement follows similar efforts by Google, Mozilla, Twitter, Facebook and Yahoo in what has effectively become a digital arms race with the National Security Agency as the companies react to what some have called the ?Snowden Effect?.
While security has long simmered as a concern for users, many companies were reluctant to employ modern protections, worried that upgrades would slow down connections and add complexity to their networks.
But the issue boiled over six months ago, when documents leaked by Snowden described efforts by the NSA and its intelligence partners to spy on millions of internet users. More than half of Americans surveyed say NSA surveillance has intruded on their personal privacy rights, according to a Washington Post-ABC News poll conducted in November.
The revelations also shook Internet companies, which have been trying to reassure customers that they are doing what they can to protect their data from spying. They have long complied with legal orders to hand over information, but were alarmed by more recent news that the NSA was also accessing their data without their knowledge.
?We want to ensure that governments use legal process rather than technological brute force to obtain customer data ? it?s as simple as that,? said Bradford L Smith, Microsoft?s general counsel, in an interview.
Already, the Snowden revelations threaten to erode the market share of American technology companies abroad.
In India, government officials are now barred from using email services that have servers located in the United States. In Brazil, lawmakers are pushing for laws that would force foreign companies to spend billions redesigning their systems ? and possibly the entire Internet ? to keep Brazilian data from leaving the country.
Forrester Research projected the fallout could cost the so-called cloud computing industry as much as $180 billion ? a quarter of its revenue ? by 2016.
?The world is quickly being divided into companies that are secure and companies that are not,? said Bhaskar Chakravorti, a dean of international business and finance at the Fletcher School at Tufts University.
One by one, technology companies have been scrambling to plug security holes.
The best defense, security experts say, is using Transport Layer Security, a type of encryption familiar to many through the ?https? and padlock symbol at the beginning of web addresses that use the technology.
Banks and other financial sites have used such security for years, and Google and Twitter along with Microsoft?s email service made it standard long ago. Facebook adopted https systemwide this year. And Ms. Mayer said Yahoo would finally allow consumers to encrypt all their Yahoo data in January.
But as many sites move to https, security experts say more advanced security measures are needed.
That?s why companies like Google, Mozilla, Facebook and Twitter have added another layer of protection, called Perfect Forward Secrecy. That technology adds a second lock to each user?s transmissions, with the key changed frequently. Microsoft plans to add the encryption method next year, but Yahoo has not said whether it will add it.
?Perfect Forward Secrecy is a billion different secrets, and it?s not protected by one central secret,? said Scott Renfro, a Facebook software engineer who works on the company?s security infrastructure.
So even if an outsider obtained the master key, it would still have to crack the other keys, over and over again.
?This type of protection should have been engineered into all web systems and all Internet systems to begin with,? said Jacob Hoffman-Andrews, an engineer at Twitter.
