It's a sad day for data professionals. We've been entrusted with keeping data safe, information protected inside of our corporate walls. Many of us agonize and worry that we've missed something in our planning for potential data loss or theft. We fret and stress over the lack of resources devoted to security, wondering when, not if, we will suffer a breach. Many of us make efforts to implement encryption to protect our backup tapes.
That might all be for naught. It's sad that the US government, in the form of the NSA, apparently has access to much of our data. I doubt they have backdoors into our SQL Server instances, but perhaps they do. Who knows if there are trojans, viruses, or other digital constructs at play here. I'm sure the NSA would claim they are only looking for criminal activity, and we have nothing to worry about, but I'm not so sure that's the case.
If other agencies outside the NSA can request this data, how long before individual congressman or other officials start asking for data? How long before a bad movie plot becomes reality with lobbyists asking not for laws, but for information about competitors? In an era when it seems almost everything is for sale, is that far-fetched? If Microsoft, Google, and Facebook comply with government requests, who's to say Symmantec isn't ignoring the domestic equivalent of Stuxnet inside corporate systems?
I've seen articles about how to protect yourself or your company, including encrypting everything to cause more of a headache, but I'm not sure any of that will help. The NSA is constantly working on better ways to break encryption, and when that doesn't work, they strong-arm companies. I wouldn't count on these even super strong server protection, since I'm sure the NSA would just look to attack clients instead of servers, getting information as it's being transferred or accessed.
This is a sad day for data, security, and privacy. Perhaps it's been so for a long time, but it's naive to think this is just an NSA problem. There's a moral issue involved with assuming anyone or any group has the right to view another organization's data. There's also a security issue. The NSA might have built back doors, or exploited the architecture of the current digital infrastructure, but as we all know, not a lot remains secret on the Internet for long. Other countries and organizations will take advantage of any issue; perhaps they already are.
The digital world dramatically levels the playing field for all participants, big or small. After all, for over 50 years, it's been the domain of countries alone to send payloads into space and bring back the spacecraft. Not too long ago a computer programmer did it with his own company. Size truly doesn't matter in the digital world.