In the era where internet is becoming another play ground for military and political gains and has become essential part in lives of large section of the society, this threat is greater than what we can perceive now.
NSA aka No Such Agency, along with other U.S. based intelligence community is spending about 20% of the its USD52.6 billion annual funding on cryptography related programs and operations. This was recently disclosed by The Washington Post, which has accessed documents released by Edward Snowden.
Few years back when I was living in Ahmedabad, in a lecture, one of the Professors at IIM-A asked us to comment on hosting IIM-A emails on Google Apps Servers. These servers are in U.S. He was not happy with that decision taken by his successor Professor who was overlooking IT infrastructure at IIM-A. For the premier institute in modern management that is involved in suggesting policies to Bharatiya Government, it can become a risky business if these emails are accessed en-route or by gaining access to server. Concerns similar to this have also been raised by Government departments. Employees of information sensitive departments are asked to not use gmail for sharing official information. Well the threat is not just limited to Google's servers. Microsoft, and Yahoo, two other big players in this market are also susceptible equally.
In the community of security scientists and internet engineering task force, it has become a hot topic of discussion to find necessary means and increase security so that people keep their faith in use of the internet.
Recently, when I was reading a trust worthy article, it was explicitly mentioned that in last 5 to 7 years trend has been "to share". Share the information as much as you can via social media: twitter, facebook, google+, orkut, myspace, quora, linkedin and so on. In next decade, trend should be to secure what you share. But I have also read equally well debate on least care for privacy. When people are already sharing about themselves, about their relatives, friends, colleagues, activities, hobbies, photos, videos etc, why would privacy matter? Its already in public domain. Safe guarding the information by certain features like "Visible only to me" doesn't add any real security as privacy policies of all of these companies keep changing. If some day, this feature is gone or commercial interests leads to share this information to partner companies, I doubt people will take drastic decision to close their accounts. And even if they do, what is the fall back option? Changing habits is one of the most difficult task for humans. Moreover, these virtual worlds carry a certain amount of addiction and temptation that forces people to put information online. If a friend has shared his photos or if he is talking on what all places he has traveled in the recent past, it tempts people in his friend circle to also post similar information. A feeling of look alike or better is part of human nature which is very difficult to recognize and come out.
In countries where true democratic values are not praised and nurtured, loop holes in security is going to encourage targeted treatment to certain who oppose certain policies or are creating environment against Government's belief. We have already seen early samples of such cases when certain accounts were closed by the Government or selectively people were threatened because they wrote aggressively against certain politicians or regimes on their twitter handle.
Businesses, Scientists and Government policies will need to find a safer ground where people can keep their faith on the online machinery. At the same time, it is big time to find safer algorithms and mechanisms to protect information and educate more and more people to understand this entire ecosystem so that they can raise their concerns effectively.
As far as the banking goes, RBI has already released direction to banks to adopt multi-factor authentication where more than one verification mechanisms are required before end user can do financial transaction domestically. These will surely add a bit of inconvenience to the end users but will safe guard the primary interest in banking. Biometrics is recommended as one of the modes of authentication in these multi-factors.