It would help if anyone involved from the lowliest grunts to the highest levels. At any of the companies, working for the government or politicians and judges got consecutive life sentences for every count of espionage on their own people. We all know that will never happen.
The only people to face any consequences will be the hero Snowden and maybe a scapegoat working for the NSA.
We need to get away from these systems completely because both SSL and TLS require a handshake to exchange keys. If the NSA or any middleman is watching all the traffic then they are able to capture the handshake. We really security that utilizes public/private keys so a handshake is not needed... but surely by this time the NSA has cracked PGP as well. We need a new open source public/private key system that can be updated rapidly. Though if one were to be created I'm sure the NSA would make them stop and issue a gag order... corruption at its best.
@koga73: The fact there is handshake does not mean anybody observing it can decrypt the traffic. The nature of asymmetric cryptography means that you only observe one of the key of the pair -- the public key. Anything encrypted with that key can only be decrypted by somebody that has the matching private key. The TLS handshake is more complicated than that of course, since the server also needs to encrypt to the client and using its private key as is would mean anybody can decrypt it. Suffice it to say the handshake guarantees encryption both ways. Of course it all fails apart if the server's private key is compromised.
After reading the article about XKeyscore on http/vpnexpress.net, I do believe that they can get whatever they want if they really want it. But the harder we make it, the less interested they will be as long as we really have nothing to hide.
Here in India , we have a 100% secure solution for online shopping. It works this way -
1. Company receives order and delivers it.
2. Customer can pay Cash to Delivery Boy and take the Parcel.
Its called CoD ( Cash on Delivery ) And no matter what , its the safest and easiest way to pay , which doesn't require a shit ton of firewalls or eve SSLs.