Encryption as a means of data control (privacy and security):
For a long time, interaction on Web has been less private or secure than many end-users expect and prefer. Now, however, the widespread deployment of encryption helps us to change that.
* Making encryption widespread. For years we have known how to do encryption, but it wasn't widely used, because it wasn't part of overall system design. In response, particularly as we've become aware of capabilities for network-scale monitoring, standards groups including IETF and W3C have worked to encrypt more of those network connections at the protocol and API-design phase, and to make it easier to deploy and use encrypted protocols such as HTTPS. Encryption won't necessarily stop a targeted attack (attackers can often break end-user systems where they can't brute-force break the encryption), but it raises the effort required for surveillance and forces transparency on other network participants who want to see or shape traffic.
* Secure authentication. Too many of our "secure" communications are protected by weak password mechanisms, leaving users open to password database breaches and phishing attacks. Strong new authentication mechanisms, being worked on for web-wide standards, can replace the password; helping users and applications to secure accounts more effectively. Strong secure authentication will enable users to manage their personal interactions and data privacy, as well as securing commercial data exchange.