The engineers who build software and Internet infrastructure systems have for decades had usability and functionality as their twin priorities. In the last few years, security has become a prime concern, as well, as the volume and seriousness of attacks against Web applications and portions of the Internet’s core–including DNS, the SSL protocol and certificate authorities–have risen dramatically. Engineers now build their systems with the assumption in mind that they eventually will be compromised. The revelations of the last few months regarding the collection and surveillance methods of the National Security Agency and Britain’s GCHQ have caused a massive shift in thinking in the security and software development communities. Where before engineers worked under the assumption that cybercriminals and perhaps state-sponsored attackers were their prime adversaries, now they are having to reconsider that model and consider intelligence agencies as likely adversaries. Engineers at Google, Yahoo, Microsoft and dozens of smaller companies are now in the process of changing the way that they build their Web applications, data center links and internal networks in order to defend against perhaps the most advanced and well-financed adversaries in existence. This talk will detail the efforts of software and Web companies to build surveillance-resistant systems and the challenges they face in deploying these systems in the face of an ever-present adversary who exerts control of much of the Internet infrastructure.