Smári "Mailpile" McCarthy's lecture Engineering Our Way Out of Fascism sets out a set of technical, legal and social interventions we can undertake to make mass surveillance impossible, starting with this: "The goal of those interested in protecting human rights should be to raise the average cost of surveillance to $10.000 per person per day within the next five years."
First, let’s talk about litigation options. The fine people at Privacy International (support their work!) are currently working on taking the seven largest telecoms providers in the world to court over fiber optics surveillance, based on violations of article 8 of the European Convention on Human Rights. The Electronic Frontier Foundation (support them too!) is involved in multi-district litigation against the NSA and various other parties. These two organizations are doing remarkable and amazing work, but they do have limitations on how much they can accomplish, and there is a lot of stuff that they can’t reasonably cover. If they get more money, they can do more things. This is kind of obvious, but seriously consider contributing.
Amongst the many untapped legal options is directly suing various providers, such as Verizon, AT&T, T-Mobile, Apple, Yahoo!, Google, Microsoft, Amazon, SWIFT, Barclays, ABN AMRO, Deutsche Bank, UBS. Why so many banks? Because it isn’t just the Internet that is being monitored.
On top of this, it might be worth considering lawsuits against governments directly. This will be harder to do, but if won, these would have a substantial effect on the situation.
The reason this will be effective in raising the bar is that it will make the various private entities involved feel a direct bottom line impact on their businesses resulting from their collusion with state actors, which will lead them to push back to a much more significant degree than they have so far.
Litigation however will only get us so far. A large amount of policy work is needed in order to fix the current situation. Specifically, numerous international agreements need to be reconsidered and renegotiated. Cross-border data protection agreements should be looked at, and similarly the Wassenaar agreement needs anything touching on cryptography taken out of it. Laws within countries can be improved, in particular data protection laws and laws regarding cryptography. Countries that require key escrowing for instance need to stop doing that.