Just because Congress can't even pass minimal NSA reform, it doesn't mean that privacy is dead: American tech companies are NSA-proofing their services because customers are demanding it.
Glenn Greenwald's editorial in The Intercept cites Whatsapp's integration of Textsecure's end-to-end crypto, Apple's move to encrypt Ios devices by default, and Google's similar moves for Android as a counter to the farcical deference of Congress to America's spy-services, and the absurd "debate" that Congress engages in on the subject, in which elected officials basically just repeat "ISIS" and "terrorism" and "9/11" until they run out of time.
This move to add anti-surveillance to products is being driven in part by non-US companies and foreign governments taking similar steps, from Brazil's announcement of a new fiber link designed to skirt US soil to the many offshore messaging and cloud services that are courting privacy-conscious users. These are scaring American firms out of complacency, not just out of fear of losing US customers, but also fear of foreign companies gaining popularity in their own countries, shutting out US rivals with local offerings.
These factors, combined with an increased US public concern over privacy and the US courts' unwillingness to back Congress's pro-spying stance leads Greenwald to conclude that we can curb NSA mass surveillance without Congress's help.
I think it's more likely that all of these factors will start to shift the debate in Congress — ultimately, we need all three branches of government, as well as private-sector action, normative pressure, and good code to reclaim the Internet from the spooks.
Increased individual encryption use is a serious impediment to NSA mass surveillance: far stronger than any laws the U.S. Congress might pass. Aside from the genuine difficulty the agency has in cracking well-used encryption products, increased usage presents its own serious problem. Right now, the NSA—based on the warped mindset that anyone who wants to hide what they're saying from the NSA is probably a Bad Person—views "encryption usage" as one of its key factors in determining who is likely a terrorist. But that only works if 10,000 people around the world use encryption. Once that number increases to 1 million, and then to 10 million, and then to default usage, the NSA will no longer be able to use encryption usage as a sign of Bad People. Rather than being a red flag, encryption will simply be a brick wall: one that individuals have placed between the snooping governments and their online activities. That is a huge change, and it is coming.
So let Saxby Chambliss and Susan Collins and Marco Rubio scream into their insular void about ISIS and 9/11 and terrorism. Let Barack Obama, Dianne Feinstein and Nancy Pelosi deceitfully march under a "reform" banner as they do everything possible to protect the NSA from any real limits. Let the NSA and other national security officials sit smugly in the knowledge that none of the political branches in D.C. can meaningfully limit them even if they wanted to (which they don't).
The changes from the Snowden disclosures are found far from the Kabuki theater of the D.C. political class, and they are unquestionably significant. That does not mean the battle is inevitably won: The U.S. remains the most powerful government on earth, has all sorts of ways to continue to induce the complicity of big Silicon Valley firms, and is not going to cede dominion over the internet easily. But the battle is underway and the forces of reform are formidable—not because of anything the U.S. congress is doing, but despite it.
Congress Is Irrelevant on Mass Surveillance. Here's What Matters Instead. [Glenn Greenwald/The Intercept]