Edward Snowden was an intelligence analyst who worked for the CIA and the NSA. At the beginning of his career, he considered his work a patriotic duty to defend his country. Eventually, he realized he was part of a secret global surveillance system used to spy even within the country. He felt that the population of a democratic country should at least be aware that something like this was taking place. For this reason, he leaked thousands of documents that evidenced what was going on to journalists who published several reports in major global media.

These documents reveal the various ways the NSA collected, analyzed, and then used this information for espionage operations around the world. [RB1] There is a slide that shows the global intelligence gathering capabilities through a world map explaining how data was collected from fiber optic cables, through embassies, by spying on satellite communications, in collaboration with agencies of other countries, or through computer attacks.

All of this collected information was stored in data centers for later access through the XKeyScore system, which works similarly to internet search engines, except that the searches are done on private information. The documents show that they could run queries on how to read X person’s emails, know who uses encrypted email in a given country, passwords for online accounts, and many others—basically a search engine on the private lives of billions of people, without any control.

PRISM is one of the exposed programs that attracted the most attention, as it involves large internet companies such as Google, Facebook, Apple, YouTube, Microsoft, and Yahoo, among others. These companies have platforms that function as software as a service, also known as “the cloud.” When you share a document using Google Drive, you share it not only with your colleagues but also with Google. When you send an email using Outlook, Microsoft accesses that content. The same happens if you save your photos in Apple’s or Google’s cloud.

It was reasonable to expect that these companies would have access to our information to provide us with the service. Some of us feared that the companies might take advantage of our information. What most of us didn’t realize was that our private communications were also under surveillance by intelligence agencies such as the NSA. What we learned at the time was that if you are not a U.S. citizen and do not reside in the United States, the NSA can access data from these companies’ services to learn about you. We are talking about voice and video calls, emails, chats, documents, photos, locations, etc.

The collection of this type of information, in addition to the NSA’s analytical capacity, allowed spying operations on world leaders such as Angela Merkel, Enrique Peña Nieto, and Dilma Rousseff. Media operations to manipulate public opinion were also conducted, such as the QUITO operation, which promoted a favorable view for England on the Malvinas Islands in Latin America.

This is a very superficial summary of what we learned 11 years ago. It is essential to reflect on what has changed since then. Have these programs been eliminated, and is our privacy now more secure? I think some things got better, and some things got worse.

The scandal of the revelations generated a worldwide discussion about privacy on the internet. One of the first consequences was the Brazilian Civil Rights Framework for the internet, which strengthened the protection of civil rights on the internet and, especially, privacy. In Europe, this promoted the discussion about the protection of personal data, which in 2017 resulted in the General Data Protection Regulation (GDPR). This legislation allowed countries such as Ecuador to have their personal data protection law in 2021.

These are very positive laws, and companies like Google and Meta (formerly Facebook) have been fined in Europe. However, it is not enough because although these laws require informed consent for processing personal data, in practice, it results in an uncomfortable window where we are asked to accept the privacy policy and manage the cookie settings. Most people accept the terms and probably all the cookies.

In terms of technology, the change has been more significant. Before the Snowden revelations, most websites operated under the insecure HTTP protocol. In 2015, the EFF, in collaboration with other organizations and companies, launched the Letsencrypt initiative, which made the implementation of websites with the secure HTTPS protocol accessible to any website or web application. Today, thanks to this initiative, almost all sites and applications we use on the internet encrypt their communications. This should make an important part of the NSA’s information-gathering programs obsolete. This feature protects us not only from the NSA but from any malicious actor, from cybercriminals to nation-states.

This is undoubtedly a great improvement in communications security for all internet users. However, this does not protect us from spying programs like PRISM since, as mentioned above, the information we use in cloud services is generally accessible to the companies that provide the service. I think the situation has got worse now.

In those 11 years, the NSA has continued to operate in secret, and its technological capabilities have probably improved. However, the biggest problem is that the companies mentioned in PRISM remain essential to our lives. Our phones, if they don’t run Google’s Android, run Apple’s iOS. Voice recognition systems like Siri, Hey Google, or Cortana are all provided by PRISM companies. Just to name two examples.

Another significant advance since the Snowden revelations is the adoption of end-to-end encryption. Unlike network traffic encryption, this allows us to protect the content of the information even from the company providing the service. If we encrypt a Gmail email, even Google cannot read it.

Although email encryption has existed for more than a decade, its adoption has been marginal. The most significant case is WhatsApp’s adoption of end-to-end encryption in 2016, which enabled billions of people to encrypt their messages.

Of course, we cannot forget that WhatsApp is owned by Meta (formerly Facebook), a company involved in the PRISM program. The application is proprietary code, and it is impossible to know how it is made so that it could have a backdoor. I would venture to say it even has a front door when we have the option for Meta’s artificial intelligence to participate in the app’s conversations. It’s a cool way to ask for access to our conversations.

The development of free software applications that allow us to control our information is another great advance since then. There are applications for chat, email, collaboration, document editing, and more. At Derechos Digitales, for example, we use Matrix as our chat system, Nextcloud to share documents, OnlyOffice to edit them, and Jitsi and BigBlueButton for video calls. None of these applications are perfect; some can be cumbersome or fail in ways we would not want, but they allow us agency over our data and privacy.

Snowden revealed that we live within a surveillance machine and are losing our privacy. As a society, we must decide whether to remain trapped in this system or look for alternatives. In future columns, I will reflect on some of the tools we use daily and on other options that respect our privacy. In the meantime, I want to share some columns I wrote about chat applications, cell phones, social media, and video conferencing tools.