There have been recently in German media quite some debates on Internet security for the common people and serious concerns were also expressed by the German president. A German minister even recommended the citizens to take care of the security of their communications "themselves", without however telling them "how" -- similar IMHO to recommending citizens to take care of not being robbed "themselves". (It may incidentally be noted that in Germany, in distinction to USA, a permission is required to buy guns and that permission is not easy to get). Now are there any good ideas of how the common people could defend themselves against Prism, Tempora, etc., noting that some mighty Eastern countries may have comparable, though yet unrevealed, projects running as well? Each individual idea may not be good enough, but perhaps through appropriate combinations there could result in something not too bad?
As a start I venture to sketch a humble idea of my own in the following:
If it could be managed to have sufficiently large volumes of encrypted emails constantly on the Internet, the surveillance mechanisms would very likely at least loose much of their efficiencies, if not be entirely bogged down due to overloading. To achieve that, it would thus principally depend on whether there are sufficient number of common people who would voluntarily take the trouble to do encryptions (or at least do some additional keystrokes, see (3) below) and so IMHO this is the biggest problem to be faced by the present idea.
We assume that each email has a plaintext part and an attached file with encrypted stuff. It may be noted that for such senders (let's call them activists):
(1) They certainly may not have all the time materials that necessarily need to be kept secrect, in which case for convenience the attachment can be a dummy file, in particular an arbitrarily chosen one from a number of dummies stored on stock. Whether the file contains genuine stuff could e.g. be indicated by a chosen keyword in the plaintext part of the email.
(2) Not all their friends would like to do any encryption work to communicate with them, in which case these friends need only tolerate the activists' sending them emails with dummies.
(3) Those activists who live on the maxim of having absolutely nothing to hide could always send dummies as attachment.
Note also that the idea of having only one part of the whole message that is encrypted could also be applied e.g. to the webpages, which may contain a dynamically varying encrypted part for the partners to receive.
Key management could be a big stumbling block for the idea in practice. Since I have anyway a bias favouring symmetric encryptions (I mistrust PKI whose software/hardware security I am unable to verify for poverty of knowledge and other practical reasons -- the proprietary software or hardware involved could contain backdoors implanted by the secret agencies and the trustworthieness of the certificate agencies, i.e. the human factors, are questionable, concrete symmetric algorithms are in general easier to understand than concrete asymmetric algorithms IMHO), I envisage that each pair of partners would somehow agree and keep a master key for their communications, from which session keys could be generated via encrypting certain data that partly involve time, message number etc. At least for a certain part of the activists who live in democratic countries secure transfer and keeping of these master keys among them shouldn't be a too big problem IMHO.
Note that we capitalize on encryption, i.e. the difficulties (efforts and resources required) of the agencies to find the (potentially, but not certainly, vital for them) secret informations and do not (and cannot) hinder their collection of the meta data. Hence the portion of emails from the activists need not be significant in relation to the total volume of emails on the Internet.
A tiny remark is that in countries where the law enforcement could demand surrendering of the encryption keys, the dummies couldn't be entirely arbitrarily random, since otherwise it would be impossible to satisfy the demands of the authority.
A somewhat different, seemingly also viable, idea is the following: The activists could send genuine (i.e. for communication) or dummy (i.e. to enhance the load of cryptanalysis) messages to Usenet groups like alt.anonymous.messages. I am ignorant whether that group has currently more than a few congeners, if at all. Anyway, if there is a "run" for such services, evidently many more of its genre would be needed, which IMHO shouldn't nevertheless be an unsolvable problem. BTW, some activists could run something analogous to certain Internet forums with browser as interface for posting, excepting that there will be encrypted stuffs posted, with membership available to the general public or limited in some specific way. (Note that on some computers access to Usenet groups may not have been installed, but access to a forum needs only a browser which is always available. In less democratic geographic locations one could send messages from a call shop or internet cafe (utilising the facility available there to access the Internet, thus not involving one's own IP address, nor email address), taking due care of possible observations by agents there.)
My personal view of the current surveillance is fairly analogous to one of, say, an intimidating disease of pandemic nature. In such cases one knows that one doesn't have "really" effective means to solve the problem, but one must/should nonetheless join efforts/thoughts to reduce, as far as possible. the "impact" of the evils. As I indicated, there appears unlikely to be a way to stop collection of meta data. What seems to be viable is IMHO a reduction of the practical efficiency of the huge computing resources of the agencies. And that I think is quite possible in practice by presenting to their machines an additional very huge load of cryptanalysis. In fact, imagine that there were 100 Internet forums each with daily an average of 100 encrypted posts, such that with a probability of 1/10000 a post may contain a message of the importance and urgency comparable to, say, "Snowden is escaping with a jet of a certain Latin-American president", I am pretty sure that the cooling system of their computers would very soon need some unscheduled maintenance work
P.S. In another group someone pointed out that the base of my idea is not new at all. He quoted Philip Zimmermann:
"What if everyone believed that law-abiding citizens should use postcards for their mail? If a nonconformist tried to assert his privacy by using an envelope for his mail, it would draw suspicion. Perhaps the authorities would open his mail to see what he's hiding. Fortunately, we don't live in that kind of world, because everyone protects most of their mail with envelopes. So no one draws suspicion by asserting their privacy with an envelope. There's safety in numbers. Analogously, it would be nice if everyone routinely used encryption for all their email, innocent or not, so that no one drew suspicion by asserting their email privacy with encryption. Think of it as a form of solidarity."