Over the past two decades, few voices have shouted louder from the rooftops about global cybersecurity and digital privacy concerns than Bruce Schneier. He’s the CTO of Resilient Systems, a board member of the Electronic Frontier Foundation (EFF) and has authored 14 books—his latest, Data and Goliath, was published in March.

As Facebook and Google have infiltrated our every waking moment, Schneier warns that these data giants, if left unchecked, could compromise the very principles of a democratic society. Web companies collect metrics like age, gender and social interests (to serve up better advertisements), while cellular networks track everyone’s geolocation with homing devices we call smartphones. As we’ve seen, smartphones are also powerful proxy surveillance tools for nosy governments.

But Schneier’s no idealist: He knows these tools are part of the fabric of modern life, and there’s no going back. In Data and Goliath, he attempts to illuminate the realities of the surveillance state—from Facebook to the NSA and its British counterpart, the Government Communications Headquarters—and offer up legislative solutions to keep these organizations in check. On the hyper-local level, he says, regular citizens who share his concerns must take a cue from Edward Snowden and start speaking up. As he puts it bluntly, when it comes to your personal data: “Right now it’s a free-for-all out there, and that’s not good.”

When you zoom out and think about the implications of computing on our livelihoods, what excites you the most and why?

The promise and perils of big data. On one hand, it is incredibly valuable in aggregate to us as a society. On the other hand, it is incredibly intimate to each of us personally. We need to figure out how to get the group value from our data without sacrificing that individual intimacy. And we’ll be debating individual instances of this for years to come.

You’ve been warning about the surveillance state since long before anyone had ever heard of Edward Snowden. Two years after his revelations, how do you think the general public has changed its habits with respect to giving up personal information?

It’s all over the map. On one hand, we have a survey from last year that says 700 million people around the world have changed their habits in some way as a result of Snowden. On the other hand, there’s not much people can do to prevent that sort of surveillance.

Surveillance is both the business model of the Internet and inherent in how a lot of computer processes work, so often the only way to avoid it is to opt out. And it’s simply not feasible for most people to forgo their cell phone, their e-mail address, or their social networking accounts. These are essential tools for living in these early decades of the 21st century. Many more people wish there was less government and corporate surveillance, but feel powerless to prevent it. This is why legal and regulatory solutions are so important.

If change has to happen at the legislative level, what are your central suggestions?

We need laws limiting both government and corporate surveillance. We need transparency in our surveillance systems, so people know what’s going on. And we need oversight and accountability. There’s no magic here; it’s like any other aspect of public policy.

More specifically, we need less secrecy surrounding government surveillance. Right now the biggest obstacle to coherent policy is the enormous amount of secrecy surrounding absolutely everything. We also need to separate government-on-government espionage from government-on-population surveillance, and institute limits on the latter. In general, we need to extend the security protections of the warrant process to cover searches and seizures of our data.

On the corporate side, we need clear laws that limit what companies can do with our data: what they can collect, what they can store, how they should secure it, what they can use, what they can sell, and how they should dispose of it.

You point out that most of the surveillance tools like smartphones, Facebook and Gmail are voluntary. They are “convenient.” How would you convince average, law-abiding people that they need to take on more work—use tools like Tor, PGP, or personal email servers—to avoid these data giants?

I don’t think it’s possible. The tools are convenient, and free. That’s why we use them. Most of the technical solutions to avoid surveillance are annoying and hard to use. And they only work around the edges.

For example, your cell phone is an incidental tracking device. But if it weren’t, the system couldn’t deliver phone calls. Metadata is incredibly intimate surveillance data, and it can’t be encrypted.

What would you say to the person who says, “If Facebook needs my personal information to show me more interesting articles and relevant advertisements, I’m okay with that—because it means Facebook is more useful”?

I would say: “You’re right; that’s not a bad bargain.” But take the next step. We like it that Facebook shows us interesting articles, and that Waze tells us where the traffic jams are, but what limitations do we want to place on these companies regarding other uses of this surveillance data?

Right now, the companies that follow your every virtual movement on the Internet, or your every physical movement, can do whatever they want with that data.

Many kids are growing up without the concept of digital privacy. How does segmentation between the security savvy and those who are ambivalent affect these companies you’ve written about?

Who are all these kids who are growing up without the concept of digital privacy? Is there even one? Who is he? Does he walk around naked all the time? Does he have every conversation in public? What does he do for intimacy, if all his friends know everything about him? How does he become a unique person if he has literally no separation from his parents, teachers, and other adults?

There’s this pervasive myth that young people don’t care about privacy. It’s obviously wrong. All people care deeply about privacy—analog, digital, everything—and kids are especially sensitive about privacy from their parents, teachers, and friends.

They have different definitions of public and private than older people do, but that’s okay: There’s a generation gap here. Privacy is a vital aspect of human dignity, and we all value it.

What is the one action you want people to take in response to the mass surveillance that’s sprung up around us?

Notice it and talk about it. These are political problems that need political solutions, and they won’t be political issues unless we make them so. Right now, surveillance isn’t salient; we don’t notice it because it happens automatically in the background.

Snowden showed us what happens when people notice it. People need to notice it more.