Last month marked two years since Edward Snowden revealed the full extent of the U.S. surveillance apparatus to the world. Since then, we’ve seen remarkable changes in attitudes towards surveillance by civil society, government, and corporations. Snowden himself has become a household name, signifying an inspired whistleblower to some and a traitor to others. The filmmaker Oliver Stone has recently filmed a biopic about him, and the documentary Citizenfour won an Oscar in 2014. Surveillance has stormed into the popular imagination.

Writers, too, have been impacted by surveillance around the world. PEN American Center followed up on its landmark 2013 study of how surveillance affects writers with a survey of 772 writers from 50 countries. Thirty-four percent of writers in free countries, 44 percent in partly-free countries, and 61 percent in not free countries are actively self-censoring, and they are avoiding certain topics on social media. Self-censorship is arguably a natural part of the editing process, but the superimposition of government surveillance amplifies self-censorship to a dangerous degree. If writers promote the search for truth and allow us to reflect upon ourselves, self-censorship means that we’re losing our guidance in both private and public affairs.

We have, however, seen some major victories in the fight against government surveillance. In Paraguay, activists pushed back against a bill that would have required companies to store data and provide them to government authorities. In the U.S., Congress passed the first meaningful limits on government surveillance in a generation with the USA Freedom Act. It’s a flawed piece of legislation that does not address the other legal authorities the government relies upon to spy on people overseas – section 702 of the Foreign Intelligence Surveillance Act and Executive Order 12333—but it does limit the bulk collection of records in the U.S.

These gains have unfortunately been offset by major encroachments upon privacy in other areas. In France, the loi relatif au renseignement, also called the “French Patriot Act,” was passed in June, despite the fact that the government had twice expanded its surveillance authorities during the past 14 months. (President Hollande has referred the bill to the Constitutional Council for review.) Violent terrorist attacks in Tunisia have given new impetus to a counter terrorism bill that could potentially give the government more powers to monitor its citizens. In the UK, a court found that its intelligence branch, GCHQ, unlawfully spied on human rights groups in South Africa and Egypt. Edward Snowden also will not be returning to the U.S. anytime soon, because officials have stated they would prosecute him under the Espionage Act, an old law that would prevent him from claiming to be a whistleblower—his best defense for avoiding a lifetime in prison.

Major security breaches have led to renewed calls for cybersecurity legislation that would protect against hackers. A breach at Sony Pictures demonstrated the vulnerability of private companies to intrusions by malicious hackers, and spurred the publication of often disturbing details about the writing and filmmaking process. (Oliver Stone’s biopic does not appear to be among the leaks.) The U.S. Office of Personnel Management was also hacked, allegedly by Chinese actors, and involved the theft of millions of classified records that include intimate personal details about employees with security clearances. This breach in particular suggests that the U.S. is better at spying than defending against it. The details contained in the records also could place U.S. officials and employees in real danger or make them vulnerable to blackmail, in stark contrast to the records shared by Snowden, which are vetted by journalists before being made public. Nonetheless, proposed legislation to strengthen cybersecurity in the U.S. is overbroad and would insulate companies from liability for sharing voluminous amounts of information about their users with government authorities, including the National Security Agency.

We also know that corporations harvest your data in unprecedented ways, selling information about people to advertisers and data brokers. In October 2014, security researchers found that major carriers in the U.S. had been tracking their users with every single HTTP request they made—meaning every web page visited on a mobile browser or app—and then selling that data to advertisers.

Other companies have responded by pushing back against government surveillance. Many have now published transparency reports which detail the number of government requests for user information, and a few have pushed further by offering warrant canaries—which are clever signals to customers that they have received a request for user information from a government that they can not publicly disclose. Some tech giants, like Apple, have used fears about government surveillance to claim market share, in Apple’s case through enabling encryption, a process of encoding messages or information in such a way that only authorized parties can read it. Apple now turns on encryption by default on iPhones. Reddit, Bing, and Yahoo have all switched to allow secure HTTPS encrypted connections to protect user privacy and security as they browse the web. Both the U.S. and UK governments have predictably responded by starting a campaign of fear mongering against encryption.

The moves by tech companies to support encryption are not just better for writers concerned about privacy, they make good business sense, as people have come to mistrust U.S. tech companies for sharing information with the government. Indeed, a recent survey found that tech companies are leaving the UK in part because of its “Snooper’s Charter.” The danger is that if market incentives wear off—by insulating companies from liability for sharing data, for example—we’ll need strong laws and regulations to protect privacy. We can’t rely on corporate goodwill alone.

We can go further and say that encryption saves lives every single day. The UN Special Rapporteur on the Promotion and Protection of the Right to Freedom of Opinion and Expression, David Kaye, recently released a major report identifying encryption as not just necessary for safety, but also to provide people with a zone of privacy to form opinions, which are critical for exercising freedom of expression. At Access, our 24-hour helpline assists journalists, activists, and marginalized minorities around the world to communicate safely. Encryption tools such as GPG, Adium, and Tor allow users to live more safely.

What do all these developments mean for writers? No security tool is perfect, and security is a process rather than a fixed goal. Using Tor or buying an iPhone won’t protect you against every threat. Personally, I find it more comforting to think about what valuable information I have, and to raise my security to a level where it will be difficult for someone to take that information. This may mean using GPG to communicate with colleagues in Africa and using Gmail for deciding with my wife what we want to cook for dinner. I also regularly change my passwords and update my software so that it doesn’t have vulnerabilities. I want any potential threat to realize it’s not worth the effort to try to take my information, and move on.

For writers in repressive regimes, the stakes are clearly much higher. This year we’ve seen bloggers killed in Bangladesh and Syria, and there is a very real threat that surveillance combined with state power can lead to serious human rights abuses. While some writers may be inspired to write about surveillance in their fiction or poetry (or even a film script for Oliver Stone), the novelty of imagining surveillance will likely wear off. This means we need real changes in law and policy, and for that, the pen—or the keyboard—can be a more effective way of fighting surveillance.

Deji Bryce Olukotun is the author of the novel Nigerians in Space. He is the Senior Global Advocacy Manager at Access, an international organization that extends and defends the digital rights of users at risk around the world. Twitter: @dejiridoo