Today marks the second anniversary of The Guardian’s first blockbuster story derived from files provided by former NSA contractor Edward Snowden—launching what would become an unprecedented deluge of disclosures about the scope and scale of communications surveillance by American intelligence agencies. So it seems appropriate that this week saw not only the passage of the USA Freedom Act, but also the approval in the House of several privacy‐​protective appropriations amendments, about which more momentarily. Snowden himself takes a quick victory lap in a New York Times editorial reflecting on the consequences of his disclosures, (very much in line with his remarks during our interview at the inaugural Cato Surveillance Conference):

Privately, there were moments when I worried that we might have put our privileged lives at risk for nothing — that the public would react with indifference, or practiced cynicism, to the revelations.

Never have I been so grateful to have been so wrong.

Two years on, the difference is profound. In a single month, the N.S.A.’s invasive call‐​tracking program was declared unlawful by the courts and disowned by Congress. After a White House‐​appointed oversight board investigation found that this program had not stopped a single terrorist attack, even the president who once defended its propriety and criticized its disclosure has now ordered it terminated.

He’s referring here to last month’s appellate court ruling against the notorious telephone records dragnet, followed this week by passage of the USA Freedom Act. That law should bar bulk collection not only under §215 of the Patriot Act, the basis of the phone program, but also under §214—the “pen register” provision previously used to vacuum up international Internet metadata—and National Security Letters, which can be issued by senior FBI officials without judicial approval. Since the latter two authorities are permanent, they would not have been affected by what quite a few lazy reporters described as “the expiration of the Patriot Act,” though in fact only about 2 percent of the law’s provisions were actually due to sunset. While the law is far from ideal, incidentally, I think it does constitute more robust reform than many libertarians fear, for reasons I lay out in this piece at Motherboard and this blog post at Just Security. It will, of course, be necessary to vigilantly watch for efforts to water down the law’s protection—something the public is finally at least somewhat empowered to do by a transparency provision requiring significant legal interpretations by the secret Foreign Intelligence Surveillance Court to be published in unclassfied form.

Perhaps as significant as the law’s substantive reforms, however, is its symbolic importance. Since the terror attacks of 9/11, we have relentlessly racheted up government’s spying powers, assured that only by trading away ever more privacy could we guarantee safety. Whenever a surveillance authority was due to lapse—as, unfortunately, only a few were designed to—leadership in Congress invariably waited until the eleventh hour to schedule the relevant statutes for consideration, then used the manufactured “emergency” of looming expiration to steamroll over legislators who hoped to seriously debate reforms or added safeguards, or whether the expanded powers were necessary at all. Senate Majority Leader Mitch McConnell sought to repeat the strategy that had worked so well in the past this time—only to discover that Americans were no longer so easily cowed.

That was demonstrated again just days after the Freedom Act’s passage, when a series of amendments to an approrpiations bill aimed at limiting government surveillance passed the House by enormous margins. The first, offered by Rep. Jared Polis, seeks to prohibit the Drug Enforcement Agency from engaging in bulk collection of Americans’ data under its own supoena authorities, following revelations that it had for decades maintained its own more limited phone records dragnet. The second, from Reps. Ted Poe and Zoe Lofgren, bars the FBI or Justice Department from using government funds to seek to insert backdoors into secure online communications systems. The third, offered by Rep. Thomas Massie, seeks to block the National Security Agency from abusing its role as a consultant to a national standards‐​setting body to dilute rather than strengthen encryption protocols.

These are, to be sure, heartening developments, but plenty of work remains. We still know precious little about the massive surveillance being conducted under the aegis of Executive Order 12333, which governs intelligence gathering that takes place outside the United States, yet sweeps in large amounts of Americans’ data as it travels around the globe. Nor do the reforms passed this week touch §702 of the FISA Amendments Act, an authority that blesses the very general warrants abhorred by the framers of our Constitution, enabling large scale collection of Americans’ communications with foreign persons and websites. That authority is set to expire at the end of 2017, and after a brief pause to toast the small progress made this week, is the next battle to which privacy advocates will be turning their efforts.