[schoen]

A limitation of "encrypt everything" is that many of the bulk datasets you referred to aren't taken from communications surveillance, but rather from other kinds of transactional, subscriber, or governmental records, which are maintained by other organizations (like a bank).

We can defend against a lot of communications surveillance by encrypting our communications, but these other data sources are still there and are mostly unaffected. (Note that this is also true outside of the UK.)

I don't know exactly how to address that. It seems like the main options are avoiding interacting with the institutions that create the records, persuading them to retain much less information about people, trying to get dramatically greater legal protection for other kinds of third-party records, or some kind of major cultural shift where institutions fear turning data over or governments fear requesting it.

Also, some datasets might exist partly because companies are legally required to retain certain records, so even if they didn't want to know that much about you, they may be mandated by law to have some of this information.