Trust
The issue here is not just the gathering of data on citizens (and non-USA citizens), it is whether 'the people' can trust the 'security agencies' to protect the people's rights. Primarily the right to oppose the democratically elected government and politicians by lawful means. So, for example, the police infiltrating groups opposed to animal testing, or campaigning for justice for victims of police brutality or racism as in the botched investigation into the murder of Stephen Lawrence was clearly not appropriate and publicising Police activities was.
In the UK, and I hope in the USA, there is a right to claim that unlawful activities should not be punished if they were 'in the public interest'*. So revealing criminal activities by elected politicians by stealing evidence, bugging or pretending to offer a bribe etc. or breaching a legal confidence to publicise crimes could be allowed, if a jury accepted the 'public interest' defence.
Basically are the security agencies acting to protect the general public (their actual job), which includes those who oppose elected officials, or to protect the elected officials and the 'military-industrial complex' (or whoever actually runs things these days)?
I think we already know the answer to that.
*Note, just because Prince Harry's personal affairs were of interest to part of 'the public', does not make publishing them 'in the public interest', so tapping his and his friends' phones etc. cannot be justified. Sorry, you cannot spy on your neighbour's home just because 'it would make great TV'.
Biting the hand that feeds IT
