"For the industry as a whole, it caused everyone to ask whether we knew as much as we thought," Smith recalled in an interview. "It underscored the fact that while people were confident that the U.S. government was complying with U.S. laws for activity within U.S. territory, perhaps there were things going on outside the United States . . . that made this bigger and more complicated and more disconcerting than we knew."
They wondered, he said, if the NSA was "collecting proprietary information from the companies themselves."
Led by Google and then Yahoo, one company after another announced expensive plans to encrypt its data traffic over tens of thousands of miles of cable. It was a direct — in some cases, explicit — blow to NSA collection of user data in bulk. If the NSA wanted the information, it would have to request it or circumvent the encryption one target at a time.
As these projects are completed, the Internet will become a less friendly place for the NSA to work. The agency can still collect data from virtually any one, but collecting from everyone will be harder.
The industry's response, Smith acknowledged, was driven by a business threat. U.S. companies could not afford to be seen as candy stores for U.S. intelligence. But the principle of the thing, Smith said, "is fundamentally about ensuring that customer data is turned over to governments pursuant to valid legal orders and in accordance with constitutional principles."
Snowden has focused on much the same point from the beginning: Individual targeting would cure most of what he believes is wrong with the NSA.
Six months ago, a reporter asked him by encrypted email why Americans would want the NSA to give up bulk collection if that would limit a useful intelligence tool.