1.) Suppose a very simple recipe for creating nuclear weapons became public, where the needed physical ingredients were easy to acquire, say, a bit of dirt, a coconut and a microwave oven. If this were the case, we would be much more vulnerable to the whims or anger of any of our citizens, and I think we would be okay with a greatly expanded level of surveillance. There would be a huge effort among image analysis software engineers to automate the process of detecting suspicious activity involving dirt and coconuts, presumably far beyond any kind of surveillance that the security establishment is executing today.
2.) Suppose ISIS and Al Qaeda were decisively destroyed, the Israeli-Palestinian conflict amicably resolved, and mild, inward-oriented democracies took root throughout the world. Should such a set of circumstances come about, we would feel more secure as a society, and value our privacy more than we do today.
These two scenarios are extremes, but it is certainly true that the world moves along a continuum of greater or lesser security over time. For this reason, I think we can assume that our sense of the right balance between security and privacy will never be fixed -- rather it will evolve as the world and our perceptions of the world change.
If we accept that our desire for privacy is going to be a changing quantity, then it is important that we arrange our security apparatus so that it can be controlled. In particular, if we allow lower-level engineers in the NSA and their counterparts in communications industries to freely implement surveillance as they see fit, then our decisions about the balance of privacy and security will be driven by the availability of surveillance technology and the group culture of the engineers who are actually designing and implementing these systems. Is this how surveillance is being controlled now? It's hard to say -- we know the NSA hid their activities from Congress. Perhaps the executive chain of command was aware of those activities, but if they weren't it wouldn't necessarily be public knowledge since admitting as much would be embarrassing for the nominal security establishment leadership.
If we are establishing a security apparatus which is driven by its own culture, then we are creating a machine which will be hard to change. Cultures change over time, but it is easy to imagine a scenario where the security establishment had its own culture that became very distinct from the culture of society, and if we have a surveillance apparatus which cannot be adjusted according to society's broader expectations, this could be a cause for our regret.
The way to avoid this is to establish rules for how surveillance will be conducted, and then enforce them. The rules already exist for the most part, but there does not seem to be much desire in Congress or the executive branch to make sure that these rules are followed. If the current rules are not suitable, we should craft new ones. Whatever rules we want to use, they need to be followed if we care about having the ability to reduce -- or expand -- our security apparatus in the future.
