Companies use metadata for targeted advertising, but it is also necessary for the network to route messages from the sender to the receiver.
While there are mechanisms for hiding metadata, each has an impact on the overall user experience, William Whyte, chief scientist for Security Innovation, said.
"Protecting the contents is pretty easy; protecting the metadata is possible, but comes at a risk and with a cost," he said. "It's hard to protect metadata."
While the NSA could collect encrypted messages sent through a U.S. ISP, the metadata would belong to the messaging service. To get at the data, the agency would have to work through the legal systems of the country where the service's servers are located. The messaging provider could also choose not to store any metadata after the communications end.
"The limitation of all of these encryption systems is if you can serve that company with a national security letter or a warrant, you can get them to give up that metadata," Green said. "The nice thing about being in another country is the U.S. government can't do that."
Sign up for CIO Asia eNewsletters.