He suggested that while there are policies against doing so, there aren't technical limits on wiretapping, and that even the policies - such as audit trails to monitor who is looking at what - are easily circumvented. But other evidence suggests he's exaggerating.
Large tech companies claim that the government did not have a mirror of their data and needed specific legal clearance to get information on their customers; if that was the case, it's difficult to square with Snowden's claim that he could have monitored federal judges or the president.
On the other hand, so what if I'm being paranoid? When so much information is at stake, and when the agencies charged with protecting it let their deepest secrets escape, paranoia seems to be the most reasonable stance. The internet age has taught us that the only way to keep private information private is to keep it out of databases that are beyond our control.
That's the advice I always give readers about their most banal details: If you don't want your boss to find out about your beer pong championship, don't put that photo of the crowning ceremony online. Even if you post it under tight privacy settings, it can get out to a wider audience.
When you make your data accessible, searchable and sharable for your own purposes, the best assumption is the worst-case scenario - that it's one step away from being accessible, searchable and sharable for everyone. You should be paranoid about your data. To be anything but paranoid is to be careless.
That's the fundamental problem with the NSA's surveillance program. As a matter of course, the US government is now collecting and saving our call records, and it might also have deep access into other electronic communications. It assures us that it has policies in place to prevent the misuse or distribution of this information.
But if the information is valuable enough, lots of people have an incentive to get at it, and all it takes is one successful attack - after that, copies of the data could be distributed everywhere, instantly. Thus, even if the government is just collecting telephone metadata and isn't reviewing it, you should be concerned.
Someone has access to that data, and that someone might not be as noble as Snowden. He could post everything online. He could sell it to identity thieves. He could blackmail you. Or he might blackmail politicians, businesspeople, judges, TSA agents, or use the data in some other nefarious way.
Is this way over the top? Am I wandering into the realm of fantasy? Should I stop cooking up such outlandish scenarios? Yeah, maybe. But a just-turned-30-year-old has stolen the Washington's most secret documents and is now hiding out in Putin's Russia. There's really no other choice than to be worried.
Sign up for CIO Asia eNewsletters.