The usual problem with Security or Operations doing their job right... having no failures makes evaluating the effectiveness of the controls a much more complex concept.
AQ hasn't had a big attack inside the US in the last few years. Why?
Is it:
a) because they are internally disorganized aside from any external cause
b) the invasion of Afghanistan disordered them
c) easy sources of money dried up once banks and muslim charities started coming under hard scrutiny
d) more and/or better visa checks or no-fly lists prevented intrusions
e) the NSA and other intel is watching much more closely and using their powers to identify threats
f) something entirely different
Or some or all of the above?
I think it is safe to say that the US government has had at least a little something to do with avoiding another attack, but what data can we collect and what methodology do we use to assess that?
It comes down to risk assessment. What vectors for attack are most likely, what is their impact, and how can they be controlled?
On one hand, the risk to individuals is very small from terrorism. Assuming a population who internalizes just how unlikely a terrorist attack is, then you may be able to just simply go back to pre-2001 security levels with some minor modifications. Is a one in a million chance worth a real degradation of privacy? I'd say no.
The problem is that humans have poor risk assessment skills. We often focus on what is possible, rather than what is probable. That's why you'll have people scared shitless of being messily killed by a random bomb, while they drive into work everyday on crowded freeways where a fatal accident is much, much more likely than any attack. And they talk on their cellphone without a care, thus adding to their risk of death or dismemberment.
The media is also a problem, because they play on the novelty of terrorism to get eyes on their sites, and by providing insight into the effects of terrorism, without hammering home how unlikely it is to affect you, they actually make international terrorism effective. I'd argue that if you want to severely decrease the effectiveness of international terrorism, you just implement censorship on the media, preventing them from reporting on low probability events like terrorism (or school shootings for that matter). While I am not against a free press, we need to accept that it is a vector of attack which doesn't always help us.
Is the NSA overreaching, or are they the only reason that we're safe? I don't actually know, and I don't know that most people have any real way of knowing because there's no data and it is hard to interpret. So, instead, we whipsaw back and forth based on our emotions and the level of inconvenience that it exposes us to at any one time.