RE 'US doesn't even trust the other Five Eyes nations' spy agencies to be able to do this?*"
Some data is kept private for 5 Eye political leaders and policy formation over decades or longer.
Some information needs to be laundered in public in the short term to ensure good public relations spin, good news for sock puppets on social media or new public funding for gov/mil.
The press finds a new story.

The Fourth Amendment is clear on traditional, reasonable safeguards for 100% of the cases.
Bulk collection is not legal and permits things that would not be legal.

Storage is now cheaper than sorting. Thats why the "all the phone records into a lockbox" over the life of a user is now the storage baseline. From that a gov can build hops as communication adds up over a life time.

Depends on the city, state or federal funding. In the past 10 or so years huge amounts of funding, contractors and quickly cleared staff having been moving around all over the USA.
Products have been sold, technical support and maintenance is in place for years covering federal and state needs.
Now its up to the locals to find something to do with the cell phone data, maps, voice prints, credit card usage, cctv, gunshot location systems and keystroke-capturing.
The information sorting is done by local or federal staff and then presented to local or federal officials to then put in for more funding or to buy in more private sector systems once new local patterns are found.
The only trick is to keep people buying cell phones and enjoying social media in near real time over decades.
The tracking systems are now in place down to the town, city and state level. The public just has to keep on having tame telco products on them at all times.

Follow the press and PR. The US was finding and stopping computer issues around the world in public.
The US was finding out about computer networks around the world.
Information was flowing back to the US using consumer grade networks and tools found in the wild using the pubic as cover.
Recall Operation CHAOS (or Operation MHCHAOS) https://en.wikipedia.org/wiki/... and COINTELPRO https://en.wikipedia.org/wiki/...
Just like now domestic groups where needed with liaison services.

A person at a cafe, gym gets near a person who has clearance, a file worked on at home is infected, a well crafted email that is opened on an internal network.
With wireless, huge internal networks and new staff been security cleared for very sensitive positions over the past decade... it more connecting a project to staff to a location and working the needed code in.
Internal networks are well understood as they are the same product sold around the world, trusted or been expanded with security to be upgraded when done.
Ideas around cloud, sharing data, regional and national searching is also a new aspect to what was one air gapped. Contractors are also happy to suggest wider networking, upsell their network security and onging network support.

State-sponsored malware seems to be crafted per person or project so it can get past most of the existing behavioral analysis.
Or a gov just goes to hardware logging or social engineering after a sneak and peek visit.
Suspect files will just be the the same real time consumer system's behavior AV finds in the wild everyday :)

re "But I can't actually decide if making useful security tools available is somehow against our citizens' interests."
The tools offered will protect against distant man, expected in the wild man in the middle efforts.
The tools, tame crypto, tame academics, tame OS, tame source code will not protect against modern version or equivalents of TEMPEST like ideas.
The plain text, voice, call, gps, voice print or other network details will always be in the clear for gov tracking and parallel construction.
Just good enough for international work, always easy enough for realtime domestic decryption.

A nation with so few international optical landing sites a Tempora option would allow the finding of most messages in and out. https://en.wikipedia.org/wiki/...

Re But why? It can't be just the lobbyist money.
To the political class it becomes addictive. Reading embassy communications in the 1920's, WW2 Enigma. Australian staff became aware of a huge effort to listen to the world and wanted in after WW2.
Australia was warned by some of it's top military people not to sell out to the US and UK given Australia's role in WW2 (full exploitation of crypto in Australia, troops under the control of the UK) but the political leaders joined the 5 eyes.
The rest is history, from Soviet traffic in the late 1940's to the early role of ASIO, the Defence Signals Branch work on China in the 1950's, then Indonesia, Vietnam (Australian special forces with real time sigint support).
US Ryolite satellites got Australia into more ground station work with sites like Pine Gap and local support. DSD Geraldton took over from UK sites lost in Hong Kong.
After that its USA all the way. Generations of Australian staff know nothing but supporting roles.
What the USA and UK do not put into law, Australia may to have to to secure legally safe convictions. Parallel construction would not work so mass collection and self signed warrants are made legal.

Re: "Sure it'd be noticeable and some stuff would stop working, but it is certainly feasable."
Russia knows most of its spending on Western tech was useful but the reality of phone home or back doors, trap doors, poor quality crypto or other access cannot be totally understood network wide.
The ability to turn the net off to bulk external chatter would be a safe option for Russia to have fully explored over time. Russia can then just let its air gapped internal networks function and Russians would understand the reason why.
Academic, science and other larger institutions would be fine on wide national local networks. Domestic phones would work. Russian language sites would show when connecting to any local isp.
The US could think of it in terms of the quality built into the older POTS networks from the 1950-1980's per building, city, regional site, workers kept on site and expensive voice and data redundancy.
Chinese backed credit card products will also help.

Thats why govs use number stations and one time pads. The data around any encryption use found is just so useful.
Every product sold that can be connected and used with a telco has to conform tech thats wide open to "Communications Assistance for Law Enforcement Act"
https://en.wikipedia.org/wiki/Communications_Assistance_for_Law_Enforcement_Act

With a gov/mil buying spy software thats ready for average consumer phone products?
The running process and modules are looked at to ensure different drop/inject methods will get around any antivirus products found.
With your average consumer OS and devices, seconds after you enter your pw :)
Its like the 1950's and been given Western encryption hardware. The code works and the message will not be broken as sent.
Its just that using TEMPEST every plaintext keystroke in and print out is readable near the hardware.
That same fun idea has never left signals intelligence, get the world fixated on encryption, company branding, while a input layer just offers up all plaintext.

The GCHQ was very aware of this in the 1960's on and did all it could to ensure people saw radomes and satellite dishes as been for tracking Soviet movements deep into Eastern Europe.
ie not a gov ground station getting domestic calls.
UK law enforcement and political parties where more interested in phone calls, later cell phone tracking, rapid decryption of consumer grade computer encryption and getting legally safe convictions in closed courts.
Government Technical Assistance Centre (GCHQ Technical Assistance Centre), National Technical Assistance Centre and other units where set up to try and hide the GCHQ role in tracking and helping with crime from courts.
The problem the GCHQ had was that such details about such efforts would make it to the press, lawyers, the public and the people been tracked or court cases been worked on.
Smart people in the press, legal system and police forces quickly saw the new tasks and the interesting people changed methods away from easy signals intelligence just as the GCHQ had always predicted. All the UK police could do is try and find out who leaked but details about that leak hunt went public too.
Contrast with the US views around keeping all domestic call data and using it in court as a talking point.
The easy days of voice prints, "catch them in the act" or at least catch them quicker "after the fact" dont last if people dont need the the phone or computer.
The other option is to place or turn an informant but that has always been more interesting.