Re " .... tell about me?"
Its a bit like the people who use cryptography or have an interest privacy services?
People Lacking Facebook Accounts Viewed As Suspicious (August 8, 2012)
http://www.dailytech.com/Peopl...
Beware, Tech Abandoners. People Without Facebook Accounts Are 'Suspicious.' (8/06/2012)
http://www.forbes.com/sites/ka...
It really depends on who is doing the tracking and the number of hops to friends and shared likes?

The people of East Germany faced the same tracking if they had ideas about getting to the West or protesting.
In the end all the files did was link the 2nd and third hops connecting informants in groups to each other.
The other aspect is a rapid expansion in the numbers of informants and the security officials needed to handle them and their flow of information.
A huge boondoggle for contractors and government employees trying to keep the data useful, filter existing data set and add more data.
The other aspect is people now know that all the equipment was not for the Soviet Union or Russia. People now understand collect it all, the tame brands, junk encryption and data kept for generations in a searchable NSA "lock box".
The time spent trying to shield or having to discover and then undo the tracking of informant and undercover staff becomes a huge task.
In the past paper work at a regional and local level could ensure the perfect cover for an informant or staff deep undercover .
Now with local records been networked all data is open to all investigators at a State and federal level. Will that name and date of birth linked to a web 2.0 account hold up at a State level? Who is that person? A good fake identity? Undercover for ten years? A spy? Cult member? A rich foreigner who paid cash 20 years ago for a very good set of documents? Sooner of later entire teams have to protect entire sections of the wider population from unrelated State and federal database searches that find life story inconsistencies.
Facial recognition from a city or private CCTV network?
The "papers please" and scope creep will find a lot of interesting paperwork :) The UK is facing just that issue.
Half of all undercover police officers in UK are ‘off the books’ and not on national database (Tuesday 14 October 2014)
http://www.independent.co.uk/n...

Re "What happened in 2008 that allowed them to change their policies?" Foreign Intelligence Surveillance Act of 1978 Amendments Act of 2008
https://en.wikipedia.org/wiki/...
How the NSA Almost Killed the Internet (01.07.14)
http://www.wired.com/2014/01/h...
"The FISA Amendments Act of 2008 carved out a new section of the law, 702, which gave legal cover to the warrantless surveillance programs operated in total secrecy under President Bush; queries are often called 702s.
The NSA cites the FISA Amendments Act as the specific legal basis for Prism."

Support and a lack of on site skilled staff? Some companies, countries, mil and govs are just buying up dual use heavy equipment globally for local prototyping and limited mil grade production runs.
A company sends out staff to help install a system and then offers ongoing help for educational engineering courses. As soon as the expert company staff are gone its back to a secret mil or gov project.
Networking might allow work on some very exotic materials :)
The vendors staff know that are not at a new educational institution but everybody plays along and the cash flows.
Everybody wins, experts are up, jobs are secure, a nation gets to build its mil up and and issues can be fixed.
The only problem is the same kit also gets installed in very open factory sites and its seems anyone networked can have a go.
The vendors know who they have to look after and its not just some local manufacturing industry.

The number stations will keep working as they always did.

Back to the 1920-50's paperwork? Home Office Warrants (HOW), opening all mail not just saving the to and from parts. More funding, more staff, more real super computers and internal MI5 control over the entire UK telco network. A fully funded MI5 version of Tempora https://en.wikipedia.org/wiki/... to reconcile every message into and out of the UK.
A watch list of subversive academics who could be teaching real crypto courses. More staff with Russian skills to find Russian plots to request more funding to find other Russian plots.
Total freedom to access all UK web 2.0 servers to create undercover online personas going back years.
Access to all UK telecommunications equipment without needing the GCHQ or mil.
A request for surveillance powers without all the sharing, requests, foreign considerations of the CIA or MI6.
The UK would be turned into a version Ireland in the 1980's - 1990's with a total internal surveillance system.
The ability to put surveillance on legal teams, the press, NGO's within 4 hops of anyone of interest.
The ability to track legal teams and access to all their files at anytime for any reason. That was very useful in Ireland.
Every method used in Ireland would be legal within the UK. MI5 trapdoors and backdoors in all UK produced or sold crypto on any device or telco systems sold in the UK.
The main requests would be for more powers, more technology, more staff, linguists.
Foreign security services are going to flood with perfect UK applicants hoping some will be accepted. Mass recruitment is always a risk.

Re "We'll be chasing it back and forth like crazy, every time a storm pops up."
That has been done with Operation Popeye https://en.wikipedia.org/wiki/... by the US during the Vietnam war.
"The cloud seeding operation during the Vietnam war ran from March 20, 1967 until July 5, 1972 in an attempt to extend the monsoon season, specifically over areas of the Ho Chi Minh Trail."
"Starting on March 20, 1967, and continuing through every rainy season (March to November) in Southeast Asia until 1972, operational cloud seeding missions were flown."

Once control over a computer is lost, any actions during daily use can be networked.
The users computer loads some extra new software and is now more networked. A wide open path with access to load and then update any software.
Any use of any data stored or encrypted is then opened to any new logging or spyware installed as the user would do during normal use. New logging or spyware installed with the same everyday accounts and applications in use. Antivirus or an outgoing software firewall would just be told to allow a new spyware application.
Once any encrypted data is opened and worked on, every action and change can be sent out.
Would a user notice? Would a third party software firewall offer a strong alert to a flow out of data from an application it was told was safe?

Re AC and the "You can't protect yourself from state actors, but you can make sure they're only reading your communications if they actually have a reason to put effort into targeting you."
Under "collect it all" every message is in play over decades. The option exists to go back to a one time pad or number station. Air gap the networked computer and just send out your message on a VPN or Tor.
Expect every hop on any network to be tame, junk and in full collaboration with state actors. The NSA can track that message back under all networking conditions and have your ISP account logged. A sneak and peak search linked to that ISP account could update all networked devices found with extra software.
The idea is to get access to that plain text as entered before it is encrypted. The expectation is that same computer on site will be used.
If you can encrypt without using a computer and then just send the message? Nothing is found other that the encrypted message as sent.
Use any network as a number station. Number stations and one time pads work well. Just dont enter the plain text message into any device or reuse.
The next sneak and peak event would try and add cameras to capture one time pad use at a desk. Learn to cover your work :)
State actors can always work out who is communicating but what is been said can still be one time pad secure.

It was such a good idea. Replace all the well paid union workers sitting around at small and remote sites with new computer systems and cheap networks.
Less staff cost, less union workers and a few experts could care for a larger system of networked equipment over wide areas.
So a lot of once secure air gapped sites where connected with low cost networks and everything seemed ok. Fewer on site workers, the same oversight and maintenance.
Now for the next huge boondoggle. Remote site security upgrades. Shared logs to see who is trying to map the networks.
What the "huge new bureaucracy" needs now is news "stories" about ip ranges and malware from distant regimes and their educated experts.
All the new domestic upgrades and staff with a new legal system for the growing cyber bureaucracy :)
For all the new cyber costs, a human team back on site with less networks will not be so expensive soon.

The UK seems to want to offer next gen D-Notice for the public and private sectors with the chilling super injunctions and libel tourism :) https://en.wikipedia.org/wiki/...

To use the German context. If the US courts fail the Fourth Amendment then a new digital Berlin Wall will be very clear.
Domestic and other users can then route around that issue. Another issue to consider when upgrading or buying the next generation of networking products and services.

The courts, free press, political leaders, advertizing and computer brands, academics and telcos have to start wondering about the optics of the legal situation long term.
How will they be seen by domestic and international users, the paying public and developers?
Will generations of new products just route around the NSL issues and collect it all domestic spying programs?
What are the big brands options?
To be seen as front companies for the security services of a few different nations? Tame networks and junk crypto? Trap doors and backdoors in every product as shipped? Plain text in real time, all the time?
Under constant legal pressure to help the security services by keeping their networks open to the security services?
Too inept, lazy or cheap to secure or even fully understand their own internal networks?
The US courts could note that "collect it all" is not part of been secure in papers, and effects.
If that is not done then the world knows that "collect it all" is the new color of law and that all papers, and effects are in play. Crypto is junk and any brand or network is tame.
Parallel construction to build a case. A new "reasonable mistakes" clause to cover any tricky legal questions?
Time for one time pads, number stations and other more secure methods of communications.