This is Boston (well, Cambridge, 'Greater Boston'.) The local security forces have a... less than glorious... history with bomb-related issues. The 9/11 planes took off from Logan, the Mooninite panic made fools of the PD, a couple of losers with essentially zero resources just hand-carried bombs right into the Boston Marathon crowds and walked away, with the cops bringing the entire area to a screeching halt as they bumbled their way toward capturing the less interesting suspect, after substantial delay, and are still embroiled in an unimpressive looking case (complete with an allegedly valuable person of interest who mysteriously had to be shot to death during interrogation...)
I would be shocked if the PD, FBI, and local DAs aren't licking their lips and smelling blood. They have their man, and bagged him quickly and efficiently, and his 'I made a bomb threat because exams!' position is sympathetic to absolutely no one. I Would. Not. Want. to be him right now.
... to use TOR, but then gave a full confession during an "interview", throwing his right to remain silent (and to have a lawyer present during questioning) out the window?
Outside of pessimists, paranoiacs, and people whose job description involves the word 'uptime', it's normal for someone engaged in 'problem solving' to stop thinking as soon as they find a solution.
In his case, he started thinking, came up with a multi-layer anonymity plan, and then apparently stopped. When it failed, he suddenly had FBI agents and no additional plan. (Also, basic script-kiddie attempts at hiding online and lying to experienced interrogators in person are two very, very, different skills.)
What's more notable is that they apparently keep traffic logs for some amount of time, at least long enough to catch this guy, who knows how much longer?
If you have a network of any nontrivial size, and want to keep it from falling in a screaming heap (especially with the lousiness of wireless links in the mix), taking steps to ensure that most of the users are the ones you are supposed to be providing service to, and doing some QoS to keep them from stepping on each others' toes is basically necessary. Keeping traffic logs, though, is an additional chunk of effort and expense, and all so that people will be motivated to come bug you for access to them. I wonder when they started keeping logs, and why.
Do not do anything on a cellular phone that you would not do on a public computer in the library. Treat them as you would a public phone.
That should tell you everything you need to know about the "security".
You must be one of those 'optimists' I've read about. A public phone isn't strongly correlated with you, personally, nor does it provide much in the way of real time location data (aside from the 'well, he must have been in the phone booth when he made that call' data point). Plus, you can still get computers without cameras and microphones...
Traditionally, if you wanted to study bacteria, you'd take samples, haul them back to the lab, plate them out, try to grow them in culture, then do your tests. Trouble is, not all organisms grow under those conditions. With gene sequencing now cheap and fast, you can go the alternate route of just grabbing a sample, grinding it up, and sequencing everything. You lose the ability to trivially correlate a given gene with a given organism (unless you have prior knowledge that allows you to make an inference); but you get a very powerful 'snapshot' of what genes are present, and in what proportions, in the sample without the need to know how to separate and cultivate them.
It's an extremely powerful approach for hunting novel species, since basically anything with DNA will show up regardless of whether you know anything about its care and feeding or not, and you can then identify novel DNA sequences and start looking for their hosts. It's also suitable in this case, because they aren't really interested in the bacteria (it isn't news that drinking sewage is a bad plan); but in shifts in the gene distribution of the entire population, which is exactly what grinding it up and sequencing it will get you a look at.
And for any BIOS not presently connected to the internet, the Distributed Management Task Force is probably working on 'fixing' that.
Building a dystopian panopticon surveillance apparatus is of limited use for preventing such an attack (best case, maybe the attackers will be dumb enough to chat about it over insecure channels months or years before it's finished); but provides a dangerous incentive to tolerate, or even encourage, vulnerabilities in systems and infrastructure.
Fixing vulnerabilities is something you can do with nothing more than access to samples of potentially vulnerable things, along with a supply of suitably skilled people paid to poke at them; along with a basic research type group that explores techniques for building future systems more securely.
If the NSA were known for doing that sort of stuff, nobody would have anything unpleasant to say about them, aside from a few possible grumblings about whether software companies were slacking off because they expected the NSA to clean up after them.
My impression is that this difficulty is what tends to keep greater-than-two-state components away, even from areas where they could be incorporated transparently, from the point of view of the overall binary system: if your technology allows you to accurately distinguish between more than two states at a given voltage and speed, it likely allows you to distinguish between only two faster, or at lower voltage, or both.