> And we shouldnt allow the government to purchase this sort of data regardless of consent
Fine, we'll force companies to allow a small little box to be added to their data center. Don't worry about what it does, but you cannot disconnect network/power to it once it is installed. Once it is operational, you'll no longer need to think about it ever again, and we recommend that you don't. You should also not talk about this box to users/customers/clients. In fact, you'd be better off if you didn't talk to your employees about it either.
There's no reason to think that this doesn't regularly happen by at least one three letter agency. It's something they've done for a very long time (https://en.wikipedia.org/wiki/Room_641A). They were willing and able to secretly redirect every last bit of data going over AT&Ts backbone into their systems back in 2003 you can bet that they have at least that much capability in place today.
It's why FB decided to encrypt in transit data moving internally between data centers. I'm guessing some TLAs were none too pleased with that. Then again, maybe they suggested a particular encryption to use so they can say they are encrypting yet not slowing down the intake either????
Especially after Snowden, if anyone does not think the US govt TLAs are trying to read every bit that crosses a wire, then they are just deluding themselves. Even before Snowden, Echelon was known for telephonic intercepts. It didn't take much imagination to take it further for internet traffic. Snowden just removed the need for imagination.