This is true, but as we see from this instance, whatever is collected for commercial purposes can be strong armed by the state. All the big names in the internet world as well as the telcos may be collecting for their own purposes, but are hardly in a position to hold off when the government secretly comes knocking. This should be a serious concern when contemplating moving business to the cloud, as well. If all your information is in house, someone has to present you with a warrant (which you can review with your lawyer)... you may never know about information grabbed from your cloud provider.

There is a huge risk of false positives from this massive data gathering as well. Some years ago I read about a man charged with arson when his 'loyalty card' showed him buying fire starter sticks similar to the ones used in the fire just before the fire was set. In that case it was only luck, the actual arsonist was arrested for something else and spilled, that saved the innocent guy. In the meantime his life was hell and probably financially devastated (even if you're innocent, criminal defense will wipe out your savings)

When a visible crime or 'terrorist' event occurs, what's to prevent vacuuming up all people who happened to be in the area (cell phone location, license plate readers etc). License plate readers can be used for legitimate purpose (looking for stolen cars, outstanding warrants) if read, checked, and deleted. There is NO such legitimate purpose for permanently storing the data (where a car was driving or parked and when) which, unfortunately, is how more precincts are starting to use them.