That's correct, but here I might also make a small distinction that is quite important. There is surveillance for law-enforcement purposes, but there's also public health surveillance. Both rely, essentially, on the same kinds of methodologies, which means gathering data in order to be able to understand patterns of either behaviour or incidents, to allow intervention to happen.
We've grown to understand the role of public health surveillance and its importance to basic public health. We've understood the role of public health surveillance, in a law enforcement sense, as enabling us to understand individuals at risk of criminality far before they start entering into the criminal justice system. I think looking at those lessons to see how they apply to the policing of cyberspace is probably a far better lens than is simply viewing the world of law enforcement or state surveillance with post-Snowden revelation eyes. I think there's a danger of the pendulum going the other way.