"Anyone" != "Everyone"
There has been a great deal of imprecision in reporting and commenting on various signals intelligence activities, focused largely on Five Eyes agencies, particularly the US NSA and UK GCHQ, due to documents leaked by Edward Snowden. The probability approaches 1 that the great majority of governments engage in data collection and analysis activities that are essentially indistinguishable in kind, although it is possible they are less extensive due to resource limitations.
It appears to be the position of the governments that their intelligence services need to be able to spy on *anyone* within their remit, requiring that they have access to the full communication spectrum, including radio, wire, and fiber facilities. Given the technical nature of the Internet and cell phone infrastructure it is hard to see how it could be otherwise. It does not imply that they are, in fact, spying on *everyone*, an undertaking that intelligence agency manpower limits suggest is impractical to the point of implausibility. John Poindexter's dream is not one that seems likely to be attainable.
A critical question is how to reconcile the requirement to be able to spy on any legal target, and the corresponding technical requirement to be able to access all users of all networks. In the US, the laws and executive orders, publicly known well before the Snowden Revelations, were fairly specific, overseen by agency inspectors general, the Department of Justice, the FISC, and the responsible committees in the Congress. From published or declassified FISC and other documents we have reason to think they were followed with considerable care, although there were cases of technical and administrative error, legal ambiguity, and analyst misuse for personal reasons. In the aggregate these represent a tiny fraction of the data the agency accessed, although it certainly is not a trivial matter. However it is not clear that anyone has suffered harm from these errors and transgressions.
In particular, there is little evidence, or none, that the data retained has been or is being used to suppress political dissent or create dossiers to identify those citizens (or legal residents) who must be watched for political deviance. We need to be watchful for that; governments sometimes go wrong, but it is likely that for nearly everyone (including those espousing unpopular or anti-establishment political views) the much larger risk is that their credit card details will be acquired by criminals and used to harm them financially.