Extra-territorial data collection is not governed by any law.
As a non-US person, none of this is going to help me in the slightest. Comments on 'Reform Government Surveillance' are completely missing the point, just as every article that highlights PRISM is completely missing the point.
The world can be divided into:
(a) US-persons in the US communicating with US-persons in the US where the IP packets never leave the US,
(b) everyone else.
Communications in group (a) have some protection from the Fourth Amendment, and PRISM is subject to a bit of judicial oversight. RGS may be relevant for these people by providing a bit more transparency and overnight. But good luck on trying to persuade anyone to reverse Smith v. Maryland and prevent warrantless collection of metadata (for which there is no "legitimate expectation of privacy"). And well done to Google et al. for making it highly questionable whether there is any expectation of privacy for email at all.
But if you are in group (b) then RGS is not going to help at all. Almost inevitably your data will leave your shores and then it is open house for interception.
"Collection of data by any nation from outside its territory is literally lawless and not restricted by any explicit international treaties"
"There is no extraterritorial obligation on states to comply with human rights…The obligation is on states to uphold the human rights of citizens within their territory and areas of their jurisdictions."
It is very unlikely that my email is captured by PRISM, but it is a racing certainty that it is captured by Tempora and the NSA extra-territorial taps.
We have known since 2001 that the NSA has been installing taps on undersea fibre-optic cables. Good luck on trying to persuade GCHQ and NSA to stop reading their taps. Even if they said they had stopped using them, would you believe them? This is extra-territorial - THERE ARE NO LAWS. Good luck on trying to get agreement on an international treaty to restrict surveillance - it ain't gonna happen!
As for the self serving RGS suggestion that "Governments should not require service providers to locate infrastructure within a country’s borders or operate locally", some sensible European governments are requiring data to be processed locally precisely to avoid access as the data leaves their borders. I would want something much stronger before I felt happy about my health data being captured by GCHQ/NSA.
"If there’s one thing we’ve learned over the past several months, it’s that the Internet is a very different place from what we thought it was. If you’re sending e-mail “in the clear,” you no longer have to ask if it’s being read—we know it is. The question is who’s reading it. In this environment, we’re not going to preserve our privacy from dragnet surveillance through legislation or wishful thinking. The only guaranteed way forward is through technological solutions, and these can’t just be modestly better or easier to use than what we have today. They must be spectacular."
What is needed for email is default encryption (even a single click is too arduous) and encryption of the metadata so that even if the owners of the servers wanted to reveal traffic data, they would be unable to do so.
TL;DR US communications have some protection for the Fourth Amendment and RGS might help them. For everyone else, extra-territorial surveillance is not governed by any laws and is not going to stop. The only way forward is a technological (encryption) solution so that even the server owners can't read the data.
Biting the hand that feeds IT
