Discussions surrounding threat mitigation and risk mitigation are uniformly one sided on HN, and even the most delicate walk down the line of acceptable mitigation is shunned.
The more interesting point is the inverse position of the community in regards to network and systems security, in which all measures of threat mitigation are encouraged or "required".
Discussions of threat mitigation are irrelevant so long as the threats and their countermeasures remain undisclosed. There can be no productive debate when one side knows everything and tells the other side nothing.
It doesn't matter if surveillance is used only for good (evidence suggests otherwise, though); if the surveillance organizations have all the power to operate in secrecy and distort the truth when questioned by the legislature, their "trust us" assurances are wholly untrustworthy.
The more interesting point is the inverse position of the community in regards to network and systems security, in which all measures of threat mitigation are encouraged or "required".