Right, to filter out traffic to store. This requires already having selected a target IP pair.
Filtering by known IPs is one way to slice it, but not the best way.
Another approach is to abstract the useful information. E.g. capturing which IPs are communicating, the nature of the traffic, and associated identity information if it can be recognized. It's still filtering in that you disregard the payload (unless it matches certain triggers), but it provides a lot of information for analysis. The sort of information we already know they are after.
That information can populate a graph (
http://en.wikipedia.org/wiki/Graph_theory) to show relationships between individuals. If you use your cell phone (verizon records, to easily correlate personal identity for this discussion) web browser to connect to a web site frequented by Constitutionalists, and you also come here to THR, that envelope information will show THR posters/viewers in general as being proximal to known Constitutionalists. If you use your same THR login at home, that ties your identity to your home internet connection. If other THR members are going to the same web sites, that relationship will be perceived as stronger and we will all be suspected of harboring Constitutionalist tendencies. If some people here also visit American College of Pediatricians or JDL websites, that links Constitutionalists with known hate groups. Remember that these are also people who will count organizing and supplying a faux "attack" that involves 9 federal agents and one idiot who was too stupid to walk away OR be a real threat to anyone, and arresting the idiot, as stopping a terrorist attack. Being linked to a hate group is plenty of cause to justify deeper scrutiny.
This whole thing boils down to trust. It's hard to win, and easy to lose, and absolutely essential to a functioning social system. Families, businesses, cities, and great nations are all built first on trust. If the people don't trust each other to do right, trust the government not to be evil, trust their car not to explode...everything breaks down. The NSA, by actively lying to congress and everyone else, has thrown away a lot of trust. Elected politicians who side with the NSA on this are also throwing away trust. The more trust they destroy, the less there is holding society together. By creating bureaucracies of distrust they actively encourage distrustfulness in society. I think that the NSA practices, and the oversight and "leadership" that lead to those practices, are the single most destructive threat the USA faces today because they are corrosive to trust. I'm honestly not sure how much trust the USA can afford to lose but trust isn't infinite.
