Serious mindmelds required.
If the NSA sent me the same contract as Google and other dataHoovers use, I'd sign it. Both entities have the same problems of privacy. The NSA has security. So starting with what the web has already accepted as privacy for example in a contract with Google, work out to security. Some amateur thoughts...
Privacy. The legal solution has two parts: opt-in and penalty for failure to perform. The chasm is the assertion that citizens as groups do not legally bargain with the government over issues of opting in or out of policy and that the citizen does not have the right to seek redress (at least of winning). So penalty to perform only falls on the non-governmental entity in the transaction. Should a government as I suspect ALL will maintain a covert capability, there is no means to stop this effectively or over a lifecycle(n). For the agreement among nations to coordinate internet privacy to work, there would be enforceable agreements. And that turns the web into a profitable weapons market or full transparent inspection for less profit.
The reason is the business model is to use the data for profit and the security model is to use the data for defense. In both cases, political or economic advantagee pushes the information ecosystem toward the weapons market. In a dominantly capitalist system, profits win over social responsibility unless such responsibility is engendered by the use of the system itself. Building legal controls into digital systems is doable but is not well-understood at the international level past how we name the transactions: URn. Then it is an issue of expression: say RDF.
Security means access to a file. To fix this, you will need an uncrackable unhackable mcguffin, and at the rate of development in the information ecosystems, this is hard to maintain and be connected. However because we can represent the law as integrated policies over a multi-variate transition state space, we can give domains such as privacy and security relationships that state the legal declarations to any level of information such that the transition from private to public and any other domain can be ascertained and adjudicated.
Transactions are measured at that transition boundary. Think of it as a phase space transition. The static model isn't difficult. It's the dynamic model we'd have to trust our globe to manage.