"I don't think there is any way to stop the NSA from what they're doing."
That's where you are wrong.
If nation states or sufficiently skilled hacking groups can rip off the OPM for around 90% of their records, then I'm sure the same groups can take down or sufficiently damage the data centres (nerve centres) that the spooks treasure so much.
Basically, think of the data centres as the evil Everminds from the Dune Series.
Accumulating every piece of data possible, synthesising, analysing, profiling - all done illegally by innumerable breaches of international and domestic laws, including the obvious breaches of the 4th amendment.
On that basis, their illegally harvested data and ongoing breaches are fair game for deletion, corruption and so on.
Thus, if there are expert hackers who aren't just the NSA or other spy twins (Israelis, 5-eyes, 9-eyes etc) in disguise - think Equation Group - then if they stop dicking AshleyMaddison and other nobodies, then they could probably take down a data centre (something useful).
Hypothetical (for discussion purposes only of course):
1) Use the same methods NSA used to hack Belgacom and others i.e. electronically stalk and do necessary surveillance/reconnaissance on known spook network admin staff or their private contractors (take your pick) e.g. Linked In, Facebook, all reconnaissance necessary to map out key employees doing maintenance and security and the likely internal network to be attacked
2) Use the unique identifiers and IP addresses of identified staff to show when enemies of liberty connect to the net
3) Use your advanced hacking tools (we know you have them e.g. riding on the back of cookies etc) to scan any open networks. In the case of isolated data centers - use of poisoned USBs (stuxnet) style to infiltrate their network is recommended
4) If possible, MITM your chosen targets with advanced FinFisher style tactics when your identified targets hit known popular websites
5) Install Hacking Team style malware onto private contractors/spooks home computer
6) Exploit any network access security/IT engineers may have via your malware insert
7) Ultimately a successful attack on internal NSA networks is unlikely due to advanced air-gaps or similar (unless very persistent), but infection of critical systems needed to keep the major data centers from going into full meltdown is a more realistic attack vector:
Option 1 - Water requirements (Utah requires 1.7 million gallons daily to run and has multiple water storage tanks, cooling towers and a chiller plant to keep it from going critical
Option 2 - Electricity requirements (65 megawatts) - the Utah structure was damaged during construction (delayed for a year) due to power surges
Conclusion: If there is a bad ass EQUATION GROUP out there that gives a shit about the dystopian nightmare under development, then they could do the global population a HUGE favor by taking out each one of the Data Death Stars under development (or already built) by sabotaging the US Fascist infrastructure with a Stuxnet style worm that destroys electrical and/or water systems.
The global citizens would fall to their knees (at least those not blinded by propoganda) having the slate wiped clean of their multiple abusers: Yascrew, Poodle, Microsoftcock, Facefuckbook, Gestapo of all persuasions et al.
It will happen sooner or later, since if Snowden can steal all that shit, a hardened adversary can get in, or better yet, a trusted insider could poison the Evermind while pretending to care to it.
Another intelligence failure, or should I say, failure of intelligence.