And if they weren’t collecting info on him specifically then, they are now.
If they are collecting data on every citizen in the US, then they would theoretically have a dossier on you and everything that you’ve ever done or did. If that’s the case, that’s information that would be uncovered in a traditional FOIA request. It’s also data to which you should have access anyway, since it’s something you knowingly did already.
However, if they were to release that data to you, you would have the tools at your disposal to at least close up some of the glaringly obvious leaks, things like weak passwords or poor browsing habits. After that, they would be revealing how they get your data (from your ISP vs. from the bank itself, for instance). It would create a slippery slope that would technically reveal “trade secrets” used by the NSA for hacking your life.
I completely and wholeheartedly disagree with this practice, but I can understand why they would deny the request. They’ve literally set it up so that revealing the information you request is a violation of national trade secrets and legally cannot be released. They created a legal Faraday cage.