True, but unlike many, we still have due process under the Constitution. Whether or not that means anything anymore is arguable.
There's no way to definitively determine the extent of government surveillance, because the snooper asserts state secret. Mind you, snooping with a reason, that is, having suspicion, is a part of "hidden" due process. "Hidden" because the only incidents seen by the public are those that are litigated.
As a check on snooping without suspicion, the fourth amendment provides that an "impartial" third party, a member of the judicial branch, review requests for snooping - before or after the snoop, depending on circumstances. But Congress has carved out an international call exception to that rule (FISA says any international call can be snooped without involving the judiciary).
The question of how government monitoring on a mass scale associates with "government of a free people" is litigated in Europe in much the same way it is in the US. See Liberty v. UK: European Court of Human Rights finds mass surveillance system violates the right to privacy, as an example of a news story about the Court case, "Liberty v. The United Kingdom." In order to surmount the objection elucidated by the Court, in that case, the Euro-snoopers are seeking legislative modification - exactly the same pattern followed in the US. That is, some left-wing nutbag civil liberty group sues the government (ACLU and Electronic Frontier Foundation in the US; UK human rights organization Liberty, Irish Council for Civil Liberties (ICCL) and British-Irish Rights Watch in the UK), and if the Courts got too close to the executive's snooping activity, the executive goes to the legislature to get the law changed.
More links relating to Liberty v. United Kingdom below:
UK government fined for violation of right to privacy
UK phonetap laws breach privacy (The Guardian)
Call for reform of Irish/UK surveillance laws
The case itself is a fascinating read (http://www.centrumforrattvisa.se/images/File/FRA/LibertyvUK.pdf), as it describes the same sort of division (or legal distinction) between data interception/storage vs. data analysis that plays in the US. The law is unsettled in the US, meaning cases haven't been litigated to conclusion, and the operative condition is that breach occurs when the stored information is called up by a human. Mass interception and storage has NOT been litigated to conclusion in the US.