The Freedom Act was signed two days after the Patriot Act expired at midnight on May 31. The Patriot Act was passed by the Bush Administration in the panicked aftermath of the 9/11 attacks and its contentious Section 215 was a legal basis for the NSA's domestic mass surveillance.
As the Patriot Act's sunset provision loomed, Republican hawks such as Senate Majority Leader Mitch McConnell sought to extend Section 215.
They were bested by a bipartisan alliance of Republicans and Democrats, backed by civil liberties and privacy advocates and technology trade groups.
McConnell called his defeat a "resounding victory for Edward Snowden" and "for those currently plotting against the homeland".
But he misread the public mood. A poll last month, commissioned by the American Civil Liberties Union, found 60 per cent opposed NSA mass surveillance and wanted change.
Canny lawmakers changed tack: Republican congressman Jim Sensenbrenner and Senate Democrat Patrick Leahy, who both tabled the Patriot Act, had second thoughts after the Snowden leaks and introduced the Freedom Act.
Broadly speaking, the Freedom Act narrows the government's domestic focus by ending NSA "dragnets", indiscriminate surveillance that hoovered up billions of phone records made by US citizens not suspected of any crime.
The NSA must now get a court order to look at data held by phone companies - which are not legally bound to retain records.
While the law bans bulk surveillance, it does not entirely eliminate it. Thus, several hundred people who share the same IP address as a suspect may be scooped up.
It also revives Patriot Act measures for roving wiretaps of terrorist suspects, and a "lone wolf" programme to watch people not linked to terrorist groups.
"It's an important milestone," says Neema Singh Guliani, a legislative counsel with the ACLU in Washington. "It's not ideal. But I think it really represents a shift in public opinion and on the politics of this issue. A year or two ago the idea that these [legal] authorities won't just be rubber-stamped and extended was unthinkable."
Call it the Snowden effect. "What we saw was a failure of government at all levels," says Guliani. "It was a failure of the executive branch. And of the intelligence agencies that did too much. And of congress to provide oversight."
She thinks the impetus for change started with the public, as outrage about NSA excesses - including an ACLU report that some spooks illegally spied on spouses and girlfriends - reached elected representatives.
This trickle-up effect may even have permeated the Five Eyes network, of which New Zealand is a member. While US allies France and Australia have enacted tougher internet surveillance laws in recent weeks, British intelligence expert Duncan Campbell, writing in the Guardian, said that at a gathering of spy bosses he attended near Oxford last month "no one argued against calls for greater openness" and "translucency", if not transparency, was Snowden's legacy.
While the Freedom Act is a milestone - the first time Congress has reduced the power of intelligence agencies since the 1970s - spooks still wield much power. According to the Daily Beast, the agency feels the new law is "a big win for the NSA", as bulk phone records collection was not effective.
A former NSA source said it was "very big and very cumbersome", produced few terrorist leads and stopped few - if any - attacks.
A New American Foundation study that investigated 227 al-Qaeda affiliated groups or individuals charged with terror acts in the US since 9/11 found 17 cases were credited to NSA surveillance, resulting in one conviction - of a San Diego taxi driver who helped fund Somali terrorists.
And while the Obama Administration tries to mine political capital from the ban on domestic mass surveillance, it says charges against Snowden - at large in Russia - stand.
Speaking last month to the Guardian, which broke the Snowden leaks in June 2013, the whistleblower said "even more intrusive" bulk collection schemes existed and reform had only just begun.
Guliani agrees, saying: "If we were running a marathon then we're at the five-mile mark.
"There is still a very long road ahead."
It is blocked by two potent authorisations: Executive Order 12333, dating from 1981, and Section 702 of the 2008 FISA Amendments Act, set to expire on December 231, 2017.
The executive order, passed during the Reagan era, is used by the president to target communications made by foreigners outside the US. Section 702 targets foreigners who use US-based servers. Inevitably, both authorisations vacuum up innocent communications - metadata and content - by US citizens. The NSA has admitted that 702 allows it to spy on Americans without a warrant, a practice castigated by critics as a "backdoor search."
"It's conducting mass spying on people who aren't suspects. Who aren't under investigation," says Mark Jaycox, a legislative analyst with the Electronic Frontier Foundation, a privacy lobby which has repeatedly challenged the Obama Administration's spy programme in federal courts.
New evidence this week from the Snowden leaks shows that, from mid-2012, as cyberattacks on us businesses and government agencies increased, the NSA ran surveillance on us internet traffic to hunt hackers, without warrants or public debate.
So far the White House has been loath to surrender any executive power. The White House's Presidential Policy Directive 28 on signals intelligence activities, issued in January 2014, recognises that "all persons" - US citizens or otherwise - have "legitimate privacy interests." But the directive fails to address mass surveillance via Executive Order 12333. "It's window dressing,' says Jaycox. "It will take Congress to start looking into that authorisation."
That may happen when Section 702 - which Jaycox says deals with Prism and other NSA collection programmes - expires, setting the stage for a surveillance debate by a new Congress. One explosive issue is if the NSA bypassed US laws by getting its Five Eyes partners to snoop on US domestic communications. Snowden showed Britain's Government communications headquarters collected a vast trove of global internet traffic and shared this booty with the NSA. Is this business as usual for the Five Eyes network?
The agency may have got off lightly with the Freedom Act, but the fight to make spies more publicly accountable has barely begun.
