Twitter is TLS by default, so it wouldn't be very useful to just capture the traffic. They'd have to either MITM (which would be detectable e.g. by the SSL Observatory) or by obtaining Twitter's TLS keys for decryption.
Yeah, and now that I think of it, it would probably be easier to hack the other endpoint (the users' computers). I'm just saying, knowing that the NSA has been recording web traffic doesn't automatically mean they have all the tweets.