Moreover, the risk to privacy is only one side of the ledger. The other side is that criminals can use technology today in a way they could not in the past. There were no jihadi websites in 1979. It was harder for criminals to transfer money or communicate instructions across borders. Bomb-making directions were not available on the Web.
There are also major differences in public attitudes about privacy. People can more easily find out things about each other today than in 1979, thanks to the Web, and so people now expect strangers—including potential friends, mates, and bosses—to know more about them today than they did in the past. People can also more easily share personal information about themselves, and rather than refrain from doing so in order to protect their privacy, they enthusiastically post photos and videos of themselves on Facebook and other social media sites. Thus, it is possible that people’s sense of privacy is also greatly altered, as if the whole country moved from a big city to a small town, trading in the benefits of anonymity and independence for the advantages of community and security. If we’re going to update Smith to take into account technological change, we also need to update it to take account of changes in social altitudes flowing from that technological change, including the possibility that people’s sense of privacy has shrunk. According to a recent Pew poll, while most people wish they could use the Internet anonymously, most people do not expect anonymity ever to be possible and yet use the Web nonetheless.
Now consider how the metadata program actually invades your privacy. The phone numbers you call and receive used to sit on one third-party server—the phone company’s—but now sit on the government’s servers as well. Most people’s metadata linger there unexamined until the system purges itself within five years. There is a small probability that a suspected terrorist has ordered pizza from the same place you have, and if so, your phone number (but not your name) might be one of thousands that an NSA agent eventually sees. It is most unlikely that he will pursue the pizza connection, but if he does, the FBI takes over and must conduct the investigation in conformity with the Fourth Amendment. From a legal standpoint, then, the invasion of privacy is minimal.
Critics of the metadata program rightly worry about the risk of government abuse. The recent report on the NSA by the President’s Review Group on Intelligence and Communications Technologies points out that an NSA employee with a grudge against someone can look up that person’s phone number, plumb the metadata for evidence that he dials up Alcoholics Anonymous or a suicide hotline, and then blackmail or harass him. But the same point can be made about any government depository of information—your financial records (on file with the IRS) or your medical records (on file with Medicare or Medicaid)—and thousands of government employees can access those records, whereas only 22 NSA employees can access the metadata, according to the President’s Review Group. We should demand safeguards, but the metadata program has safeguards aplenty. If we accepted the theoretical risk of government abuse as a reason for shutting down government programs, we wouldn’t have many such programs.
According to that same President’s Review Group, there is no evidence that the government has abused the metadata program in the Nineteen Eighty-Four-ish sense of suppressing dissent or harassing innocent citizens. The risk of abuse must, for now, be considered remote. If the NSA ever does start blackmailing people, the information will come out because you can’t blackmail someone without talking to him. Until that happens, the Supreme Court should stay its hand. Judge Pauley got it right: The NSA’s metadata program is constitutional.