Surveillance used to mean gathering data — essentially, watching and listening. Hidden cameras and bugs were the technologies of choice.

That age is passing. No one is “watched” in the National Security Agency’s massive program to capture metadata. No agents are listening when they merely go through metadata, though agents are undoubtedly listening to some conversations pursuant to other programs.

The NSA program isn’t really about gathering data. It’s about mining data. All the data are there already, digitally stored and collected by telecom giants, just waiting. The NSA applies search algorithms to these trillions of information bits, compiling, sorting, looking for patterns.

In the world of data gathering, the key concept for setting limits on government surveillance is privacy. But in the world of data mining, the key is anonymity.

Anonymity is very different from privacy. Walking the streets, you’re not in private, but you may be anonymous if no one recognizes you. If you go into a store and pay cash for a book, what you’re doing isn’t private, but, again, you may be anonymous, and that anonymity might be very important to you. When people post material on a freely accessible website, their postings are public, not private — but they may well be anonymous. In such contexts, the question is not whether privacy should be honored but whether anonymity should be protected.

Anonymity can in some circumstances be a great freedom, worthy of protection. In others, it can encourage vicious behavior and enable crime. Solving the riddle of anonymity is the central question of the brave new digital world, even if our courts haven’t quite yet caught on.

When the government engages in data mining, anonymity deserves protection. Consider telephone metadata — the dates, times and numbers of phone calls. Is that information “private”? Thirty-five years ago, in Smith vs. Maryland, the Supreme Court said no. All that information is already turned over to and collected by phone companies. Hence the government can capture metadata without any constitutional restrictions — with no warrant, no probable cause, not even reasonable suspicion.

Smith makes intuitive sense to many people. Your metadata is not nearly as personal as your communication content — what you say on the phone or what is said to you. Moreover, even the most personal information is no longer private if exposed enough to others. If you take your laundry to the dry cleaners, you can’t complain when they report what they see to the government (which is what phone companies are doing when they turn over your metadata to the NSA). Under Smith, William H. Pauley III, the federal judge who in December found that the NSA metadata program did not violate privacy rights, was absolutely right.

But Richard J. Leon, the federal judge who ruled against the NSA program last month, was also right. Leon saw that there was something wrong in the NSA program apart from whether metadata is private.

Given the way cellphones are used today, Leon concluded, metadata can be mined to produce a live-streaming digital portrait of an individual’s entire life. “Records that once would have revealed a few scattered tiles of information about a person,” he wrote, “now reveal an entire mosaic — a vibrant and constantly updating picture of the person’s life.” For example, well-mined metadata could reveal a “wealth of detail” about a person’s “familial, political, professional, religious and sexual associations.”

This is an anonymity problem: The NSA cannot create a dossier on you from your metadata unless it knows that you made the calls the agency is looking at. The privacy question is all about data gathering: Should the NSA have access to nationwide metadata? The right answer to that question is yes. But identities should be hidden.

Suppose the NSA had access to all the metadata of every call a certain person made over the past five years — but didn’t know who that person was. Instead, the NSA knew only that individual “H4QQ9F” made the calls in question. In that world, there’s no Orwellian surveillance.

But suppose that individual H4QQ9F made a call to a known Al-Qaida safe house in Yemen. Then the NSA should be permitted to pierce the veil of anonymity and find out who H4QQ9F is.

Privacy was key when the question was whether, or how much of, our private lives could be monitored or recorded. That train has left the station. Today, most of us allow a great deal of our lives to be monitored and recorded — whenever we use a search engine, for example, or buy something online. Even the content of our private communications, such as e-mails and chats, is now routinely exposed to and stored by people at Facebook or Google. The key question isn’t how to keep information about us from getting out into the world; it’s how that information can be used.

The word “privacy” doesn’t appear in the Constitution. Privacy jurisprudence was a creation of the 20th century.

Today, we need a new jurisprudence of anonymity. We need laws and technologies that can break through anonymity when people commit crimes or torts online. But we also need laws and technologies that will protect anonymity when government engages in 21st-century data mining.


Jed Rubenfeld is a professor of constitutional law at Yale Law School and co-author of the forthcoming book “The Triple Package.” He wrote this article for the Washington Post.