Rand Paul
Sen. Rand Paul, R-Ky., (right) is the most vocal National Security agency critic in Congress, opposing the 2001 USA Patriot Act as well as the USA Freedom Act. At center is his conservative-libertarian ally, Rep. Justin Amash, R-Mich. Reuters/Mike Theiler

It’s been two years since former National Security Agency contractor Edward Snowden blew the whistle on vast U.S. spy programs that enable government agencies to monitor international communication “metadata.” But millions of people within and outside of the U.S. caught in the NSA dragnet still have little idea about what kind, and how much, of their information is being collected.

The NSA’s ability to legally collect metadata on American phone calls expired at midnight Sunday when Congress allowed Section 215 of the Patriot Act to fade to black. Between late 2001 and Sunday night, though, the government collected and stored years’ worth of metadata on American phone calls in an effort, it says, to protect national security. And, under the 2008 Foreign Intelligence Surveillance Act, the NSA will continue to collect metadata on Americans’ emails and social media interactions with people located outside the country.

Metadata is traditionally defined as “data about data.” Translation: The NSA probably isn’t listening to your phone calls or reading your email. But they probably don’t need to.

Instead, intelligence analysts had access to information about phone calls. That includes the phone numbers of both caller and recipient, the number of any calling cards used, the time and duration of calls and the international mobile subscriber identity (a unique identifier embedded in a phone SIM card) number. Email metadata includes each message’s to, from, cc and timestamp information. It also includes the IP address each email was sent from, which reveals where a computer is located anywhere in the world.

While the U.S. population had a mixed reaction to the Snowden revelations, privacy activists have warned that even seemingly innocuous information taken from call logs can reveal a lot about someone’s personal life.

If a young woman phones Planned Parenthood, the example goes, followed by a call to her boyfriend and then a member of her family, it doesn’t take much to guess she might have had an abortion. But intelligence operatives say losing the ability to create a web of personal connections for a suspected terrorist would impair their ability to investigate and stop a potential attack.

The problem is that neither side can point to a specific instance where their warnings came true. An FBI inspector general report released earlier this month showed that, even as metadata collection tripled between 2004 and 2009, it failed to reveal any new information that stopped a terrorist attack on American soil. On the other hand, the Privacy and Civil Liberties Oversight Board, an independent agency appointed by Congress to examine classified reports on the Patriot Act, found no instances in which surveillance collection was misused.