The argument isn't that metadata isn't data. It's that metadata isn't "yours." It's AT&T's observations and records about your use of their system. That's not "technical jargon." It's a relevant distinction when discussing the scope of a privacy right: whose information is protected? If it's not just information generated by you, but also information relating to you, how closely does it have to relate? Etc.
Yep, agree. The courts have so far ruled that you have no "right to privacy" to data that isn't yours to begin with thus email headers and phone records can be collected by law enforcement en masse without a warrant.
But compare this with the Supreme Court ruling in 1958 blocking the Alabama government from obtaining the NAACP's membership lists as a condition to doing business in the state. The lists belong to the NAACP and not the individuals on those lists, but the Supreme Court still held that people had a right to "pursue their lawful private interests privately". [1]
"Immunity from state scrutiny of petitioner's membership lists is here so related to the right of petitioner's members to pursue their lawful private interests privately and to associate freely with others in doing so as to come within the protection of the Fourteenth Amendment"
I've wondered why the businesses from which the government gets this data don't have a right to privacy. It seems like that since corporations were given the right to contribute money to political advertisements on the grounds that they are people then they should be extended the same privacy rights as well.
There is no "right to privacy" per se in the U.S. There is a right to be free of unreasonable searches and seizures (4th amendment), there is a right to refuse to testify against yourself at trial (5th amendment), etc. These protect certain aspects of a right to privacy, but if you read writings from the founding generation, they didn't have the kind of well-developed "right to privacy" concept many people have today.
As a result, these protections exist next to mechanisms that cut in the other direction. One of those mechanisms is the almost unlimited power of common law courts to compel people to furnish information, through subpoenas and warrants. And that power is especially strong when the information is about someone else. So for example, while a court cannot force you to testify against yourself (5th amendment), they can force you to testify against someone else. They can force you to furnish information or copies of documents relevant to an investigation or ongoing litigation. Indeed, in a civil litigation, often one of the lawyers will be able to issue subpoenas forcing parties to turn over documents in the name of the court. In the Anglo-American system, there is really no "right of privacy" as against the right of a court to gather all the evidence necessary in a civil or criminal litigation.
So corporations do have 4th amendment rights. The NSA doesn't come to their offices and take the information. But that doesn't protect them against court orders to furnish information about other people.
Citizens United did not say that corporations are people. If you are starting from that misunderstanding then lots of things won't make sense. Corporate personhood is not mentioned in the decision.
A year after Citizens the court ruled unanimously in FCC v ATT that corporations fail to meet the "personal" part of "personal privacy." That decision is fun to read if only for the last paragraph.
Hey, that's great that you understand this to the extent of articulating why metadata gathering is a problem - but I assure you that the "metadata isn't data" rhetoric GP mentions is, in fact, the tactic I see most often in the wild.
So calling it "technical jargon" is pretty accurate - people encounter this confusing word "metadata" and have no idea what it means or how to reason about it.
Even if that's so, there is still the issue of "expectation of privacy". If the customer buys AT&T's service and expects a certain degree of privacy (meaning no one can just try and locate where he is with that data, or with who he is talking to, etc), then I think he deserves that kind of privacy.
Ultimately, the citizens can demand laws that state that fact explicitly. There are countries where collection of metadata by authorities in this way is illegal - and not because they didn't try to collect it. They did. It's just that "the people" won the argument, and now they aren't allowed to use the metadata (or at least not in this sweeping way).
HIPAA (privacy portion) covers more than just your data, so I could see the same thing here. What if "your" medical data was private, but all the metadata about where you are treated could be recorded.
Can you imagine if they decided HIPAA didn't consider "metadata" private? Sure, the doctor's notes are private, but the list of every procedure you've had and every drug you've taken doesn't count.
The argument isn't that metadata isn't data. It's that metadata isn't "yours." It's AT&T's observations and records about your use of their system. That's not "technical jargon." It's a relevant distinction when discussing the scope of a privacy right: whose information is protected? If it's not just information generated by you, but also information relating to you, how closely does it have to relate? Etc.