“The issue at the heart of this debate, then, is not merely whether the state, in attempting to prevent terrorism, might overstep traditional protections of privacy or accidentally make our credit card information more accessible to Russian hackers. … How much of ourselves should we give over to the state?”