Chertoff called that “a much more finely-grained approach to how we balance surveillance and security” and pointed to lessons learned after the 9/11 terrorist attacks.

He allowed that his archive of metadata could be kept by private companies as long as they only hold it for a set duration: “I still think that’s something of significant value.”

That picks up on a key provision in the USA Freedom Act. That 2015 bill, which curtailed the National Security Agency’s bulk surveillance, requires telecom carriers to keep calling records that the NSA had previously harvested.

Counting on Big Telecom to stand up to the Feds on your behalf may seem like wishful wonkery, but Chertoff said he hopes to see the courts or Congress stiffen those companies’ spines.

He pointed to the recent Supreme Court ruling in Carpenter v. U.S. that police need a search warrant to get historical cell-site location information. That punched a hole in the “third-party doctrine,” the idea that if you give data to an outside firm you can’t expect it to stay private.

Chertoff noted a dissenting opinion from Justice Neil Gorsuch arguing that the entire third-party doctrine lacked sense, and that citizens should instead retain ownership of data they provide to companies. “Usually, changes begin with dissents, and ultimately they get incorporated into majority opinions,” he said.

Encryption is a good thing

In the interview, Chertoff reiterated his earlier support for another limit on government curiosity: strong encryption without “special access” for law enforcement.

“We should not undermine or restrict encryption because the value of the population as a whole in having secure encryption outweighs the fact that in any individual case it would be nice to be able to decrypt the conversation,” he said.

And he’s not persuaded by recent proposals to make this special access more secure—perhaps by storing these extra keys in separate parts.

“If you’re doing it at scale, not just once in a blue moon, the problem is going to be transmitting the fragments over time and space,” Chertoff said. “It may very well be that some genius engineer will come up with a perfect way to split the key and have it be invulnerable but available, but I have not seen that yet.”

Digital daily habits

In his own life, Chertoff said his own skepticism has led him to opt out of many common digital habits. He has an Amazon (AMZN) Echo, for instance, but “it’s in a box, unplugged.”

He would hold gadget companies responsible for insecure connected gadgets: “I think there ought to be more responsibility, including potential liability, for failure to put in basic requirements of security.”

Some networked pastimes are completely off-limits, though. “I don’t do social media,” he said before complaining of widespread fake accounts and wondering “to what extent do you allow anonymity to continue?”

And you won’t hear him complaining about the wireless at a conference: “I don’t, for example, use public WiFi or hotel WiFi.”

But Chertoff also said he prefers to make larger payments via check: “If I can do it on paper, I’m always, you know, happier to do that.” That’s the opposite of most security advice, considering how many more hands touch a paper check versus an electronic payment and the resulting high reported rates of check fraud.

But we know paper, while we’re still learning our way around bits. And Chertoff’s observation of the encryption debate applies to more than just that: “People tend to overestimate their ability to protect things.”

More from Rob:

• 5 ways Apple Maps can improve to compete with Google

• Apple’s Safari has dropped the ball on security

• How self-driving cars will take to China’s roads

• Facebook’s push to kill bad political ads is also hiding regular posts

Email Rob at rob@robpegoraro.com; follow him on Twitter at @robpegoraro.