What Is PRISM? The Secret US Government Program Explained

Yesterday, the Washington Post and The Guardian dropped concurrent bombshell reports. Their subject was PRISM, a covert collaboration between the NSA, FBI, and nearly every tech company you rely on daily. PRISM has allowed the government unprecedented access to personal information for at least the last six years. But what is it, exactly?

PRISM is a secret US government program...

As much as PRISM might sound like a comic book antagonist of S.H.I.E.L.D., it's the codename for a very real US government program. According to leaked documents, it went into effect in 2007, and it has only gained momentum since. Its stated purpose is to monitor potentially valuable foreign communications that might pass through US servers, but it appears that in practice its scope was far greater.

...that gives the NSA unprecedented access to the servers of major tech companies...

Microsoft. Yahoo. Google. Facebook. PalTalk. AOL. Skype. YouTube. Apple. If you've interacted with any of those companies in the last six years, that information is vulnerable under PRISM. But how?

The initial reports from last night suggested that the process worked as follows: The companies mentioned above (and who knows how many others) receive a directive from the attorney general and the director of national intelligence. They hand over access to their servers — and the tremendous wealth of data and communiques that passes through them every day — to the FBI’s Data Intercept Technology Unit, which in turn relays it to the NSA.

And that's when things get interesting.

...so that the agency can spy on unwitting US citizens...

It seems impossible that the NSA, an agency which by law is only allowed to monitor foreign communications, has so much access to domestic information. And yet!

There are, as you might expect, filters in place to help handle the fire hose of data that comes through daily, the trillions of bits and bytes that make up our online identities and lives. Something to ensure that only the bad guys are being tracked and not honest, everyday citizens. Actually, there's one filter, and it's ridiculous: an NSA analyst has to have "51 per cent" confidence that a subject is "foreign". After that, it's carte blanche.

That's it. That's the only filter. And it's an ineffective one, at that; the PowerPoint slides published by the post acknowledge that domestic citizens get caught in the web, but that it's "nothing to worry about."

...with terrifying granularity...

It's something to worry about.

What's most troubling about PRISM isn't that it collects data. It's the type of data it collects. According to the Washington Post report, that includes:

…audio and video chats, photographs, e-mails, documents, and connection logs… [Skype] can be monitored for audio when one end of the call is a conventional telephone, and for any combination of “audio, video, chat, and file transfers” when Skype users connect by computer alone. Google’s offerings include Gmail, voice and video chat, Google Drive files, photo libraries, and live surveillance of search terms.

Did you get all that? Similar depth of access applies to Facebook, Microsoft and the rest. Just to be clear: this covers practically anything you've ever done online, up to and including Google searches as you type them.

...which is both different from and more aggressive than the Verizon scandal...

The news of PRISM broke soon after a separate report, about the NSA's having access to Verizon customer — and, according to an NBC report, everyone else's — phone logs. Surprisingly enough, this is a totally different program! And PRISM makes the Verizon thing look like an ACLU company picnic by comparison.

When the NSA monitors phone records, it reportedly only collects the metadata therein. That includes to and from whom the calls were made, where the calls came from, and other generalised info. Importantly, as far as we know, the actually content of the calls was off-limits.

By contrast, PRISM apparently allows full access not just to the fact that an email or chat was sent, but also the contents of those emails and chats. According to the Washington Post's source, they can "literally watch you as you type". They could be doing it right now.

...and has the full (but contested) cooperation of tech giants...

PRISM's first corporate partner was allegedly Microsoft, which according to the Post and Guardian signed on back in 2007. Other companies slowly joined, with Apple being the most recent enlistee. Twitter, it seems, has not complied.

But why would all of these companies agree to this? Mostly because they have no choice. Failure to hand over server data leaves them subject to a government lawsuit, which can be expensive and incredibly harmful in less quantifiable ways. Besides, they receive compensation for their services; they're not doing this out of charity. There is incentive to play ball.

Here's where things get a little complicated though. Apple, Microsoft, Yahoo and Google have all given full-throated denials of any involvement whatsoever. Most of them aren't just PR syntactical trickery, either; they are unequivocal.

...and which is, shockingly enough, totally legal.

What's most horrifying about PRISM might be that there's nothing technical illegal about it. The government has had this authority for years, and there's no sign that it's going to be revoked any time soon.

A little bit of history might be helpful for context. Back in 2007, mounting public pressure forced the Bush administration to abandon the warrantless surveillance program it had initiated in 2001. Well, abandon might be too strong a word. What the administration actually did was to find it a new home.

The Protect America Act of 2007 made it possible for targets to be electronically surveilled without a warrant if they were "reasonably believed" to be foreign. That's where that 51% comes in. It was followed by the 2008 FISA Amendments Act, which immunized companies from legal harm for collaborating handing information over to the government. And that's the one-two punch that gives PRISM full legal standing.

All of which is to say that PRISM is an awful violation of rights, but it's one that's not going to disappear any time soon. The government is so far completely unapologetic. And why wouldn't they be? It's easy enough to follow the letter of the law when you're the one writing it.

Slides: Washington Post


Comments

    There are those who said this day would never come,

    They said it was impossible,
    They called me paranoid,
    They labeled me a conspiracy theorist

    What are they to say now!

      Let's drink from the glass of success, and enjoy the hubris of their defeat.

      What you really have to worry about, are the things you don't know.

      Paranoia is just perfect awareness.

      Last edited 08/06/13 3:59 pm

        DEFEAT? Are you kidding? Just because we know isn't stopping them.

    What is PRISM? A hoax or an exaggeration.

    If any of you watch Nikita then PRISM sounds a little bit like division you guys should seriously check out the show its awesome

    I understand peoples aversion to being surveiled like this - but in reality, who really cares. What are you doing they would care about? As far as I've seen in the media, nobody has been arrested for an isolated incident of searching google for (as an example) "Thermite"...

    For me the only real area of concern is the cost of such a program vs the realistic benefits.. But in an economy like the USA, where everyone has since 9/11 been clamoring for them to "do something" about terrorism, but everyone wants their privacy at the same time, there's not really any way to make everyone happy.

    Personally, even as an Australian - they are more than welcome to know how frequently I visit gizmodo. Even with personal things, they are more than welcome to know about who i'm in love with this week, my latest business deal, or any other personal detail about me (if they do not already).

    Eternal vigilance is the price of liberty. Thomas Jefferson.
    Paranoia is the price we pay for liberty, eternal vigilance is not enough. Moonman.

    Try tailoring this to Australia. PRISM is designed to spy on foreigners (for example, Australian's) yet you're fretting about the implications for US citizens. This article is fine for gizmodo.com but it makes absolutely no sense to simply re-publish it on gizmodo.com.au without making a few minor changes. We don't care about citizens of the USA.

Join the discussion!

Trending Stories Right Now