What Is PRISM? Everything You Need to Know

The National Security Agency in the US has access to whatever data you’re storing with US service providers like Google Microsoft, Yahoo, and Facebook. They’re also likely monitoring most of the traffic flowing across the Internet. We’ll try to summarize the important revelations about PRISM from the recent leaks and discussions around this important topic.

First, an important disclaimer: This summary won’t be perfect or complete. The US government has complained that the discussion of PRISM involves incomplete information that doesn’t paint a complete picture of what’s going on — but that’s all we have available to us. In spite of their complaints, the US government won’t give us all the information we need to have a proper debate. The same laws that compel service providers to hand over data also compel them to keep silent. They’re not even allowed to admit that they’ve received any demands for data.

PRISM vs. Upstream Surveillance

According to an internal US National Security Agency slideshow leaked by Edward Snowden, PRISM isn’t the only Internet surveillance tool used by the NSA.

One leaked slide clarifies matters. It states that PRISM is a “collection directly from the servers of [certain] U.S. Service Providers.”

Other programs — codenamed FAIRVIEW, STORMBREW, BLARNEY, and OAKSTAR — work differently. These programs involve collecting all traffic, either by tapping undersea fiber optic cables or capturing traffic travelling through Internet routers and gateways located in the USA. It’s long been known that the NSA has secret rooms at Internet service providers and routing companies where they can intercept and monitor the data flowing past. Room 641A at the AT&T office in San Francisco was the first such room that we learned about back in 2006.

Under these Upstream programs, the NSA probably has the ability to capture most of the data being transmitted over the Internet. They’re building a massive data center in Utah, likely to store and analyze all this data. These upstream programs are capturing much more data and surveilling many more people than PRISM is.

prism vs upstream slide   What Is PRISM? Everything You Need to Know

So What is PRISM?

Upstream surveillance captures data flowing across the Internet, but this data is often incomplete if encryption is used. For example, the NSA can’t intercept Skype traffic data and decode it — the Skype traffic data is encrypted so no one can snoop on it in transit. The NSA can’t view your Google searches if you’re logged in, because that’s sent over an encrypted HTTPS connection as well.

The NSA wants this data and, under FISA, is capable of compelling any company to hand over data with orders from a secret court that’s being called a “rubber stamp court” because they haven’t denied any US government surveillance requests in the last three years. This is already occurring, and the NSA is capable of going to any service provider in the US and demanding it hand over the data. Service providers that have fought these requests as unconstitutional– Yahoo is notable for doing this — have lost in the secret courts. Even service providers not listed under PRISM are  handing over data when it’s demanded.

PRISM is some sort of system that allows NSA agents to collect data “directly from the servers” of certain US-based service providers, including MIcrosoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube, and Apple. Dropbox is listed as “coming soon.”

prism providers slide   What Is PRISM? Everything You Need to Know

After these slides were released, many companies spoke up and said they had never heard of PRISM before and that the NSA did not have “direct access” to their servers. This is likely true. What we’ve learned so far indicates that PRISM is some sort of an internal NSA system that streamlines NSA demands for data to these companies. An NSA agent likely demands the access to a user’s data — Gmail, Skype calls, Google or Bing searches, or instant messages — through the PRISM system and the company receives the demand. They then provide the demanded data in a convenient form, possibly through some sort of portal or by uploading it through standard protocols like FTP to the NSA’s system.

This was already going on before PRISM and it’s likely that providers not involved with PRISM are handing over data in the old, less-streamlined way. The new system allows NSA agents to demand data without filling out paperwork. Under the US FISA act, the NSA can monitor a person’s phone, email, and other communications for up to a week without going to the secret court and asking permission, and they can do it via PRISM.

How Many People Are Monitored Under PRISM?

So how many people are being monitored under PRISM? We don’t know for sure. However, there’s a good reason to be suspicious — the US government is demanding for all phone call “metadata” from phone companies in the USA. They’ve made a massive database containing which phone numbers call which other phone numbers and at which times. They’ve also asserted that they have a legal right to archive the location these calls were made from using cell phones, but they haven’t yet because of technical constraints. The US government is essentially monitoring everyone’s phone calls — not listening in to all of them, necessarily, but certainly tracking who you’re calling.

While the US government is essentially monitoring everyone’s Internet usage through upstream programs, PRISM seems a bit more targeted. The NSA likely looks at the upstream data and then decides who to look more closely at using PRISM. However, we don’t know for sure. The US government bans companies from even disclosing that they’ve received a national security letter request, much less disclosing how many they’ve received or how many accounts are being monitored.

Some companies received permission to report the total number of US government requests alone — everything from NSA requests relating to PRISM to standard police requests made with proper warrants. For example, Yahoo received 12,000 to 13,000 requests for user data between December 1, 2012 and May 31, 2012. We don’t know how many user accounts were covered by these requests or how many were made for surveillance instead of standard criminal investigations.

dates when prism began for each provider slide   What Is PRISM? Everything You Need to Know

Foreign vs. Domestic Targets

FISA technically restricts the government from monitoring the communications of Americans or anyone present in the USA. However, there are some concerns here:

  • The NSA must have 51% confidence that the target is “foreign.” That’s the lowest possible standard they could apply under the law — and after that anything goes.
  • The NSA is aware that domestic citizens end up being spied on under this standard, but instructs its agents in the leaked slides that it’s “nothing to worry about.”
  • Even if the NSA becomes confident the target isn’t foreign after collecting that data, the collected data can be kept forever. It’s just stored in a different database.
  • The NSA uses “contact chaining” and targets everyone within three “hops” of a suspected target. For example, if a coworker of yours has a friend whose long-lost brother is a suspected terrorist, you are a legitimate target of NSA surveillance and could have your digital life sifted through. Even if you’re found innocent, your data will be saved in a government database. Research has indicated that you can connect any person on the Internet to any other person in an average of 4.74 hops, or degrees. Many, many innocent people will be captured within three hops.

If you’re not in the USA, things are even clearer. People outside the USA receive even less protection from intrusive surveillance and, even if found innocent, have their data stored in a database that can be more easily accessed.

prism us as backbone slide   What Is PRISM? Everything You Need to Know

Similar Surveillance Programs in Other Countries

In response to PRISM, citizens in other countries have expressed outrage. The German government was particularly vocal in expressing its disapproval.

However, various leaks have demonstrated that countries like the UK, France, and even Germany itself have similar secret Internet-monitoring programs in place. It’s clear that the majority of developed countries are likely doing similar things like the USA, although they haven’t been caught with their hands in the cookie jar just yet.

So Where Do We Go From Here?

The media has fixated on PRISM, but it’s arguably one of the least scary revelations from recent NSA leaks. Yes, the US government is forcing US-based service providers to turn over customer data with only a secret court order from a rubber-stamp court. They’ve also built a system to streamline such requests, making it easier to spy on larger numbers of people. However, PRISM seems to at least be targeted at specific accounts. Other surveillance programs tap directly into the Internet’s backbone and monitor the data flowing past — even if the communication is encrypted, they can at least tell what websites you’re communicating with.

As storage becomes cheaper, new huge data centers are built, and laws like FISA and the Patriot act become even more loose and authorize even more wide-scale government surveillance, the expansion of PRISM in the future is a concern. Will PRISM grow into a program that demands US service providers hand over all customer data to the US government to be placed in a massive database, just as they already demand phone companies hand over all phone call records, and Internet communications companies allow them to monitor all data flowing past?

Now that the leaks have informed citizens of the USA and the rest of the world what has been going on in secret, perhaps we can all begin to have a discussion about what kind of surveillance is acceptable in a democratic society. If people agree that such surveillance is necessary, that’s one thing — but it’s quite another for such surveillance programs to be set up in secret by governments and forced on their citizens without a debate or even an acknowledgement that they exist. The US government is fighting to keep court opinions justifying their surveillance programs under wraps — the surveillance programs are taking place under secret interpretations of laws that average citizens aren’t allowed to know. That’s no way to run a democracy.

Surveillance could also be used against everyone. Laws have become so complicated that it’s often said the average American commits three felonies per day. Everything from unlocking a cellphone to jailbreaking an iPad to violating a website’s terms of service is technically a felony that you could be convicted and jailed for in the USA.

What do you think about PRISM? Are you one of the people who aren’t bothered by it? Or did we miss anything particularly important? Leave a comment below and chime in!

Image Credits: Bald Headed Eagle Via Shutterstock

The comments were closed because the article is more than 180 days old.

If you have any questions related to what's mentioned in the article or need help with any computer issue, ask it on MakeUseOf Answers—We and our community will be more than happy to help.

22 Comments -

0 votes

El_Marko

Missing from this piece is, I think, a description of the intersection betweem PRISM and X-Keyscore. The Guardian reports that X-Keyscore is the NSA’s “‘widest-reaching’ system for developing intelligence from the internet.” This MakeUseOf piece is published online and I’m reading it and commenting on it. Could that make me part of the NSA database? It seems entirely possible.

The Guardian’s article on X-Keyscore is at http://goo.gl/j1uzZu

0 votes

dragonmouth

“perhaps we can all begin to have a discussion about what kind of surveillance is acceptable in a democratic society.”
First of all let’s dispense with the myth of “democratic society.” With each passing day we move further and further away from a democratic society. While the people are occupied with discussion, discourse, debate about surveillance, governments will not only carry on their clandestine and nefarious activities as usual but will continue to expand them. Technology marches on, giving the watchers better surveillance methods and tools. By the time the discussion comes to some conclusion, it will be too late.

“In response to PRISM, …………….. The German government was particularly vocal in expressing its disapproval.”
Oh, really?! Do I hear someone say “disingenuous?” Are we to believe that the country that gave the world the Gestapo and the Stasi is outraged at a government keeping tabs on everything its citizens do and say?

“If people agree that such surveillance is necessary”
Please, do not be naive. The rationale for the surveillance will be framed in such a way that the people will have no choice but to agree that it is necessary. In fact they will insist on it. How does this sound? “The surveillance is necessary to protect our defenceless children from sexual predators” or “The surveillance is necessary to keep our country safe from terrorism” Of course, as the surveillance increases “for the good of the citizens” the definition of “terrorism” will change. At first it will mean acts like 9/11 and suicide bombing. Then more and more activities will be added to the list until any “act against the state” (as defined by those in power) will be considered “terrorism.” Ask anybody who lived under a totalitarian regime. Any and all dissent and opposition to the government will be outlawed. This is where our “democratic society” is heading.

0 votes

Lauge

The only surveillance a democratic society needs is the surveillance of the ruling body ie. the state itself,

0 votes

dragonmouth

In a perfect world, you are right. However, we do not live in a perfect world. Right now “democratic society” is just an abstract concept that the world is getting further and further away from. At the rate things are going, in a few years we will consider the days of Gestapo, Stasi, NKVD as the “good, old days.”

0 votes

Dennis

I Strongly Agree!!

0 votes

John Safford

Ha Ha This story proves how paranoia affects people – Any rational person would recognize this information as a hoax in a few seconds including the guys that made the comments.

THIS SOURCE FOR THIS PATHETIC ARTICLE IS A PARODY WEBSITE – A HOAX

Chris Hoffman should be selling shoes instead of claiming to be a tech blogger and he did not even cite his source below:

http://nsa.gov1.info/surveillance/index.html

Scroll to the bottom to see this footnote:
“”This is a parody of nsa.gov and has not been approved, endorsed, or authorized by the National Security Agency or by any other U.S. Government agency.””

0 votes

Victor O

It is not a HOAX, as you say. The site itself can be a fake one (of course the NSA wouldn’t show how much of a security breach they’re committing), but the information can be entirely true.

0 votes

Tina Sieber

Regarding your second (duplicate) comment that I didn’t publish: Your comments were not posted immediately because you added a link. We moderate comments for spam, scams, and profanity. We don’t censor.

Please don’t be rude or attack people personally. We reserve the right to remove such comments, too.

0 votes

John Safford

You are right – I was completely out of place! Please remove my whole post and this one – Most of his stuff is indeed correct but the wording was characteristic of the parody.

0 votes

dragonmouth

@John Safford:
Remember, Just because you are paranoid does not mean that someone is not watching you.

0 votes

Chris Hoffman

Thanks for taking that back, John. I’d never seen that parody website before in my life. The info in the above article was taken from many different places and articles I’ve read, including ones in publications such as The Washington Post. I didn’t get any information here from a parody website.

0 votes

Lisa O

So, should I be glad that my country’s government is not so gung-ho over IT?

0 votes

dragonmouth

“So, should I be glad that my country’s government is not so gung-ho over IT?”
For now. They’re just a little slow in upgrading their technology. Eventually they’ll get there. NO GRIN

0 votes

Lavender

“The wicked flee when no one pursues.” If the shoe fits, America.

‘Nuf said.

0 votes

Hal

Actually there is not nearly “Nuf said.” A lot more needs to be said, although I’m not sure where. I have no faith in voting anymore. So much of the fabric of our has been lost after 9/11 (Thanks G Dubya) I cannot believe Americans will ever enjoy true freedom again.
We have entered an age of iniquitous technology.
How many would dump iPads, Facebook, smartphones et al to regain a semblance of privacy and reclamation of the US Constitution? My guess is, few people would do that.

0 votes

Lavender

I have a friend who’s an Operations Research Analyst (Ph.D.) He says it’s not about monitoring every word said in every call/email/whatever. It’s about relationships: who you’re communicating with; who they’re communicating with; who THOSE people are communicating with; and so on. And on. They’re looking for “suspicious” (which means anything and everything whenever it suits them) activity and relationships. So, if you’re a bonafide hammer & sickle waving Obamatron, you’re probably safe. For now.

Eventually no one will be safe. But by the time those who’ve sold out everyone else come to realize that, it’ll be too late.

0 votes

sl0j0n

Hello, all, especially our friends at the ASA, CIA, FBI, NSA,
& all the rest of of the alphabet.
The *really* frightening thing is that almost nobody ‘gets’ this.
Its not *even* about “security”, terrorism, bla, bla, bla,
Its about about BILLIONS of dollars.
Snowden reportedly gave up $140,000 a year job,
because he was so shocked and dismayed by he had learned.
Think about that, & the kind of qualifications Snowden had.
IF he could make $140,000 a year,
his supervisors probably easily make $200,000 PLUS.
Their bosses could easily make $300,000 to $500,000 a year, if not more.
The really “top” people?
They can blackmail their way to millions, just on what they ‘know’.
And anytime a government program has literally billions of dollars,
its all but guaranteed that millions are being stolen.
The people that came out swinging,
about how important these programs are?
You can bet your ‘bottom dollar’ they’re able to skim millions right off the top.
Remember, there’s no such thing as a $600 dollar hammer.

Have a GREAT day, neighbors!

0 votes

Dennis

I Have a Big Problem With Anything That Threatens My Privacy. To Me It’s Just Wrong To Spy and Veiw the personal Information Of Others.

0 votes

James M

Whatever happened to the FBI’s Carnivore program? According to reports not long after the false flag* event on September 11th ’01 conducted by the military industrial complex/plutocracy/oligarchy/anonymous empire, the Carnivore program was launched by the FBI that could access all information passing through a domain name server (DNS). That must’ve been the prototype or spinoff of PRISM. Time to fire all the govt workers I mean congressmen and degenerates in wasteful and disgraceful federal agencies. They’re public servants and the job they’re doing is a pile of crap.

* A false flag event is planned and conducted by internal sources, to stimulate the populace intro a frenzied anger-confusion where declaring war becomes much easier, e.g., the Lusitania, Pearl Harbor, Gulf of Tonkin, yellow cake Ur/Al Qaeda/constant references to “9-11.” 9/11 was the controlled demolition of three WTC buildings, the firing of a of bunker buster at the Pentagon, and a missile crater in Pennsylvania. Larry Silverstein, the “landlord” of the WTC gave the order himself to “pull #7″ the bldg that collapsed, appearing like a controlled demolition like bldgs 1 and 2, at around 3 or 4 pm, yet no plane hit it and the 9/11 commission did not even mention it in their report. A third building collapses appearing just like the first two controlled-demolitions, Silverstein is quoted as saying “I gave the order to pull #7.”

0 votes

Bob

James M,

Why do you attempt to spread blatant lies about 9/11 being an inside job? There’s enough REAL, bad stuff going on that no one needs to make stuff up.

0 votes

chutes&ladders

It’s just a big game. The question is, “Do you play?”
It has always been this way; players and victims.
I like it.

0 votes

DaddyShadow

The insanity will continue to get worse. Realize, after 911 it will take something even more catastrophic to get the same results from the citizens. Each wave will be worse than the last in an attempt to keep fear and pressure up. Ah, the policy of fear mongering. I LOVE the smell of it in the morning! Smells like victory! :-(