What Is PRISM? Everything You Need to Know

Ads by Google

The National Security Agency in the US has access to whatever data you’re storing with US service providers like Google Microsoft, Yahoo, and Facebook. They’re also likely monitoring most of the traffic flowing across the Internet. We’ll try to summarize the important revelations about PRISM from the recent leaks and discussions around this important topic.

First, an important disclaimer: This summary won’t be perfect or complete. The US government has complained that the discussion of PRISM involves incomplete information that doesn’t paint a complete picture of what’s going on — but that’s all we have available to us. In spite of their complaints, the US government won’t give us all the information we need to have a proper debate. The same laws that compel service providers to hand over data also compel them to keep silent. They’re not even allowed to admit that they’ve received any demands for data.

PRISM vs. Upstream Surveillance

According to an internal US National Security Agency slideshow leaked by Edward Snowden, PRISM isn’t the only Internet surveillance tool used by the NSA.

One leaked slide clarifies matters. It states that PRISM is a “collection directly from the servers of [certain] U.S. Service Providers.”

Other programs — codenamed FAIRVIEW, STORMBREW, BLARNEY, and OAKSTAR — work differently. These programs involve collecting all traffic, either by tapping undersea fiber optic cables or capturing traffic travelling through Internet routers and gateways located in the USA. It’s long been known that the NSA has secret rooms at Internet service providers and routing companies where they can intercept and monitor the data flowing past. Room 641A at the AT&T office in San Francisco was the first such room that we learned about back in 2006.

Under these Upstream programs, the NSA probably has the ability to capture most of the data being transmitted over the Internet. They’re building a massive data center in Utah, likely to store and analyze all this data. These upstream programs are capturing much more data and surveilling many more people than PRISM is.

prism-vs-upstream-slide

Ads by Google

So What is PRISM?

Upstream surveillance captures data flowing across the Internet, but this data is often incomplete if encryption is used. For example, the NSA can’t intercept Skype traffic data and decode it — the Skype traffic data is encrypted so no one can snoop on it in transit. The NSA can’t view your Google searches if you’re logged in, because that’s sent over an encrypted HTTPS connection as well.

The NSA wants this data and, under FISA, is capable of compelling any company to hand over data with orders from a secret court that’s being called a “rubber stamp court” because they haven’t denied any US government surveillance requests in the last three years. This is already occurring, and the NSA is capable of going to any service provider in the US and demanding it hand over the data. Service providers that have fought these requests as unconstitutional– Yahoo is notable for doing this — have lost in the secret courts. Even service providers not listed under PRISM are  handing over data when it’s demanded.

PRISM is some sort of system that allows NSA agents to collect data “directly from the servers” of certain US-based service providers, including MIcrosoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube, and Apple. Dropbox is listed as “coming soon.”

prism-providers-slide

After these slides were released, many companies spoke up and said they had never heard of PRISM before and that the NSA did not have “direct access” to their servers. This is likely true. What we’ve learned so far indicates that PRISM is some sort of an internal NSA system that streamlines NSA demands for data to these companies. An NSA agent likely demands the access to a user’s data — Gmail, Skype calls, Google or Bing searches, or instant messages — through the PRISM system and the company receives the demand. They then provide the demanded data in a convenient form, possibly through some sort of portal or by uploading it through standard protocols like FTP to the NSA’s system.

This was already going on before PRISM and it’s likely that providers not involved with PRISM are handing over data in the old, less-streamlined way. The new system allows NSA agents to demand data without filling out paperwork. Under the US FISA act, the NSA can monitor a person’s phone, email, and other communications for up to a week without going to the secret court and asking permission, and they can do it via PRISM.

How Many People Are Monitored Under PRISM?

So how many people are being monitored under PRISM? We don’t know for sure. However, there’s a good reason to be suspicious — the US government is demanding for all phone call “metadata” from phone companies in the USA. They’ve made a massive database containing which phone numbers call which other phone numbers and at which times. They’ve also asserted that they have a legal right to archive the location these calls were made from using cell phones, but they haven’t yet because of technical constraints. The US government is essentially monitoring everyone’s phone calls — not listening in to all of them, necessarily, but certainly tracking who you’re calling.

While the US government is essentially monitoring everyone’s Internet usage through upstream programs, PRISM seems a bit more targeted. The NSA likely looks at the upstream data and then decides who to look more closely at using PRISM. However, we don’t know for sure. The US government bans companies from even disclosing that they’ve received a national security letter request, much less disclosing how many they’ve received or how many accounts are being monitored.

Some companies received permission to report the total number of US government requests alone — everything from NSA requests relating to PRISM to standard police requests made with proper warrants. For example, Yahoo received 12,000 to 13,000 requests for user data between December 1, 2012 and May 31, 2012. We don’t know how many user accounts were covered by these requests or how many were made for surveillance instead of standard criminal investigations.

dates-when-prism-began-for-each-provider-slide

Foreign vs. Domestic Targets

FISA technically restricts the government from monitoring the communications of Americans or anyone present in the USA. However, there are some concerns here:

  • The NSA must have 51% confidence that the target is “foreign.” That’s the lowest possible standard they could apply under the law — and after that anything goes.
  • The NSA is aware that domestic citizens end up being spied on under this standard, but instructs its agents in the leaked slides that it’s “nothing to worry about.”
  • Even if the NSA becomes confident the target isn’t foreign after collecting that data, the collected data can be kept forever. It’s just stored in a different database.
  • The NSA uses “contact chaining” and targets everyone within three “hops” of a suspected target. For example, if a coworker of yours has a friend whose long-lost brother is a suspected terrorist, you are a legitimate target of NSA surveillance and could have your digital life sifted through. Even if you’re found innocent, your data will be saved in a government database. Research has indicated that you can connect any person on the Internet to any other person in an average of 4.74 hops, or degrees. Many, many innocent people will be captured within three hops.

If you’re not in the USA, things are even clearer. People outside the USA receive even less protection from intrusive surveillance and, even if found innocent, have their data stored in a database that can be more easily accessed.

prism-us-as-backbone-slide

Similar Surveillance Programs in Other Countries

In response to PRISM, citizens in other countries have expressed outrage. The German government was particularly vocal in expressing its disapproval.

However, various leaks have demonstrated that countries like the UK, France, and even Germany itself have similar secret Internet-monitoring programs in place. It’s clear that the majority of developed countries are likely doing similar things like the USA, although they haven’t been caught with their hands in the cookie jar just yet.

So Where Do We Go From Here?

The media has fixated on PRISM, but it’s arguably one of the least scary revelations from recent NSA leaks. Yes, the US government is forcing US-based service providers to turn over customer data with only a secret court order from a rubber-stamp court. They’ve also built a system to streamline such requests, making it easier to spy on larger numbers of people. However, PRISM seems to at least be targeted at specific accounts. Other surveillance programs tap directly into the Internet’s backbone and monitor the data flowing past — even if the communication is encrypted, they can at least tell what websites you’re communicating with.

As storage becomes cheaper, new huge data centers are built, and laws like FISA and the Patriot act become even more loose and authorize even more wide-scale government surveillance, the expansion of PRISM in the future is a concern. Will PRISM grow into a program that demands US service providers hand over all customer data to the US government to be placed in a massive database, just as they already demand phone companies hand over all phone call records, and Internet communications companies allow them to monitor all data flowing past?

Now that the leaks have informed citizens of the USA and the rest of the world what has been going on in secret, perhaps we can all begin to have a discussion about what kind of surveillance is acceptable in a democratic society. If people agree that such surveillance is necessary, that’s one thing — but it’s quite another for such surveillance programs to be set up in secret by governments and forced on their citizens without a debate or even an acknowledgement that they exist. The US government is fighting to keep court opinions justifying their surveillance programs under wraps — the surveillance programs are taking place under secret interpretations of laws that average citizens aren’t allowed to know. That’s no way to run a democracy.

Surveillance could also be used against everyone. Laws have become so complicated that it’s often said the average American commits three felonies per day. Everything from unlocking a cellphone to jailbreaking an iPad to violating a website’s terms of service is technically a felony that you could be convicted and jailed for in the USA.

What do you think about PRISM? Are you one of the people who aren’t bothered by it? Or did we miss anything particularly important? Leave a comment below and chime in!

Image Credits: Bald Headed Eagle Via Shutterstock

Join live MakeUseOf Groups on Grouvi App Join live Groups on Grouvi
Web for Kids
Web for Kids
7 Members
Deep Web Communities
Deep Web Communities
17 Members
Awesome Websites
Awesome Websites
32 Members
Best Music Services
Best Music Services
17 Members
Ads by Google
Comments (23)
  • DaddyShadow

    The insanity will continue to get worse. Realize, after 911 it will take something even more catastrophic to get the same results from the citizens. Each wave will be worse than the last in an attempt to keep fear and pressure up. Ah, the policy of fear mongering. I LOVE the smell of it in the morning! Smells like victory! :-(

  • chutes&ladders

    It’s just a big game. The question is, “Do you play?”
    It has always been this way; players and victims.
    I like it.

  • James M

    Whatever happened to the FBI’s Carnivore program? According to reports not long after the false flag* event on September 11th ’01 conducted by the military industrial complex/plutocracy/oligarchy/anonymous empire, the Carnivore program was launched by the FBI that could access all information passing through a domain name server (DNS). That must’ve been the prototype or spinoff of PRISM. Time to fire all the govt workers I mean congressmen and degenerates in wasteful and disgraceful federal agencies. They’re public servants and the job they’re doing is a pile of crap.

    * A false flag event is planned and conducted by internal sources, to stimulate the populace intro a frenzied anger-confusion where declaring war becomes much easier, e.g., the Lusitania, Pearl Harbor, Gulf of Tonkin, yellow cake Ur/Al Qaeda/constant references to “9-11.” 9/11 was the controlled demolition of three WTC buildings, the firing of a of bunker buster at the Pentagon, and a missile crater in Pennsylvania. Larry Silverstein, the “landlord” of the WTC gave the order himself to “pull #7″ the bldg that collapsed, appearing like a controlled demolition like bldgs 1 and 2, at around 3 or 4 pm, yet no plane hit it and the 9/11 commission did not even mention it in their report. A third building collapses appearing just like the first two controlled-demolitions, Silverstein is quoted as saying “I gave the order to pull #7.”

    • Bob

      James M,

      Why do you attempt to spread blatant lies about 9/11 being an inside job? There’s enough REAL, bad stuff going on that no one needs to make stuff up.

  • Dennis

    I Have a Big Problem With Anything That Threatens My Privacy. To Me It’s Just Wrong To Spy and Veiw the personal Information Of Others.

  • sl0j0n

    Hello, all, especially our friends at the ASA, CIA, FBI, NSA,
    & all the rest of of the alphabet.
    The *really* frightening thing is that almost nobody ‘gets’ this.
    Its not *even* about “security”, terrorism, bla, bla, bla,
    Its about about BILLIONS of dollars.
    Snowden reportedly gave up $140,000 a year job,
    because he was so shocked and dismayed by he had learned.
    Think about that, & the kind of qualifications Snowden had.
    IF he could make $140,000 a year,
    his supervisors probably easily make $200,000 PLUS.
    Their bosses could easily make $300,000 to $500,000 a year, if not more.
    The really “top” people?
    They can blackmail their way to millions, just on what they ‘know’.
    And anytime a government program has literally billions of dollars,
    its all but guaranteed that millions are being stolen.
    The people that came out swinging,
    about how important these programs are?
    You can bet your ‘bottom dollar’ they’re able to skim millions right off the top.
    Remember, there’s no such thing as a $600 dollar hammer.

    Have a GREAT day, neighbors!

Load 10 more
Affiliate Disclamer

This review may contain affiliate links, which pays us a small compensation if you do decide to make a purchase based on our recommendation. Our judgement is in no way biased, and our recommendations are always based on the merits of the items.

For more details, please read our disclosure.
Affiliate Disclamer

This review may contain affiliate links, which pays us a small compensation if you do decide to make a purchase based on our recommendation. Our judgement is in no way biased, and our recommendations are always based on the merits of the items.

For more details, please read our disclosure.