This article was published on June 7, 2013

PRISM: Here’s what you need to know about the US Internet monitoring scandal


PRISM: Here’s what you need to know about the US Internet monitoring scandal

Latest update: 9 June 2013, 11.50 pm CEST/10.50 pm BST/5.50 pm EDT/2.50 pm PDT

The US tech scene has been shaken with allegations that authorities are monitoring US and international Internet users on Facebook, Google, YouTube and countless other services from the likes of Yahoo, Apple, Skype, AOL, Microsoft and more.

Update: The whistleblower has been revealed, at his own request — see below for  more.

The news broke via reports from the Washington Post and the Guardian, and has rightly garnered coverage across many news websites (TNW included) but the sudden rush of news has left many people unsure of all the details, or confused by the onslaught of details.

Here’s our essential guide to understanding what PRISM is, why it is important and other details that you need to know.

The basics:

  • PRISM is the code name for the data collection program which was born out of the Protect America Act. The legislation was approved by Congress in 2007 that allowed warrantless interception of foreign-to-foreign communications.
  • The program is intended for use as a counter-terrorism tool that allows US authorities to access data and information belonging to suspects that they believe pose a threat to US national security.
  • The government today released what it describes as a set of facts concerning the program. That Congress is an informed party was repeated. The sheet also states that PRISM “not an undisclosed collection or data mining program. It is an internal government computer system used to facilitate the government’s statutorily authorized collection of foreign intelligence information from electronic communication service providers under court supervision.”

The initial reports:

  • Both the Washington Post and Guardian initially claimed that the NSA has “direct” access to the systems belonging to nine Internet companies, in order to monitor data. That information was required in order to “effectively plan, direct and conduct detection and monitoring of illegal narcoterrorist activities”, as highlighted in a past job opening. It is worth noting that the set of facts released today do not dispute direct access, instead stating that “the United States Government does not unilaterally obtain information from the servers of U.S. electronic communication service providers.”
  • The companies from which data is gathered include: Microsoft, Yahoo, Google, Facebook, PalTalk, YouTube, Skype, AOL and Apple. Other services including — Dropbox — were reportedly set to be added to the roster.
  • Controversy around the program circles around whether the tech firms were silently complicit with the monitoring, and whether PRISM monitored US citizens illegally (without warrants.)
  • The Guardian stated that the method of monitoring traffic “opens the possibility” of collecting US data without warrants.
  • The Post looked at that issue in more detail, concluding that the data capturers are “at least 51 percent confident” that a target is foreign. That, it concludes, means substantial amounts of “incidental” US data could be captured — but the issue is dismissed in NSA training manuals dismiss as being “nothing to worry about”.
  • The Post said that “a career intelligence officer” leaked the slides because he believes the agency’s role to be a “gross intrusion on privacy”. The anonymous source added: “They quite literally can watch your ideas form as you type.”

The denials:

  • All the companies named in the initial reports have denied participation in such a program. Following these denials, the Washington Post backed down on its initial claim that tech companies “participate knowingly” in PRISM data collection.
  • A statement from James R. Clapper, Director of National Intelligence, claimed the Guardian and Post reports both “contained numerous inaccuracies”. Clapper categorically denied that PRISM spies on US citizens, but he did not elaborate on the other alleged details that were misreported.
  • Google CEO Larry Page has issued a further PRISM denial in a blog post entitled ‘What the…?‘, and called for ‘a more transparent approach’ in interactions between governments and technology companies.
  • Facebook CEO Mark Zuckerberg also issued a strong denial, calling the PRISM reports ‘outrageous,’ and stating that his company has “never received a blanket request or court order from any government agency asking for information or metadata in bulk, like the one Verizon reportedly received. And if we did, we would fight it aggressively. We hadn’t even heard of PRISM before yesterday.”

Further developments:

  • A later Guardian report has claimed that UK intelligence agency GCHQ has access to PRISM data. The report is based on documents that the newspaper has apparently obtained, which show that GCHQ has been able to leverage the system since June 2010. The evidence also suggests that the British intelligence agency created 197 reports using the data last year.
  • US president Barack Obama spoke out about the allegations around PRISM, stating that it “does not apply to U.S. citizens and it does not apply to people living the United States.” He added “there’s a reason why these programs are classified. I think there’s a suggestion that somehow, any classified program is a quote-unquote secret program which means that it’s somehow suspicious. But the fact of the matter is, in our modern history, there’s been a whole range of programs that have been classified.”
  • Reuters cited sources saying that the PRISM program as described in the initial reports had foiled a terrorist attack on the New York City subway system. However, as BuzzFeed reports, public records state that it was traditional police work that had stopped the 2009 plot.
  • A newly leaked slide out today does dictate that PRISM provides “direct” access to servers at certain Internet companies. This comes after many of the firms denied such access. There appears to be something of a logjam over this, and we have perhaps reached the limit of how far semantics can take us on this issue.

Is PRISM less sensational than it initially seemed?

  • 24 hours after the story broke, a new wave of reports began to appear that offer a more measured explanation of how the US intelligence services and big Internet tech companies may be working together. The New York Times published a report claiming that the same companies listed in the PRISM slides published by The Guardian have ‘negotiated’ with the US government over the sharing of information. However, it notes that the companies involved “drew a bright line between giving the government wholesale access to its servers to collect user data and giving them specific data in response to individual court orders.”
  • The New York Times report states: “In at least two cases, at Google and Facebook, one of the plans discussed was to build separate, secure portals, like a digital version of the secure physical rooms that have long existed for classified information, in some instances on company servers. Through these online rooms, the government would request data, companies would deposit it and the government would retrieve it, people briefed on the discussions said.”
  • Google, however, published yet another rebuttal – this time referencing the New York Times’ reported ‘drop box’-style arrangement and claiming that no such arrangement exists.
  • Meanwhile, CNET quotes a source as saying “It’s not as described in the histrionics in the Washington Post or the Guardian… none of it’s true. It’s a very formalized legal process that companies are obliged to do.” A source adds “you can’t say everyone in Pakistan who searched for ‘X’… It still has to be particularized.”

The Whisteblower reveals himself

  • The Guardian published an in-depth interview with Edward Snowden, a former CIA technical assistant
  • Snowden, 29-years-old, is currently in Hong Kong where he is watching the leak develop worldwide, although he is concerned at the potential for him to be tracked down. The country was chosen specifically because Snowden believes the government is in favor of free speech and may resist US efforts to extradite him.
  • He says he isn’t looking to become famous but couldn’t remain anonymous.  “I have no intention of hiding who I am because I know I have done nothing wrong,” he told the Guardian
  • On his motivations he said: “I’m willing to sacrifice all of that [his “comfortable” life] because I can’t in good conscience allow the US government to destroy privacy, internet freedom and basic liberties for people around the world with this massive surveillance machine they’re secretly building.”
  • More information about Snowden and notable quotes from the article are here

You can keep up with our coverage of Prism here.

Headline image via Thinkstock

Get the TNW newsletter

Get the most important tech news in your inbox each week.