PRISM

Everything you need to know about PRISM | The Verge
http://www.theverge.com/2013/7/17/4517480/nsa-spying-prism-surveill...
By T.C. Sottek and Josh Kopstein Since September 11th, 2001, the United States government has dramatically increased the ability of its intelligence agencies to collect and investigate information on both foreign subjects and US citizens. Some of these surveillance programs, including a secret program called PRISM, capture the private data of citizens who are not suspected of any connection to terrorism or any wrongdoing. In June, a private contractor working for Booz Allen Hamilton leaked classified presentation slides that detailed the existence and the operations of PRISM: a mechanism that allows the government to collect user data from companies like Microsoft, Google, Apple, Yahoo, and others. While much of the program and the rest of the NSAs surveillance efforts are still shrouded in secrecy, more details are coming to light as the public, as well as its advocates and representatives, pressure the government to come clean about domestic spying.
1 of 10
1/23/2014 3:46 AM

PRISM is revealed in leaked slides: (http://www.theverge.com /2013/6/6/4403868/nsa-fbimine-data-apple-googlefacebook-microsoft-othersprism/in/4167369) The Washington Post and The Guardian obtain a leaked 41-slide security presentation. Both publications say that according to the slides, PRISM is considered a highly classified program that allows the National Security Agency and Federal Bureau of Investigation to retrieve data directly from Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube, and Apple. Companies deny knowledge and participation in PRISM: (http://www.theverge.com /2013/6/6/4404112/nsa-prismsurveillance-apple-facebookgoogle-respond/in/4167369) While the Post and the Guardian allege based on the leak that the NSA had direct access to the servers of Microsoft, Google, Apple, and others, spokespeople representing the companies deny involvement in the program, let alone knowledge of it. US national intelligence director responds: (http://www.theverge.com /2013/6/6/4404670/us-directorof-national-intelligencedefends-nsa-fbi-surveillanceprism/in/4167369) Following the outbreak of the PRISM story, the US national intelligence director, James Clapper, release multiple statements regarding the leak. Clapper downplays the scandal, asking the public to simply trust that the agency respects civil liberties.
What the hell is PRISM? PRISM is a tool used by the US National Security Agency (NSA) to collect private electronic data belonging to users of major internet services like Gmail, Facebook, Outlook, and others. Its the latest evolution of the US governments post-9/11 electronic surveillance efforts, which began under President Bush with the Patriot Act, and expanded to include the Foreign Intelligence Surveillance Act (FISA) enacted in 2006 and 2007. Theres a lot we still dont know about how PRISM works, but the basic idea is that it allows the NSA to request data on specific people from major technology companies like Google, Yahoo, Facebook, Microsoft, Apple, and others. The US government insists that it is only allowed to collect data when given permission by the secretive Foreign Intelligence Surveillance Court.
Classified presentation slides detailing aspects of PRISM were leaked by a former NSA contractor. On June 6th, The Guardian and The Washington Post published reports based on the leaked slides, which state that the NSA has direct access to the servers of Google, Facebook, and others. In the days since the leak, the implicated companies have vehemently denied knowledge of and participation in PRISM, (http://www.theverge.com/2013/6/6/4404112/nsa-prism-surveillance-applefacebook-google-respond/in/4167369) and have rejected allegations that the US government is able to directly tap into their users data. Both the companies and the government insist that data is only collected with court approval and for specific targets. As The Washington Post reported, PRISM is said to merely be a streamlined system varying between companies that allows them to expedite court-approved data collection requests. Because there are few technical details about how PRISM operates, and because of the fact that the FISA court operates in secret, critics are concerned about the extent of the program and whether it violates the constitutional rights of US citizens.
UK Government allegedly involved in PRISM: (http://www.theverge.com /2013/6/7/4405906 /uk-government-is-allegedlyinvolved-in-us-internet-spyingprogram/in/4167369) The Guardian reports that the UK government is also involved in the PRISM program, and that the UKs Government
2 of 10
1/23/2014 3:46 AM

Communications Headquarters (GCHQ) has been able to view private internet user-data since 2010 under the NSAs program. President Obama responds: (http://www.theverge.com /2013/6/7/4406416/presidentobama-on-nsa-spyingcongress-has-known-aboutit-and/in/4167369) The president attempts to deflect outrage about the PRISM program, claiming that Congress has known about it and approve it for years, but says he welcomes debate.
Whistleblower reveals himself: (http://www.theverge.com /2013/6/9/4412080/edwardsnowden-comes-out-asnsa-whistleblower-i-dontwant-to-live-in/in/4167369) The man responsible for the leak, 29-year-old Booz Allen Hamilton contractor Edward Snowden, reveals himself. He describes himself as a whistleblower, and in refuge in Hong Kong, says he does not expect to see home again.
As The Washington Post reported, The Protect America Act of 2007 led to the creation of a secret NSA program called US-984XN also known as PRISM. The program is said to be a streamlined version of the same surveillance practices that the US was conducting in the years following 9/11, under President George W. Bushs Terrorist Surveillance Program. The Protect America Act allows the attorney general and the director of national intelligence to explain in a classified document how the US will collect intelligence on foreigners overseas each year, but does not require specific targets or places to be named. As the Post reports, once the plan is approved by a federal judge in a secret order, the NSA can require companies like Google and Facebook to send data to the government, as long as the requests meet the classified plans criteria.
Public pressure results in action from Congress: (http://www.theverge.com /2013/6/11/4419006/senatebill-would-declassifyfisc-orders-for-nsasurveillance) Amid mounting public concern, widespread media reports, and interest from lawmakers in the leak, a bipartisan group of eight US senators announce a bill to declassify the court opinions that allow the NSA to conduct PRISM surveillance, as well as the phone records program that leaked days before PRISM went public.
Government defends surveillance programs: NSA director, General Keith Alexander, tells Congress that over 50 terrorist plots were stopped by surveillance efforts since 9/11. Meanwhile, President Obama defends the
3 of 10
1/23/2014 3:46 AM

NSAs program in an interview on the Charlie Rose program, but offers no new information about PRISM.
NSAs targeting and minimization procedures leaked (http://www.theverge.com /2013/6/20/4449738/leakeddocuments-reveal-the-nsastop-secret-rulesfor-warrantless-surveillance) The NSAs long sought-after guidelines for targeted surveillance seem to refute Obamas claims that PRISM does not apply to Americans. The documents show how the agency tries to avoid US citizens, but reveal a broad set of circumstances where Americans communications can be retained.
Edward Snowden, a 29-year-old intelligence contractor formerly employed by the NSA, CIA, and Booz Allen Hamilton, confessed responsibility for leaking the PRISM documents. He revealed himself on June 9th, three days after reports on PRISM were published; in an interview with The Guardian, Snowden said, I dont want to live in a society that does these sort of things, and claimed he was motivated by civic duty to leak classified information. Snowden left the United States prior to leaking the documents in order to avoid capture, taking refuge in Hong Kong where he stayed until June 23rd. With the
Edward Snowden flees Hong Kong seeking asylum: (http://www.theverge.com /2013/7/17/4531504/edwardsnowdens-asylumapplications-are-pilingup-but-hes-still-in-a) After the US filed charges against him and stepped up efforts to pressure Hong Kong to extradite him, whistleblower Edward Snowden flees Hong
assistance of WikiLeaks, Snowden fled Hong Kong for Moscow, and has requested asylum in Ecuador, Russia, and other countries. He is still residing in a Moscow airport, waiting to be granted asylum.
4 of 10
1/23/2014 3:46 AM

Kong. With the help of WikiLeaks, Snowden flew to a Moscow airport where he continues to live awaiting asylum. (http://www.theverge.com /2013/7/17/4531504/edwardsnowdens-asylum-applicationsare-piling-up-but-hes-still-in-a)
New PRISM slides revealed: New PRISM slides revealed by The Washington Post suggest that PRISM has over 100,000 records, and the Post says these refer to active surveillance targets. The new slides also directly refer to real-time monitoring of email, text, or voice chats.
Nationwide protests in the United States: Restore the Fourth rallies take place across the US on the 4th of July, protesting NSA spying.
While PRISM has been the most talked-about story to come out of Snowdens leaks, the disclosures have shed light on a vast array of NSA surveillance programs. Broadly speaking, these can be split into two categories: upstream wiretaps, which pull data directly from undersea telecommunications cables, and efforts like PRISM, which acquire communications from US service providers. One of the slides in the leaked PRISM presentation instructs that analysts should use both of these sources. NSA programs collect two kinds of data: metadata and content. Metadata is the sensitive byproduct of communications, such as phone records that reveal the participants, times, and durations of calls; the communications collected by PRISM include the contents of emails, chats, VoIP calls, cloud-stored files, and more. US officials have tried to allay fears about the NSAs indiscriminate metadata collection by pointing out that it doesnt reveal the contents of conversations. But metadata can be just as revealing as content internet metadata includes information such as email logs, geolocation data (IP addresses), and web search histories. Because of a decades-old law (http://www.theverge.com/policy/2013/3/11/4088842 /electronic-communications-privacy-act-modernization-reform) , metadata is also far less well-protected than content in the US.
A leaked court order provided by Snowden showed that Verizon is handing over
5 of 10
1/23/2014 3:46 AM
the calling records and telephony metadata of all its customers to the NSA on an ongoing, daily basis. Mass collection of internet metadata began under a Bush-era program called "Stellarwind," which was first revealed by NSA whistleblower William Binney. The program was continued for two years under the Obama administration, but has since been discontinued and replaced with a host of similar programs with names like EvilOlive and ShellTrumpet.
6 of 10
1/23/2014 3:46 AM
Many crucial details on how and under what circumstances the NSA collects data are still missing. Legally speaking, surveillance programs rely on two key statutes, Section 702 of the FISA Amendments Act (FAA) and Section 215 of the Patriot Act. The former authorizes the collection of communications content under PRISM and other programs, while the latter authorizes the collection of metadata from phone companies such as Verizon and AT&T. However, multiple reports and leaked documents indicate the statutes have been interpreted in secret by the FISA intelligence courts to grant much broader authority than they were originally written to allow. They also indicate that the FISA courts only approve the NSAs collection procedures, and individual warrants for specific targets are not required. An analyst starts by inputting selectors (search terms) into a system like PRISM, which then tasks information from other collection sites, known as SIGADs (Signals Intelligence Activity Designators). SIGADs have both classified and unclassified code names, and are tasked for different types of data one called NUCLEON gathers the contents of phone conversations, while others like MARINA store internet metadata. Leaked documents show that under the agencys targeting and minimization rules, NSA analysts can not specifically target someone reasonably believed to be a US person communicating on US soil. According to The Washington Post, an analyst must have at least 51 percent certainty their target is foreign. But even then, the NSAs contact chaining practices whereby an analyst collects records on a targets contacts, and their contacts contacts can easily cause innocent parties to be caught up in the process. The rules state the analyst must take steps to remove data that is determined to be from US persons, but even if they are not relevant to terrorism or national security, these inadvertently acquired communications can still be retained and analyzed for up to five years and even given to the FBI or CIA under a broad set of circumstances. Those include communications that are "reasonably believed to contain evidence of a crime that has been, is being, or is about to be committed," or that contain information relevant to arms proliferation or cybersecurity. If communications are encrypted, they can be kept indefinitely.
7 of 10
1/23/2014 3:46 AM
In the weeks since the PRISM documents leaked, a widespread international public debate about the United States governments surveillance and spying programs has engulfed the NSA, Congress, and the Obama administration in controversy. While outspoken supporters of NSA surveillance in Congress and the White House including President Obama have defended the legality and necessity of the programs, some US lawmakers are pushing back. In June, a bipartisan group of senators unveiled a bill that aims to rein in the problematic legal provisions that give US intelligence agencies nearly unfettered authority to conduct warrantless surveillance on domestic and foreign communications. Several other lawmakers have introduced their own measures, but legislative reform is still in early stages. Meanwhile, a diverse coalition of interest groups and private organizations are directly challenging some of the NSAs surveillance programs in court. (https://projects.propublica.org/graphics/surveillance-suits) On July 16th, a broad coalition of plaintiffs sued the US government for an illegal and unconstitutional program of dragnet electronic surveillance, in which the NSA scoops up all telephone records handled by Verizon, AT&T, and Sprint in the US. Separate suits brought by the Electronic Privacy Information Center and the American Civil Liberties Union are also in the works, but the government hasnt responded to the allegations in court yet. The companies at the heart of PRISMs controversy are also acting out, but the specific details regarding their involvement in government surveillance on US citizens is still unclear. Microsoft, Google, Yahoo, and others have stepped up pressure on the government in the past month to declassify the process which compels them to hand over user data to the government. In an impassioned plea made by Microsoft on July 16th, the companys general counsel Brad Smith said: We believe the US constitution guarantees our freedom to share more information with the public, yet the government is stopping us. Finally, theres the group of people most affected by PRISM and its sibling programs: the American public. On July 4th, Restore the Fourth rallies in more than 100 US cities protested the governments surveillance programs, focusing on electronic privacy. Its not clear if public outrage will result in reform, but thanks to the dramatic actions of a young intelligence contractor, we now at least have the opportunity to discuss what the US government has been hiding from the public in the name of national security.
Illustrations/Charts by Dylan C. Lathrop.
8 of 10
1/23/2014 3:46 AM
Log In Sign Up TF G YO
use Yahoo! or OpenID ()
Open ID Log in
forgot? Remember me? Log in Log In Sign Up TF G YO

use Yahoo! or OpenID ()
Open ID Log in
or
Continue
Forgot password?
Well email you a reset link. If you signed up using a 3rd party account like Facebook or Twitter, please login () with it instead.
Submit
Forgot password?
Try another email?
Almost done,
Register
Authenticating Great!
Choose an available username to complete sign up.
9 of 10
1/23/2014 3:46 AM
Sign Up
In order to provide our users with a better overall experience, we ask for more information from Facebook when using it to login so that we can learn more about our audience and provide you with the best possible experience. We do not store specific user data and the sharing of it is not required to login with Facebook.
Yes, share my data Submit
Please dont share my data
10 of 10
1/23/2014 3:46 AM

PRISM

Uploaded by

Copyright:

Available Formats

PRISM

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

PRISM

Uploaded by

Copyright:

Available Formats

Everything you need to know about PRISM | The Verge

Everything you need to know about PRISM | The Verge

Everything you need to know about PRISM | The Verge

Everything you need to know about PRISM | The Verge

Everything you need to know about PRISM | The Verge

Everything you need to know about PRISM | The Verge

Everything you need to know about PRISM | The Verge

Everything you need to know about PRISM | The Verge

Illustrations/Charts by Dylan C. Lathrop.

Everything you need to know about PRISM | The Verge

forgot? Remember me? Log in Log In Sign Up TF G YO

Everything you need to know about PRISM | The Verge

Yes, share my data Submit

Please dont share my data

You might also like