A beginner's guide to PRISM and the NSA
The saga of whistleblower Edward Snowden has moved with the velocity of a spy thriller, twisting and turning with each new revelation.
It started June 5, when the Guardian's Glenn Greenwald released a previously secret report on how Verizon shares metadata about Americans' phone calls—time, duration, location—with the National Security Agency. Every day.
That was a mere prelude to a much bigger bombshell. The next day, Greenwald dropped the real story: a mysterious program called PRISM, which the NSA uses to track the communications that pass through nine different companies, including Microsoft, Google, Yahoo, Facebook, and Apple. Snowden, an NSA contractor, said his conscience motivated him to put all kinds of NSA spying documents on a hard drive, flee to Hong Kong, and pass that information to the press.
Here’s an overview of where things stand now.
Initially, we thought it was almost literally a method for the NSA to surveill the entire Internet. That's because one of the NSA slides claimed it the agency had "direct access" to the servers of those companies. Here’s a cleaned-up version of the original slides:
However, we now think that PRISM refers more specifically to the NSA's ability to get information from those companies with relative ease, thanks to the Foreign Intelligence Surveillance Act (FISA). Through secret, classified court orders, FISA allows U.S. intelligence agencies to demand information regarding communications—from phone calls and emails to Facebook messages—that pass through American shores. In a congressional hearing, Sean Joyce, the Deputy Director of the FBI, referred to PRISM as "the 702" tool, a provision of FISA.
Outside the U.S.
The U.K. has been getting information obtained through PRISM since 2010. At least one Dutch intelligence official claims the Netherlands gets the same deal. And Canada approved a similar program in 2011.
However, PRISM appears to break the European Union's strict data protection laws, at least according to one member of its parliament who helped write them. Reports of the NSA bugging the E.U. offices in Washington, D.C., and at the United Nations in New York have also thrown a kink into U.S.-E.U. talks over a trade pact.
The response in Washington
Only some members of Congress, those on the House and Senate Intelligence Committees, are given fairly deep access to how the NSA works, and the reaction has been mixed. Referring to its abilities under the PATRIOT Act (which laid the groundwork for FISA's later amendments), Sen. Ron Wyden (D-Ore) has said Americans "will be stunned and they will be angry."
House Intelligence Committee Chair Mike Rogers (R-Mich.), however, has defended programs like PRISM as "legal and necessary." Some members of Congress were aghast to find out it existed, despite a bill to renew FISA for another five years passing both the House and Senate handedly in 2012.
A Congressional movement is the best chance of ending the NSA's surveillance, or at least finding more accountability in it. The Senate proposed one bill to declassify FISA rulings, then the House did the same. Senator Patrick Leahy (D-Vt.) followed that with a proposal to strengthen U.S. citizens' privacy protections.
The companies involved
Google, Facebook, Microsoft, and Apple all released public statements claiming they only give up users' information when the government makes it mandatory, and they only give up as much information as they have to.
Google went one step further, issuing a public letter requesting permission to declassify how many FISA orders it gets, apparently hoping to convince customers they weren't likely to be targets. Microsoft and Facebook quickly followed suit.
Then, Facebook got permission from the NSA to share how many requests it gets in total—including ones from FISA courts—and did so. Google, however, claimed that the move misleading in that it didn’t make clear how many orders were directly related to FISA.
Both companies insisted everything about PRISM was actually legal under FISA, and that the program was narrower simpler than it sounded.
Reaction to the NSA leaks, even among former U.S. presidents. The Internet public, however, has been outraged. Three unique petitions have acquired a stunning number of followers. A We the People petition to pardon Edward Snowden received the requisite 100,000 signatures to prompt a formal response. (The Obama administration may refuse to comment on an ongoing investigation.) Another petition, an international one hosted at Avaaz, has nearly 1.4 million signatures.
Perhaps the most impressive petition is the one hosted by Internet activists and companies, called Stop Watching Us. It calls for a Congressional review of the NSA's practices, has more than half a million signatures, and has inspired more than 15,000 minutes spent talking to members of Congress's offices.
Hundreds of people also signed up for a unique service called My NSA Records, which promised to send Freedom of Information Act (FOIA) requests to the NSA on their behalf, asking for what the agency had on them. The NSA refused to give much. One activist tried to ask the NSA to delete his records, only to learn its court doesn't have a public address.
A Crowdtilt campaign raised $15,000 for Snowden to use for legal troubles.
Demonstrators almost instantly took the streets in support of Snowden. His escapades are quite different from fellow whistleblower Bradley Manning, who's currently on trial for leaking heaps of Army information, though the two former soldiers have some similarities. Former U.S. Vice President Dick Cheney declared this made Snowden a traitor and maybe a Chinese spy.
He took that particular job at the firm Booz Allen specifically because it would give him access to evidence of NSA spying. He left a girlfriend in Hawaii, who apparently didn't know anything about this leak. (People hounded her even after she deleted her blog.) He used to frequent the Reddit section devoted to the Fourth Amendment in the digital age, Restore the Fourth.
Snowden contacted WikiLeaks affiliates in Iceland. He initially wanted to go to there because of its strong support for whistleblowers and Internet freedom, but it wasn't clear he could get there safely or that he'd necessarily be granted asylum.
The U.S. Department of Justice charged Snowden with espionage, theft, and conversion of government property on June 21, his 30th birthday. He successfully fled Hong Kong to Russia, in hopes of making it to Ecuador, but he's currently in a Moscow airport, stuck in international legal limbo. Ecuador's not looking likely, so he's applied to 19 other countries, including Russia.
- Not much is known yet about BLARNEY, which works parallel to PRISM. It's been confirmed by the Director of National Intelligence, James Clapper, and apparently accumulates and processes incredible amounts of metadata.
- Rapper M.I.A. sorta predicted PRISM.
- Senator Wyden got the NSA to admit its "fact sheet" that detailed Americans' privacy protections was actually incorrect.
- The NSA has never issued a FISA order to Reddit.
- Ron Paul fears the U.S. will kill Edward Snowden with a drone strike.
- Snowden doesn't have a Twitter account, according to Greenwald. But he still became a Twitter meme almost instantly. And a different Edward Snowden, this one a horse racing enthusiast, caught plenty of attention for tweeting about his own life from @edwardsnowden.
- Though he didn't leave the most obvious of online trails, Snowden still left traces of himself online. When he was a teenager, he apparently took some sexy photos for the Internet. He also liked anime and video games.
- The NSA has already moved to make it harder for someone like Snowden to leak information in the future.
- One Twitter user Photoshopped children's books reimagined with NSA involvement.
- On a recent visit, Snowden insisted his compatriots store their phones in his fridge—and for good reason.
Illustration by Jason Reed