At the end of a day flooded with reactions to the news about the National Security Agency’s constant collection of phone data from millions of Americans, the Washington Post reports the existence of an even more alarming clandestine system by which the government accesses an endless stream of Internet information in partnership with companies including Google, Facebook, and Apple. PRISM, as it’s called in spy-movie fashion, allows the NSA and FBI “to collect material including search history, the content of emails, file transfers and live chats,” the Guardian reports, via “a 41-slide Powerpoint presentation – classified as Top Secret with no distribution to foreign allies – which was apparently used to train intelligence operatives on the capabilities of the program.” The capabilities are far-reaching, to say the least.
According to the Post, “Its history, in which President Obama presided over ‘exponential growth’ in a program that candidate Obama criticized, shows how fundamentally surveillance law and practice have shifted away from individual suspicion in favor of systematic, mass collection techniques.” Microsoft was PRISM’s first Silicon Valley partner in 2007, followed, in order, by Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube, and Apple. (Dropbox is “coming soon,” while Twitter “is still conspicuous by its absence.”)
How does it work? The Post reports:
Analysts who use the system from a Web portal at Fort Meade key in “selectors,” or search terms, that are designed to produce at least 51 percent confidence in a target’s “foreignness.” That is not a very stringent test. Training materials obtained by the Post instruct new analysts to submit accidentally collected U.S. content for a quarterly report, “but it’s nothing to worry about.”
Even when the system works just as advertised, with no American singled out for targeting, the NSA routinely collects a great deal of American content. That is described as “incidental,” and it is inherent in contact chaining, one of the basic tools of the trade. To collect on a suspected spy or foreign terrorist means, at minimum, that everyone in the suspect’s inbox or outbox is swept in.
The Guardian adds, “With this program, the NSA is able to reach directly into the servers of the participating companies and obtain both stored communications as well as perform real-time collection on targeted users.” In exchange, the leaders in the tech world receive immunity from related lawsuits.
The whistle-blower who leaked the info to the Post, a career intelligence officer, did so because of “horror at [the system’s] capabilities,” telling the paper, “They quite literally can watch your ideas form as you type.”