Edward Snowden & the NSA PRISM Surveillance Program

Edward Snowden & the NSA PRISM Program: What You Need to Know in 2024

sam chapman headshot
Last update: May 17, 2023

Former CIA consultant Edward Snowden leaked documents that described the PRISM program, a coordinated effort by U.S. intelligence to add backdoors for data gathering into popular communication systems. You can use a VPN to encrypt your communications and stay safe — try ExpressVPN for free with a 30-day money-back guarantee.

The downfall of the PRISM program began on March 12, 2013, when Edward Snowden — then just one of many technical analysts working contracts for U.S. intelligence agencies — watched Director of National Intelligence James Clapper lie under oath to a committee of Congress.

Asked by Sen. Ron Wyden, a noted privacy hawk, if the National Security Agency (NSA) was collecting “any type of data” on American citizens who hadn’t been charged with crimes, Clapper responded “not willingly.”

Clapper still asserts he didn’t lie, but for Snowden, the damage was done. Three days later, Snowden quit his job and applied for a new position where he could gather and copy classified materials on the surveillance programs he had spent his career overseeing.

You may think you know how this story ends. Snowden leaked hundreds of thousands of classified emails to the Washington Post and the U.K.’s Guardian in one of the largest leaks in U.S. history — securing his place alongside Daniel Ellsberg, Julian Assange and W. Mark “Deep Throat” Felt.

  1. Best VPN to prevent surveillance
    Overall Rating 9.5 / 10
    Get 49% Off ExpressVPN
  2. Overall Rating 9.2 / 10
    Visit NordVPN
  3. Overall Rating 8.9 / 10
    Visit Surfshark

Though most people know Snowden leaked documents about the NSA, far fewer understand what those documents actually said. In this article, I’m going to bring you up to speed on the PRISM program: what it is, where it came from and why Snowden was willing to risk his freedom to bring it down.

What Is the PRISM Program?

PRISM (a code name that doesn’t stand for anything) is a program run by the NSA that allows the United States government to spy on digital communications.

According to one of the first articles based on Snowden’s data, PRISM gives the NSA a back door into communications companies. Through the PRISM program, the NSA and other agencies can “obtain targeted communications without having to request them from the service providers and without having to obtain individual court orders.”

Technology companies that run communication networks — including Google, Facebook, Apple and Microsoft — save logs of every exchange. The PRISM program lets intelligence agencies grab those logs whenever they want, without needing a search warrant — and often without the corporation knowing about it.

The PRISM program has been a smashing success for the NSA. At the time of the leaks, it provided the NSA access to 91% of the internet traffic collected under FISA Amendments Act section 702. Because much of the world uses communication channels run by American internet firms, PRISM’s back door gives U.S. intelligence direct access to a global data stream.

How Did the PRISM Program Start?

The PRISM program began when President George W. Bush signed the Protect America Act of 2007, one of those laws that has a title that says the exact opposite of what it does.

The Protect America Act and the Patriot Act allowed government agencies to monitor electronic communications without a warrant, as long as there was “reasonable belief” that at least one party to the communications did not live in United States territory.

The PRISM program took advantage of the new liberties granted by the Patriot Act and the Protect America Act, which updated the older Foreign Intelligence Surveillance Act. 

The Justice Department and its collaborators could now run a surveillance dragnet of any size, provided that it might catch one person outside America. And if it didn’t, the attorney general could just decide not to tell anybody.

What was the point of all this? Naturally, the whole thing was sold to the public as a national security tool, a weapon against terrorists who hated our freedoms. But according to slides released by Snowden, a typical week’s targets included Venezuela, Colombia and Mexico, three countries that had nothing whatsoever to do with 9/11.

After Snowden made his first disclosures, then NSA Director Keith Alexander and several other officials claimed the PRISM program had stopped over 50 attacks on the U.S. There is no evidence for this figure. As best as anyone can tell, it was made up amid the terrible publicity Snowden generated.

What Does the PRISM Program Have to Do With Five Eyes?

PRISM information is not only available to the United States. Snowden’s leaks confirmed that the United Kingdom’s Government Communications Headquarters (GCHQ) had access to PRISM and used it to write reports. 

Canada’s Communications Security Establishment claimed not to be part of PRISM, but admitted the existence of a similar homegrown program that provided direct access to citizen communications.

Every country questioned after the Snowden leak said something similar: Yes, we have a sinister surveillance apparatus, but it’s for national security! And besides, it’s only for spying on people in other countries! It’s fine!

Enter the Five Eyes intelligence-sharing treaty.

Established during World War II and strengthened by the Cold War, the Five Eyes alliance allows confidential intelligence to flow freely between the five primary Anglophone countries: the United States, the United Kingdom, Canada, Australia and New Zealand. 

Snowden called Five Eyes nothing less than a “supra-national intelligence organization that does not answer to the known laws of its own countries.”

A crackpot conspiracy theory, right? Not exactly. Because most of the world’s telecommunications pass through the United States, the PRISM program can read the private messages of people all over the world, including citizens of the other Four Eyes.

Thus, by working through proxies, all five countries can spy on their own people while still being able to say they technically aren’t doing that. I’d call that clever if it weren’t so evil.

What Did Snowden Reveal About PRISM?

When Snowden fled the United States, he took with him anywhere from 50,000 to 1.5 million documents. He’s only released a fraction of them, claiming that he held most back because they weren’t relevant to his concerns about surveillance practices.

The NSA programs in the documents we have seen are frightening enough. Just a partial list of what Snowden’s documents told the world about warrantless wiretapping, surveillance and the NSA gaining access to private data:

Obviously, all of this is horrifying. But even PRISM isn’t the entire story.

What Other Programs Did the Snowden Leak Reveal?

That’s right, there are other global electronic surveillance programs. PRISM only covers messages exchanged over the internet. For other communication methods, there are other dragnets:

There are also five corporations collaborating with the NSA, the identities of which are so secret even Snowden didn’t know them. He could only reveal their admittedly badass code names: Serenade, Lithium, Artifice, SteelKnight and X.

If you find this information overwhelming, that’s entirely normal. It’s a worldwide scandal that governments are still arguing about nine years later. For the rest of the article, I’m going to put PRISM in the context of the average person’s life. How much danger are you in, and what do you need to do to protect yourself?

How Does PRISM Affect You?

Government surveillance is a unique problem in the cybersecurity world. We talk a lot about how to keep yourself safe from hackers, scammers and criminals. But what if the intruders are the very people who are supposed to have your best interests at heart? How do you protect yourself from intruders who aren’t breaking the law because they are the law?

Some would say there’s no need to do anything. PRISM keeps us safe. If you have nothing to hide, you have nothing to fear.

But privacy is a human right. The Fourth Amendment is just bookkeeping; you deserve privacy because you’re a human being. It should be on the intelligence apparatus to justify invading our privacy, not on us to justify why we should keep it.

Is the PRISM Program Still Active?

In 2019, the U.S. Ninth Circuit Court of Appeals ruled that the PRISM program was unconstitutional. By that point, the system may not have been in use for some time.

The NSA seems to have realized that continuing to operate PRISM — a mind-bogglingly expensive program that has stopped a grand total of zero terrorist plots — was indefensible.

Instead, it now sends tens of thousands of requests for information to tech companies every year, about four-fifths of which are fulfilled. Although the era of large-scale dragnets may be over, governments and tech companies are still conspiring to rob you of your online privacy.

What Role Do Internet Service Providers Play in PRISM?

As I covered above, some of the corporations required to install PRISM backdoors were more enthusiastic than others about granting direct access. Yahoo fought in court and only buckled under threat of financial ruin. Microsoft appears to have rolled over willingly. 

There are even some heroes, like Lavabit founder Ladar Levison, who shut down his company rather than comply.

The PRISM surveillance program relies on internet companies to do most of its legwork. From the slides released by Snowden, we know that nine services collaborated: Microsoft, Yahoo, Google, Facebook, PalTalk, YouTube, Skype, AOL and Apple (in the order data collection began).

However, the Lavabit saga proves that other, smaller privacy and encryption companies may have been involved. There’s also the matter of the five code-named telecom companies.

The bottom line is there’s no way to know for sure if an internet company has a backdoor or provides user information to a government surveillance program. To be safe, behave as though all of them do.

That means using a virtual private network (VPN) and other common-sense security measures as well as being vigilant about revealing any personal information whatsoever. More on this in a moment.

What Data Can the Government Gather on You?

One of the establishment lines of defense against Snowden’s leaked documents was that programs like PRISM and the Verizon database only gathered metadata. The NSA isn’t reading your texts or listening to your phone calls, it’s just collecting a few facts about what calls were made, when and for how long.

That’s a ridiculous claim on its face. Why spend millions of dollars to collect useless information? However, if you dig a little deeper, you’ll find it’s even more ridiculous. 

In 2015, reporter Will Ockenden published his metadata and challenged readers to see how much they could deduce about his life. Strangers figured out his daily routine, travel habits, relationships and even noticed he had moved.

That said, since PRISM is (probably) no longer active, asking what it can do is the wrong question. Intelligence agencies now request information on a case-by-case basis, and they can find a legal justification for just about anything.

So the real question is: what user data do tech companies save?

The outlook isn’t good. It’s not just the metadata after all. Big tech data collection is rampant, especially among the most-used services. Google, Facebook, Apple, Amazon and Microsoft all save your location, IP address, contact information and financial information. More than one company saves your browsing history, messages and even facial recognition data.

Advertising is the main purpose of all this retention, but it also leaves your sensitive personal data out for any agencies that might want to subpoena it.

How Can You Keep Yourself Safe From Surveillance?

Communication and tech companies are a big part of the problem, but they also show us the solution. If you want to keep your information safe from government surveillance programs, you don’t have to outwit the NSA, CIA and FBI, just Google and Facebook.

Since we started this article with Edward Snowden, let’s see what he thinks. In various interviews, Snowden regularly mentions a few basic tips everybody can use.

I want to wrap up by addressing one area Snowden is mostly silent on: using a VPN. He tends to advocate for Tor instead because of its decentralized, open-source structure.

However, one good reason to use a VPN is Tor has its own vulnerabilities. Because it relies on a diversity of relays, it lacks a screening process for node managers, which has let some entities with government organization-level resources compromise its security. A VPN counteracts that threat.

VPNs logging your activity and sharing it with NSA surveillance programs is a real concern. If you’re worried, choose an independent VPN with a history of not logging data, like NordVPN or Surfshark.


The Joker isn’t wrong, we do live in a society. Part of the social contract is everybody gets to choose for themselves how much liberty they’re willing to give up in exchange for security.

By running PRISM surveillance programs for years without consulting the people, the NSA and its collaborators made that choice for us. However, Edward Snowden’s actions allowed the world to see behind the curtain.

What’s your opinion on government surveillance? Is Edward Snowden a hero, or a more complicated figure? Let me know your thoughts in the comments! Thanks, as always, for reading.

Leave a Reply

Your email address will not be published. Required fields are marked *