Edward Snowden & the NSA PRISM Program: What You Need to Know in 2023
- Table of Contents
- What Is the PRISM Program?
- What Does the PRISM Program Have to Do With Five Eyes?
- What Did Snowden Reveal About PRISM?
- What Other Programs Did the Snowden Leak Reveal?
- How Does PRISM Affect You?
- What Data Can the Government Gather on You?
- How Can You Keep Yourself Safe From Surveillance?
The downfall of the PRISM program began on March 12, 2013, when Edward Snowden — then just one of many technical analysts working contracts for U.S. intelligence agencies — watched Director of National Intelligence James Clapper lie under oath to a committee of Congress.
Asked by Sen. Ron Wyden, a noted privacy hawk, if the National Security Agency (NSA) was collecting “any type of data” on American citizens who hadn’t been charged with crimes, Clapper responded “not willingly.”
Clapper still asserts he didn’t lie, but for Snowden, the damage was done. Three days later, Snowden quit his job and applied for a new position where he could gather and copy classified materials on the surveillance programs he had spent his career overseeing.
You may think you know how this story ends. Snowden leaked hundreds of thousands of classified emails to the Washington Post and the U.K.’s Guardian in one of the largest leaks in U.S. history — securing his place alongside Daniel Ellsberg, Julian Assange and W. Mark “Deep Throat” Felt.
Though most people know Snowden leaked documents about the NSA, far fewer understand what those documents actually said. In this article, I’m going to bring you up to speed on the PRISM program: what it is, where it came from and why Snowden was willing to risk his freedom to bring it down.
Does the PRISM program still exist?PRISM no longer exists in the form Edward Snowden revealed. The enormous data dragnets proved too unwieldy for the National Security Agency’s needs. Today, intelligence agencies are more likely to subpoena private data from tech companies on a subject-by-subject basis.
What does PRISM program stand for?Despite being written in all-caps, PRISM doesn’t stand for anything. It’s just meant to be an innocuous code name.
Who uses PRISM?PRISM was used by the National Security Agency in the United States, but it was also accessed by intelligence agencies in the other Five Eyes nations, Germany and France.
What Is the PRISM Program?
PRISM (a code name that doesn’t stand for anything) is a program run by the NSA that allows the United States government to spy on digital communications.
According to one of the first articles based on Snowden’s data, PRISM gives the NSA a back door into communications companies. Through the PRISM program, the NSA and other agencies can “obtain targeted communications without having to request them from the service providers and without having to obtain individual court orders.”
Technology companies that run communication networks — including Google, Facebook, Apple and Microsoft — save logs of every exchange. The PRISM program lets intelligence agencies grab those logs whenever they want, without needing a search warrant — and often without the corporation knowing about it.
The PRISM program has been a smashing success for the NSA. At the time of the leaks, it provided the NSA access to 91% of the internet traffic collected under FISA Amendments Act section 702. Because much of the world uses communication channels run by American internet firms, PRISM’s back door gives U.S. intelligence direct access to a global data stream.
How Did the PRISM Program Start?
The PRISM program began when President George W. Bush signed the Protect America Act of 2007, one of those laws that has a title that says the exact opposite of what it does.
The Protect America Act and the Patriot Act allowed government agencies to monitor electronic communications without a warrant, as long as there was “reasonable belief” that at least one party to the communications did not live in United States territory.
The PRISM program took advantage of the new liberties granted by the Patriot Act and the Protect America Act, which updated the older Foreign Intelligence Surveillance Act.
The Justice Department and its collaborators could now run a surveillance dragnet of any size, provided that it might catch one person outside America. And if it didn’t, the attorney general could just decide not to tell anybody.
What was the point of all this? Naturally, the whole thing was sold to the public as a national security tool, a weapon against terrorists who hated our freedoms. But according to slides released by Snowden, a typical week’s targets included Venezuela, Colombia and Mexico, three countries that had nothing whatsoever to do with 9/11.
After Snowden made his first disclosures, then NSA Director Keith Alexander and several other officials claimed the PRISM program had stopped over 50 attacks on the U.S. There is no evidence for this figure. As best as anyone can tell, it was made up amid the terrible publicity Snowden generated.
What Does the PRISM Program Have to Do With Five Eyes?
PRISM information is not only available to the United States. Snowden’s leaks confirmed that the United Kingdom’s Government Communications Headquarters (GCHQ) had access to PRISM and used it to write reports.
Canada’s Communications Security Establishment claimed not to be part of PRISM, but admitted the existence of a similar homegrown program that provided direct access to citizen communications.
Every country questioned after the Snowden leak said something similar: Yes, we have a sinister surveillance apparatus, but it’s for national security! And besides, it’s only for spying on people in other countries! It’s fine!
Enter the Five Eyes intelligence-sharing treaty.
Established during World War II and strengthened by the Cold War, the Five Eyes alliance allows confidential intelligence to flow freely between the five primary Anglophone countries: the United States, the United Kingdom, Canada, Australia and New Zealand.
Snowden called Five Eyes nothing less than a “supra-national intelligence organization that does not answer to the known laws of its own countries.”
A crackpot conspiracy theory, right? Not exactly. Because most of the world’s telecommunications pass through the United States, the PRISM program can read the private messages of people all over the world, including citizens of the other Four Eyes.
Thus, by working through proxies, all five countries can spy on their own people while still being able to say they technically aren’t doing that. I’d call that clever if it weren’t so evil.
What Did Snowden Reveal About PRISM?
When Snowden fled the United States, he took with him anywhere from 50,000 to 1.5 million documents. He’s only released a fraction of them, claiming that he held most back because they weren’t relevant to his concerns about surveillance practices.
The NSA programs in the documents we have seen are frightening enough. Just a partial list of what Snowden’s documents told the world about warrantless wiretapping, surveillance and the NSA gaining access to private data:
- Verizon is turning over cell phone metadata to the NSA. A top-secret court order revealed that cell phone service provider Verizon gave the NSA reams of telephone records. This particular court order only concerned “metadata,” such as the length and destination of the call, not content.
But even “just the metadata” means intelligence can gain access to your private life without due process. It can also easily be used to construct profiles on a target.
- Companies were threatened into complying. Yahoo initially wanted no part of PRISM. When it received the court order demanding it turn over user data, the company sued the NSA in a secret court. Yahoo only backed down after the government threatened to impose a ruinous $250,000-per-day fine.
At least it tried. Other private companies, especially Microsoft, gave the NSA direct access to user information while swearing they weren’t working with intelligence. The full list of American companies that help the PRISM program collect information includes Google, Facebook, Apple and AOL, plus subsidiaries including Skype and YouTube.
- The NSA only needs to be 51% confident that a surveillance subject isn’t an American citizen. PRISM is only supposed to target people outside the United States, but analysts operate on a 51% standard when making that call. Oh, and according to training materials, it’s “nothing to worry about” if they do violate someone’s constitutional rights and fail to report it.
- The NSA can wiretap anybody within three degrees of a suspect. Under the Protect America Act, the agency claims the authority to use PRISM on anybody up to three “hops” away from a suspect. Let’s assume the average person is “connected” to 100 people. Three hops = 100^3 = 1 million people.
Considering federal agencies don’t need evidence against the original suspect to tap their search history or telephone conversations, it’s easy to see how they could cover the entire population of the United States.
- The U.S. spies on its allies as well as its citizens. Western European nations, including Spain and Germany, have been caught in the PRISM net. Even former German Chancellor Angela Merkel wasn’t safe. To this day, it’s unclear how Merkel was designated a security threat.
- At its height, PRISM’s mass data collection covered 1.6% of all internet traffic per day. That may not sound like a lot, but it amounts to 29 petabytes every day. Even if only 0.025% of that is ever seen by a human (as the NSA claims), that’s still about 725,000 gigabytes of customer data. Per day.
Obviously, all of this is horrifying. But even PRISM isn’t the entire story.
What Other Programs Did the Snowden Leak Reveal?
That’s right, there are other global electronic surveillance programs. PRISM only covers messages exchanged over the internet. For other communication methods, there are other dragnets:
- XKeyscore is a search engine that allows NSA analysts to dig through the massive pools of data gathered by PRISM and its counterparts. According to Snowden, XKeyscore users can tag individuals and follow their trails through the obtained communications.
- Tempora is an electronic surveillance program operated by the U.K.’s GCHQ that extracts data from fiber optic cables. Proving that Five Eyes is a two-way street, NSA analysts reportedly worked with data from Tempora.
- MUSCULAR is a joint NSA-GCHQ program that allegedly collects twice as much data per day as PRISM. Unlike PRISM, MUSCULAR is pure hacking, requiring no collaboration from the communications company.
- Project 6 is a collaboration between the CIA and German intelligence to build a database of information on suspected terrorists. It’s highly likely that the CIA gathered and stored data on innocent German citizens through Project 6.
- Lustre is a similar collaboration between French intelligence, the NSA and GCHQ.
- Stateroom is a signals intelligence clearinghouse for all the Five Eyes nations to intercept and process telecommunications. It uses data gathered by the ECHELON satellite network.
There are also five corporations collaborating with the NSA, the identities of which are so secret even Snowden didn’t know them. He could only reveal their admittedly badass code names: Serenade, Lithium, Artifice, SteelKnight and X.
If you find this information overwhelming, that’s entirely normal. It’s a worldwide scandal that governments are still arguing about nine years later. For the rest of the article, I’m going to put PRISM in the context of the average person’s life. How much danger are you in, and what do you need to do to protect yourself?
How Does PRISM Affect You?
Government surveillance is a unique problem in the cybersecurity world. We talk a lot about how to keep yourself safe from hackers, scammers and criminals. But what if the intruders are the very people who are supposed to have your best interests at heart? How do you protect yourself from intruders who aren’t breaking the law because they are the law?
Some would say there’s no need to do anything. PRISM keeps us safe. If you have nothing to hide, you have nothing to fear.
But privacy is a human right. The Fourth Amendment is just bookkeeping; you deserve privacy because you’re a human being. It should be on the intelligence apparatus to justify invading our privacy, not on us to justify why we should keep it.
Is the PRISM Program Still Active?
In 2019, the U.S. Ninth Circuit Court of Appeals ruled that the PRISM program was unconstitutional. By that point, the system may not have been in use for some time.
The NSA seems to have realized that continuing to operate PRISM — a mind-bogglingly expensive program that has stopped a grand total of zero terrorist plots — was indefensible.
Instead, it now sends tens of thousands of requests for information to tech companies every year, about four-fifths of which are fulfilled. Although the era of large-scale dragnets may be over, governments and tech companies are still conspiring to rob you of your online privacy.
What Role Do Internet Service Providers Play in PRISM?
As I covered above, some of the corporations required to install PRISM backdoors were more enthusiastic than others about granting direct access. Yahoo fought in court and only buckled under threat of financial ruin. Microsoft appears to have rolled over willingly.
There are even some heroes, like Lavabit founder Ladar Levison, who shut down his company rather than comply.
The PRISM surveillance program relies on internet companies to do most of its legwork. From the slides released by Snowden, we know that nine services collaborated: Microsoft, Yahoo, Google, Facebook, PalTalk, YouTube, Skype, AOL and Apple (in the order data collection began).
However, the Lavabit saga proves that other, smaller privacy and encryption companies may have been involved. There’s also the matter of the five code-named telecom companies.
The bottom line is there’s no way to know for sure if an internet company has a backdoor or provides user information to a government surveillance program. To be safe, behave as though all of them do.
That means using a virtual private network (VPN) and other common-sense security measures as well as being vigilant about revealing any personal information whatsoever. More on this in a moment.
What Data Can the Government Gather on You?
One of the establishment lines of defense against Snowden’s leaked documents was that programs like PRISM and the Verizon database only gathered metadata. The NSA isn’t reading your texts or listening to your phone calls, it’s just collecting a few facts about what calls were made, when and for how long.
That’s a ridiculous claim on its face. Why spend millions of dollars to collect useless information? However, if you dig a little deeper, you’ll find it’s even more ridiculous.
In 2015, reporter Will Ockenden published his metadata and challenged readers to see how much they could deduce about his life. Strangers figured out his daily routine, travel habits, relationships and even noticed he had moved.
That said, since PRISM is (probably) no longer active, asking what it can do is the wrong question. Intelligence agencies now request information on a case-by-case basis, and they can find a legal justification for just about anything.
So the real question is: what user data do tech companies save?
The outlook isn’t good. It’s not just the metadata after all. Big tech data collection is rampant, especially among the most-used services. Google, Facebook, Apple, Amazon and Microsoft all save your location, IP address, contact information and financial information. More than one company saves your browsing history, messages and even facial recognition data.
Advertising is the main purpose of all this retention, but it also leaves your sensitive personal data out for any agencies that might want to subpoena it.
How Can You Keep Yourself Safe From Surveillance?
Communication and tech companies are a big part of the problem, but they also show us the solution. If you want to keep your information safe from government surveillance programs, you don’t have to outwit the NSA, CIA and FBI, just Google and Facebook.
Since we started this article with Edward Snowden, let’s see what he thinks. In various interviews, Snowden regularly mentions a few basic tips everybody can use.
- Use an encrypted messaging app. Snowden recommends Signal, but Wickr also works well. Telegram is a popular choice, but encryption isn’t enabled by default. Make sure to turn it on in the settings before you do anything.
- Use Tor. The Onion Router is an open-source privacy project that anybody can access through the free Tor Browser. Tor is a decentralized network of relays that make it impossible to track a single user’s connection. Even if Tor’s volunteer administrators receive a subpoena, they won’t have any information to give.
- Don’t share information unless it’s necessary. In a world that rewards constant sharing in the hopes of gaining clout, Snowden stands out as a pillar of operational security. Even his girlfriend didn’t know he was planning to leak classified documents, which may have saved her from arrest.
- Use an ad blocker. Advertisers frequently attach cookies to an IP address so ads can follow a user between websites. Software like uBlock Origin can prevent these cookies from compromising your operational security.
I want to wrap up by addressing one area Snowden is mostly silent on: using a VPN. He tends to advocate for Tor instead because of its decentralized, open-source structure.
However, one good reason to use a VPN is Tor has its own vulnerabilities. Because it relies on a diversity of relays, it lacks a screening process for node managers, which has let some entities with government organization-level resources compromise its security. A VPN counteracts that threat.
VPNs logging your activity and sharing it with NSA surveillance programs is a real concern. If you’re worried, choose an independent VPN with a history of not logging data, like NordVPN or Surfshark.
The Joker isn’t wrong, we do live in a society. Part of the social contract is everybody gets to choose for themselves how much liberty they’re willing to give up in exchange for security.
By running PRISM surveillance programs for years without consulting the people, the NSA and its collaborators made that choice for us. However, Edward Snowden’s actions allowed the world to see behind the curtain.
What’s your opinion on government surveillance? Is Edward Snowden a hero, or a more complicated figure? Let me know your thoughts in the comments! Thanks, as always, for reading.
Leave a Reply