PRISM – We have an eye on you!

By Ola Hoffmann.

As recently revealed by Edward Snowden, the U.S. government has been using a worldwide electronic communication surveillance program called PRISM in order to gather information on both U.S. and foreign citizens. The media is currently buzzing with bits and bobs about this shocking news, which can make your head a bit dizzy.

PRISM permits thorough and widespread surveillance on live communications and stored information, and gives the National Security Agency (NSA) direct access to the servers of participating technology companies. Even though the program is American, it also affects the rest of the world for one simple reason: the U.S. acts as a ‘World’s Telecommunications Backbone’.


‘Any analyst, at any time, can target anyone, any selector anywhere.’

            Edward Snowden, June 9, 2013          

According to the NSA presentation, leaked to and verified by The Guardian, PRISM has been created as an ‘improvement’ of the Foreign Intelligence Surveillance Act (FISA) used, inter alia, to track suspected foreign terrorists. FISA has been described as a provider of a statutory framework, allowing government agencies to acquire authorisation for surveillance.

Screen shot 2013-06-18 at 00.52.35
International Internet Regional Bandwidth Capacity in 2011.

Any American (communicating with the foreigners) and foreigners themselves (using the services of participating firms) can be targeted, if they fall under suspicion. Additionally, inside the U.S. communication data collection is approved without a court warrant.

Under FISA the following key procedures are allowed: electronic surveillance; physical searches; use and installation of pen registers and trap and trace devices; access to business records and other tangible items; and the acquisition of the communications of  targeted overseas individuals and entities. Even though any action of these types require a court order from the Foreign Intelligence Surveillance Court (FISC) – ‘a neutral judicial decision maker in the context of activities authorized by the statute’ – in order to proceed, the judicial process has been disapproved of by Snowden. Speaking to the Guardian, Snowden said:

‘The restrictions against this [obtaining data] are policy based, not technically based, and can change at any time. Additionally, audits are cursory, incomplete, and easily fooled by fake justifications. For at least GCHQ, the number of audited queries is only 5% of those performed.’

Edward Snowden, June 17 , 2013       


Participating Firms and the start of their cooperation:

According to the leaked presentation, the U.S. government has direct help from some major electronic communication companies (Google, Facebook, Apple), a number of which have been in the programme for almost 5 years already. PRISM gives the U.S. intelligence agencies direct access to these companies’ servers, meaning that no individual court orders or permission from these companies is required.

Even though none of the companies above have confirmed their participation in the programme, some of them denying even having heard about it, Snowden confirmed yesterday that they are obliged to stay silent about their participation:

‘Their denials went through several revisions as it become more and more clear they were misleading and included identical, specific language across companies. […]

They are legally compelled to comply and maintain their silence in regard to specifics of the program, but that does not comply them from ethical obligation. 

 Edward Snowden, June 17, 2013       

The Thin Line between Right and Wrong 

The thin line between ‘right’ and ‘wrong’ remains blurry. Generally, a court issued warrant needs to be obtained in order to conduct a search. However, if the warrant is not needed, the activity is a subject to “reasonableness” test. It is undefined when the warrant is required while collecting foreign intelligence. This, further, raises the issue of currently difficult balance between the privacy protection and freedom rights and the security of the state.

As Edward Snowden summarised in his hotel room in Hong Kong, we should care about the surveillance and participate in the decision process about what and how is done in the name of the national security.

‘Because even if you are not doing anything wrong, you’re being watched and recorded. And the storage capability of these systems increases every year consistently by orders of magnitude, to where it’s getting to the point you don’t have to have done anything wrong. You simply have to eventually fall under suspicion of somebody, even by a wrong call. And then they can use the system to go back in time and scrutinise every decision you have ever made, every friend you’ve ever discussed something with and attack you on that basis to, sort of, derive suspicion from an innocent life. And paint anyone in the context of wrong-doer. ‘

Edward Snowden, June 9, 2013

Snowden in his Q&A session yesterday, promised to provide more detail about the direct accesses  soon. Nonetheless, he did confirm that ANY desired information (email, user id, IMEI, etc.) can be obtained through existing technology. It is only the matter of the policy, which can be modified anytime, as it has been before ().

‘More detail on how direct NSA’s accesses are is coming, but in general, the reality is this: if an NSA, FBI, CIA, DIA, etc analyst has access to query raw SIGINT databases, they can enter and get results for anything they want. Phone number, email, user id, cell phone handset id (IMEI), and so on – it’s all the same.’

Edward Snowden, June 17, 2013        


Please enter your comment!
Please enter your name here