PRISM is a code name for a program under which the United States National Security Agency (NSA) collects Internet communications from various US Internet companies. The program is also known by the SIGAD US-984XN. PRISM collects stored Internet communications based on demands made to Internet companies such as Google LLC under Section 702 of the FISA Amendments Act of 2008 to turn over any data that match court-approved search terms. The NSA can use these PRISM requests to target communications that were encrypted when they traveled across the Internet backbone, to focus on stored data that telecommunication filtering systems discarded earlier, and to get data that is easier to handle, among other things.
PRISM began in 2007 in the wake of the passage of the Protect America Act under the Bush Administration. The program is operated under the supervision of the U.S. Foreign Intelligence Surveillance Court (FISA Court, or FISC) pursuant to the Foreign Intelligence Surveillance Act (FISA). Its existence was leaked six years later by NSA contractor Edward Snowden, who warned that the extent of mass data collection was far greater than the public knew and included what he characterized as “dangerous” and “criminal” activities. The disclosures were published by The Guardian and The Washington Post on June 6, 2013. Subsequent documents have demonstrated a financial arrangement between the NSA’s Special Source Operations division (SSO) and PRISM partners in the millions of dollars.
Documents indicate that PRISM is “the number one source of raw intelligence used for NSA analytic reports”, and it accounts for 91% of the NSA‘s Internet traffic acquired under FISA section 702 authority.” The leaked information came to light one day after the revelation that the FISA Court had been ordering a subsidiary of telecommunications company Verizon Communications to turn over to the NSA logs tracking all of its customers’ telephone calls.
U.S. government officials have disputed some aspects of the Guardian and Washington Post stories and have defended the program by asserting it cannot be used on domestic targets without a warrant, that it has helped to prevent acts of terrorism, and that it receives independent oversight from the federal government’s executive, judicial and legislative branches. On June 19, 2013, U.S. President Barack Obama, during a visit to Germany, stated that the NSA’s data gathering practices constitute “a circumscribed, narrow system directed at us being able to protect our people.”
PRISM was publicly revealed when classified documents about the program were leaked to journalists of The Washington Post and The Guardian by Edward Snowden – at the time an NSA contractor – during a visit to Hong Kong. The leaked documents included 41 PowerPoint slides, four of which were published in news articles.
The documents identified several technology companies as participants in the PRISM program, including Microsoft in 2007, Yahoo! in 2008, Google in 2009, Facebook in 2009, Paltalk in 2009, YouTube in 2010, AOL in 2011, Skype in 2011 and Apple in 2012. The speaker’s notes in the briefing document reviewed by The Washington Post indicated that "98 percent of PRISM production is based on Yahoo, Google, and Microsoft".
The slide presentation stated that much of the world’s electronic communications pass through the U.S., because electronic communications data tend to follow the least expensive route rather than the most physically direct route, and the bulk of the world’s internet infrastructure is based in the United States. The presentation noted that these facts provide United States intelligence analysts with opportunities for intercepting the communications of foreign targets as their electronic data pass into or through the United States.
Snowden’s subsequent disclosures included statements that government agencies such as the United Kingdom’s GCHQ also undertook mass interception and tracking of internet and communications data – described by Germany as "nightmarish" if true – allegations that the NSA engaged in "dangerous" and "criminal" activity by "hacking" civilian infrastructure networks in other countries such as "universities, hospitals, and private businesses", and alleged that compliance offered only very limited restrictive effect on mass data collection practices (including of Americans) since restrictions "are policy-based, not technically based, and can change at any time", adding that "Additionally, audits are cursory, incomplete, and easily fooled by fake justifications", with numerous self-granted exceptions, and that NSA policies encourage staff to assume the benefit of the doubt in cases of uncertainty.