The past few days, news and rumors circulated all over the internet about PRISM. Triggered by articles published by the Washington Post and the Guardian, PRISM is said to be a covert collaboration between the NSA, FBI and the many tech companies we depend on daily. Fancy naming aside, it is actually a real US government program that is said to have started in 2007 to monitor potentially valuable foreign communications that could pass through US servers. To accomplish this, PRISM leveraged the help of companies such as Microsoft, Yahoo, Google, Facebook, AOL, Apple and the like to access tremendous wealth of data and communications that passes through the companies’ servers. These information are then cascaded to the FBI’s Data Intercept Technology Unit which in turn reports to the NSA.
The Washington Post was able to obtain previously undisclosed documents regarding the program. A handful of screenshots from the said documents are shown below:
This slide shows when each company joined the program, with Microsoft being the first, on Sept. 11, 2007, and Apple the most recent, in October 2012.
From the slides shown above, we could deduce two things. One, PRISM actually exists. Two, the program has indeed allowed the US government unprecedented access to each and everyone’s personal information for the last six years. That includes chats, emails, pictures, videos and calls. Everything that makes up our online identity.
Unsettling? Well, according to Director of National Intelligence James Clapper, there is nothing to worry about PRISM. He writes:
The Guardian and The Washington Post articles refer to collection of communications pursuant to Section 702 of the Foreign Intelligence Surveillance Act. They contain numerous inaccuracies.
Section 702 is a provision of FISA that is designed to facilitate the acquisition of foreign intelligence information concerning non-U.S. persons located outside the United States. It cannot be used to intentionally target any U.S. citizen, any other U.S. person, or anyone located within the United States.
Activities authorized by Section 702 are subject to oversight by the Foreign Intelligence Surveillance Court, the Executive Branch, and Congress. They involve extensive procedures, specifically approved by the court, to ensure that only non-U.S. persons outside the U.S. are targeted, and that minimize the acquisition, retention and dissemination of incidentally acquired information about U.S. persons.
Section 702 was recently reauthorized by Congress after extensive hearings and debate.
Information collected under this program is among the most important and valuable foreign intelligence information we collect, and is used to protect our nation from a wide variety of threats.
The unauthorized disclosure of information about this important and entirely legal program is reprehensible and risks important protections for the security of Americans.
From what he wrote above, Clapper basically assures everyone that the US government’s PRISM program is totally legal and very important to ensure protection of US citizens (and to some degree, the subscribers and users of all the tech companies they have been tapping the last 6 years) from a variety of threats.
However, the companies that are supposedly part of the PRISM program have individually released statements saying that they have never been part of any US program and that they have not given the government direct access to their servers. Most recently, Mark Zuckerberg published in his FB page the following:
I want to respond personally to the outrageous press reports about PRISM:
Facebook is not and has never been part of any program to give the US or any other government direct access to our servers. We have never received a blanket request or court order from any government agency asking for information or metadata in bulk, like the one Verizon reportedly received. And if we did, we would fight it aggressively. We hadn’t even heard of PRISM before yesterday.
When governments ask Facebook for data, we review each request carefully to make sure they always follow the correct processes and all applicable laws, and then only provide the information if is required by law. We will continue fighting aggressively to keep your information safe and secure.
We strongly encourage all governments to be much more transparent about all programs aimed at keeping the public safe. It’s the only way to protect everyone’s civil liberties and create the safe and free society we all want over the long term.
From all these recent developments, maybe there is just one thing we should take note: the world we live in today has become increasingly connected and social that privacy and security as concepts have evolved and taken a slightly different definition. With the continuous growth and development of computing, internet and telco technologies, it is naive of us to think that the government (and to some extent, other malicious or criminal organizations) cannot and will not access the “personal” and “private” information that we share amongst our friends and the community. Hence, we as citizens of the web should be more responsible and aware of the things that we do, say, hear and share. With the help of today’s technology, the world is more open than ever before, and it is simply up to us if we would not be vigilant and allow other groups or individuals to bypass our personal privacy.