Separating truth from the myths about the Prism Program
The PRISM program aims to gain direct access to user communication. The information includes email communication, voice calls, SMS, social media communications, metadata, video calls, search preferences, etc. The constitution governs this unlimited access to information by the NSA through the PRISM program.
Section 702 of the FISA (Foreign Intelligence Surveillance Acts), which became law in 2008, allows the Prism Program to access Tech Companies’ servers directly. Since then, the United States government has drastically increased intelligent bodies’ ability to gain local and foreign information.
The intelligent bodies can investigate the retrieved information targeting terrorists, criminals, and even those not suspected of anything. Formerly, the NSA could not obtain information from people outside of the USA.
However, that has changed with the formation of the PRISM program. It does not matter what you do, where you live, or whether you commit a crime; the NSA can access your personal information.
Why was PRISM created?
PRISM Act of 2007 is an electronic data collection that aims to protect the USA, according to the NSA. It was a top-secret and advanced surveillance program of the NSA.
The PRISM program had a code-named US-984XN. According to the leak presentation, the NSA claimed that it launched the program to overcome the FISA warrant’s pitfalls. The FISA warrant is in charge of tracking down and prosecuting foreign terrorists.
But court mandates were needed before they could access and investigate the information of suspected criminals. The NSA wanted to overcome this challenge and have the flexibility of tracking down anyone when the body wanted. Furthermore, the NSA noted that the USA has advantages in tracking terrorists because most prominent tech companies reside in the US.
Aside from having the biggest tech companies, the US has the internet infrastructure. Therefore, the NSA used the US technological might to create the PRISM program. It targets both the sender and receiver, whether based in the US or not.
The NSA disbanded FISA because it protected some people not bound by the FISA law. FISA must go to court and get orders before accessing foreigners’ communications. Therefore, the PRISM program was formed as a significant upgrade to FISA. No court order is required to gain access to information by the NSA.
The PRISM program act further gives the attorney general and the director of national intelligence the power to prosecute telecommunications companies that fail to comply with PRISM. It also indemnifies Tech and internet organizations from any consequences of granting the NSA access to users’ information.
FBI acting as the intermediary
The leaked document states that the FBI is the primary intermediary between tech companies and the various intelligence agencies. In the leaked documents, the National Security Agency hailed the PRISM act as one of the NSA’s most productive, unique, and valuable assets.
It boasts about how the FBI gathered information from tech companies. It also boasts about how the number of obtained communications from Skype astronomically rose to 248% as far back as 2012. The information gathered from Facebook rose by 131%, while Google rose by 63%.
When the NSA gathers information through the FBI, it reviews the communications, and if it warrants further investigations, the NSA will issue a “Report.” According to the leaked document, the NSA generates more than 2000 PRISM program-based reports monthly.
How the NSA PRISM collects data
The PRISM program activities are shrouded in secrecy, which is not also helped by the constant denial of tech companies. But from what we know and leaked documents, the PRISM program relies on two aspects for data collection.
Number one is section 702 of the Foreign Intelligence Surveillance Act (FISA), while the second is section 215 of the US Patriot Act. The PRISM program law authorizes security agencies to retrieve communications and metadata from AT&T, Verizon, Google, Yahoo, Facebook, and every other telecommunication and internet company.
The secret law further allows security agencies to collect and analyze information for up to five years. The program uses a lot of sophisticated tools for information gathering. One is the NUCLEON, which gathers information about telephone conversations and SMS.
Another one is MARINA, which stores metadata from the internet. And lastly, PRISM has another tool, the Signals Intelligence Activity Designation (SIGAD), which gathers information from every other system. PRISM further targets a targeted person’s mobile contact, which can cause an unjustified investigation of innocent people.
What do the telecommunication and internet companies say about PRISM?
All companies participating in the PRISM program have vehemently denied the accusation. But no one really expects them to come in public and agree that they share users’ information with the FBI, CIA, and other intelligent bodies anyway. In the past, Larry Page publicly said that any claim that Google compromises its user’s privacy is entirely invalid.
Google’s chief architect, Yonatan Zunger, has also stated that the only time Google can provide users with information to security authorities is when the organization receives specific and lawful orders about the agencies.
He said Google couldn’t disclose user’s information to the PRISM program on such a magnitude. He further stated that he would have quit his role as the Chief Architect of Google if such a thing had ever happened.
What about Yahoo? Yahoo’s Ron Bell wrote that the assertion that Yahoo compromises its users’ privacy and gives information to security agencies is false. He said Yahoo does not give users information and communications to federal agencies. It does not provide any platform for federal agencies to access unfiltered communication.
What did Facebook founder Mark Zuckerberg say?
He said the PRISM program report is outrageous and that Facebook has not and would not participate in any program granting federal agencies direct access to its servers.
According to him, Facebook only complies with lawful orders for requests about specific identifiers or orders.
Microsoft stance?
Microsoft has vehemently denied that it participated in the PRISM program.
The organization said they never have and would not compromise users’ information, irrespective of the body demanding it.
They will not comply if any US agency has a broad program to retrieve information from its servers. Steve Dowling further stated that Microsoft has never heard of the PRISM program and does not directly access its servers to the Government. They will only provide customer records through court orders, according to him.
Are the telecommunication/internet companies telling the truth?
The Internet and telecommunication companies are telling lies. Firstly, no organization would come out publicly to agree that they shared users’ information with any intelligence agency.
Accepting they share users’ information would lead to a boycott, devastating their organizations. Initially, many people believed that these internet communication companies were sincere. But the leak made everyone understand how powerful the PRISM program is.
There have also been a lot of controversies here and there, which further proves that the tech companies are not sincere. In a statement by Google’s current CEO, Sundar Pichai, he said that Google only responds to orders from some individuals. This statement proves to some extent that Google participates in the PRISM program.
Yahoo’s Bell has also stated that they send only a tiny percentage of customers’ information to security agencies. This statement sounds like a damage control mechanism, proving that Yahoo also participates in the PRISM program.
How big was the leak?
Never in the NSA’s history has leaks as massive as the PRISM program leak. The leaked documents first sufficed in April 2013, and such a leak is uncommon in the history of the NSA.
The NSA is the world’s largest surveillance organization and prides itself on maintaining the highest secrecy. Therefore, the leak was a massive shock to everyone. This program allowed them to obtain information from tech companies without court orders.
Should we be worried that the NSA gets unfiltered access to the user’s information?
Many internet and telecommunication corporations have systems that give access to intelligence agencies. This information can also be electronically transmitted to other Government institutions through the company servers.
Companies are obliged to provide information due to the constitutional backing of PRISM. The program has left many Americans confused, concerned, and feeling a significant lack of control over their privacy.
The majority of people think that their data is no longer secure. However, data collection through PRISM has its benefits, especially in investigating crimes.
But the disadvantages outweigh the advantages, and many people also believe it is impossible to live daily without tracking. This view is shared by at least 6 in every 10 American citizens. Americans no longer feel confident in how tech companies handle and transmit their personal information.
What about the privacy policy?
Most people do not read privacies before creating online accounts. Most adults would accept the privacy policy while creating accounts. However, reading a privacy policy would not ensure your data remains confidential.
The privacy policies do not, in any way, guarantee that the Government authorities will not get access to your personal information through the PRISM program. Data privacy laws have a lot of loopholes for tech companies to exploit. Moreover, many adults do not understand data privacy policy laws and regulations.
The NSA PRISM has unfiltered access to telecom servers, and many questions must be asked. Is the information subject to the appropriate judicial procedure? They don’t because the PRISM information gathering is not a search warrant under the Constitution’s Fourth Amendment.
Also, the amendment does not require intelligence agencies to show whether a target is a criminal. This implies that the PRISM data collection system can target anybody irrespective of who you are. This is a significant concern for the public because corrupt officials can use it for political and business advantages.
Which companies are involved?
PRISM’s most prominent companies are Google, Yahoo, AOL, Apple, Skype, Vodacom, AT&T, YouTube, PalTalk, and Dropbox (a popular US-based file hosting service). However, all telecommunication and IT companies in the USA must cooperate with PRISM. However, the leaked documents state that 98% of the information gathered through PRISM comes from Google, Microsoft, and Yahoo.
All the major companies involved in PRISM have publicly denied the allegations, stating that no external or Government agencies have access to their servers. However, it is clear from the leak that the NSA gains direct access to tech company servers to pull out information anytime.
What do the defenders of PRISM say?
PRISM Defendants have stated that the program targets foreign users, and PRISM doesn’t gain access until they make a request. The New York Times said in the last two instances of the PRISM data request; organizations created a secure Dropbox storage where they electronically deposit specific information for the intelligence agencies.
In the past, Google also wrote a letter to the Department of Justice, seeking permission to disclose how PRISM works. Facebook also wanted permission to provide transparency on how the PRISM program works to enable people to see the accurate picture.
They got the approval, and Google discussed with Wired Magazine how it passes legal information to the Government. Google insisted it never gave intelligence body direct access to its servers for information gathering.
Why is Twitter not mentioned?
No one has been able to answer if Twitter cooperates with the PRISM program because the leak did not mention Twitter in any way.
It seems to some that Twitter said no and refused to cooperate with the NSA PRISM program.
However, the PRISM program is backed by the constitution, obliging Twitter and other tech companies to be corporate.
All US companies should comply with federal laws, and Twitter must cooperate with the Government’s request for data. But Twitter is under no legal obligation to make the process of information gathering easy for any Government organization.
From all indications, it seems Twitter complicated the information-gathering process from their servers for the NSA. While other companies changed their system to transmit data to government agencies effectively and discussed technical information-gathering methods, Twitter held its ground and made the process difficult. Twitter refused to join the bandwagon in steamrolling the information-gathering process.
What type of data does the PRISM monitor?
According to the leak slides and other supporting documents published by the Washington Post and the Guardian alongside all other trusted sources to date, the monitored data include the following.
- Emails
- Photos
- Chats
- Videos
- VoIP
- Social network details
- Social media chats
- SMS
- Video
- Notifications
- Video conferences
- Any other means of communication
Additionally, data that Google and Microsoft share include Drive files, live surveillance, an entire photo library, video chats, voice chats, metadata, information about who is talking to whom, search terms, etc.
What about the information on private servers and the cloud?
It does not matter if your information is on shared, dedicated, or private servers; it is not safe if it is online. Simple.
Aside from the fact that Google, Bing, and other search engines crawl users’ emails and other data to target their ads, the PRISM program can access your email for use by the NSA.
This means third parties may have read your emails. The NSA and other intelligence bodies may have read your iCloud and third-party system emails.
What is the difference between the PRISM program and the data Verizon gives to the NSA?
According to the constitution, every telecommunication and internet company must provide information to federal agencies. However, Verizon’s data to the NSA differs from the PRISM program.
Verizon gives only metadata to Government security agencies, which means they can see who you call and how long the call lasts, but they do not listen to your communication. They don’t listen to your voicemails either. However, this is a separate NSA program, and the PRISM program is more robust.
Has the PRISM program affected the USA’s freedom ranking?
Freedom ranked the USA as the second most internet-free country before the PRISM program leak. However, the U.S. position drastically changed after the leak.
Freedom ranking started in 2015 by Civil Liberties. It is an independent body run by Germany’s Liberales Institute, the U.S. Cato Institute, and Canada Fraser Institute. The index measures freedom of speech, freedom of religion, freedom of association, freedom of movement, etc.
Its rating measures on a scale of 10 to 0. In the last rating in 2019, the U.S. dropped down to number 15 on the list. People thought the PRISM program significantly contributed to pushing down the United States.
Is there a way to avoid the PRISM program?
Whether or not you are an American citizen, you cannot avoid the PRISM program. That is the hard truth.
It is because American companies own the biggest tech companies. Organizations like Google, Facebook, Yahoo, Microsoft, and other major tech giants have their servers resident in the US even though they have servers in other locations.
This means intelligence bodies can target your information whether you are a US citizen or not. Almost everyone has an account with one or more of the above-listed tech companies. So, technically, no one can avoid the PRISM program.
Ironically, Microsoft ran an advertisement program with the catchphrase “Your Privacy is our Priority.” They were still the first organization to grant the NSA direct access to their servers through the PRISM program. Microsoft began giving direct access to its servers as far back as 2007.
Yahoo was next in line and gave the NSA direct access in 2008. Next were PalTalk, Facebook, and Google in 2009. YouTube gave access in 2010, AOL, and Skype in 2011. Finally, Apple obliged in 2012. The PRISM program keeps expanding daily, and many other medium-sized and multinational tech companies have joined the bandwagon.
So, one cannot get away from the PRISM program completely. But you can minimize the likelihood of Five Eyes, NSA, and other organizations tracking your voice traffic and internet activities.
To escape PRISM, the best thing you can do is mask your IP address with a Virtual Private Network (VPN). The infamous free anonymizing tool Tor also lets you achieve that, but VPN is the safest and most reliable way.
A VPN client will encrypt your internet traffic and send it to another location for decryption. When you have a quality VPN service, the NSA could see some traffic traveling through the tunnel, but it won’t be able to separate your internet traffic from others.
It would help if you also considered ditching tech giants to avoid the PRISM program. That can be harder for many, as most rely on Apple, Google, Microsoft, and Facebook daily.
What you can do here is try using secure alternatives to the services offered by those tech giants. For example, you should use a secure email provider instead of Gmail.
Concerning searching online, you can live without Google. Yes, that is true. Few people understand that plenty of exceptionally secure alternative search engines exist. If you ask us, at the top of our list is the intelligently dubbed DuckDuckGo.
Encrypting your data is another useful way of minimizing data exposure to the PRISM program. TrueCrypt alternatives available in the market will do this task for you.
Who do you blame for the PRISM program?
People frown at data breaches because it puts their private information in the hands of third parties. They see what you read, what you say, your videos, your search, your emails, and much other information about you.
However, the Government claims that the PRISM program targets criminals, but the negatives far outweigh the positives. People no longer have freedom on the internet because of fear of data breaches.
So, who should be blamed for the PRISM program? First, blame it on Congress for legislating such powers to the intelligence agencies.
Secondly, blame it on the FISA court that passed the PRISM act into law and, lastly, blame it on the Government for discarding the actual values of American society.
What did the Government do about the leak?
There were diplomatic rows after the leak, which led to the prosecution of the people responsible for the leak. However, the Government cannot retrieve the information contained in the slide. Edward Snowden was one of the major leak sources, but he fled to Hong Kong.
In an interview with the Guardian, he stated that he fled to Hong Kong because of its perceived freedom. Hong Kong ranks number one on the Freedom Index list with an impressive score of 8.91. The Freedom Index measures a scale from 10 most free to 0 least free nations worldwide. He said people had the freedom of speech in Hong Kong and intended to exercise that.
Although the United States has a bilateral agreement with Hong Kong on extradition. However, extraditing someone based on political grounds should more likely be vetoed by either Beijing or Hong Kong.
Conclusion
The PRISM program serves as the National Security Agency’s tool to obtain information directly from tech companies. Companies such as Facebook, Apple, Google, Microsoft, and other Tech/information communication giants are all obliged to grant access to the NSA through the PRISM program.
It remained a top secret before it got leaked and reported. The NSA gained access to information such as emails, calls, SMS, video, search history, chats, metadata, and just about any communication through the PRISM program. According to the leaked document, it gets direct access to tech companies’ servers.
However, all the tech companies have denied this allegation even though the leaked documents expose the huge data privacy issue. Defenders of the PRISM program would always say that the act facilitates surveillance and protects the US. However, the PRISM program violates the user’s privacy and poses a significant risk.
The program also targets people who live outside the USA. This means that it can spy on almost everyone. An unprecedented militarization of international and local communication infrastructure significantly threatens the freedom of the Internet.
The PRISM program troubles anyone concerned about their privacy. But you cannot do much as an internet user other than minimize your exposure. Protecting your digital privacy using a VPN and a private search engine and encrypting your computer data are your best defenses in a continuous tussle against the PRISM program.
