Field Guide to PRISM: The Internet Surveillance Scandal
George Orwell may have been right, after all. Earlier this month, Edward Snowden, an ex-technical assistant for the CIA, leaked a government surveillance project known as PRISM and since then, the country has been up in arms about “Big Brother” and the future of domestic security. For those of you who skip over clumps of acronyms in the newspaper assuming that they refer to stock abbreviations or bank lingo (90% of the time, you are right in thinking that) and are out of the loop on this scandal, feel free to read the following field guide for a better understanding.
What exactly is PRISM?
PRISM stands for Probably Really Insensitive Southern ‘Muricans. Wait, that doesn’t sound right… Oh, I remember. Some sources claim the acronym stands for “Planning Tool for Resource Integration, Synchronization, and Management,” while others say it’s simply a code name for the project originally known as US-984XN. (PRISM does have a nicer ring to it.) Started by George W. Bush in 2007 and expanded under Obama (yes, that means both parties are at fault so everybody, drop the pitchforks), PRISM aims to “monitor potentially valuable foreign communications that might pass through US Servers.” Meaning, if Kim Jong-il texted his US spy from his palace in North Korea about meeting up for lunch to discuss the newest Arrested Development season and the production of nuclear weapons, the Apple servers would catch it and send it to the higher figure.
How do they achieve this goal?
Under PRISM, when a user participates in suspicious activity, the National Security Agency (NSA) can request that one of the “internet giants” provide them with data about the incident. Most of the information exchanged is metadata, which is different from the data you’re thinking of, but we’ll get to that later.
What companies are involved exactly? And what’s in it for them?
Microsoft, Yahoo!, Google, Facebook, AOL, Skype, YouTube, Apple, and PalTalk. (Don’t ask me how that last one got in there. I haven’t heard of it either.) The companies supposedly promised to hand over information about emails, chat conversations, videos photos, file transfer data, notifications about suspicious activity, social networking details, Google searches, etc. to NSA officials or else face expensive lawsuits and a public shaming, Hester Prynne style. They also get paid, which was likely an incentive.
Why people care about it…
The NSA officials who demand information about suspicious activity determine who is “suspicious” by using their best judgment. They must have “51 percent confidence” that a subject is foreign in order to authorize its surveillance. Now I’m not very good at math but 51 percent is not a very definitive statistic. In fact, it’s such an unreliable number that sometimes regular citizens who loosely match the “suspicious” label accidentally get lost in the mix. Secondly, many of America’s allies, most notably Europe, are starting to question the stability of America’s electronic security and our ability to handle our massive dot-com society. Thirdly, the obvious lack of privacy can be kind of scary.
Why they probably shouldn’t care about it…
Let’s clarify some things. First, PRISM mainly focuses on the study of metadata, not data content. This means that the NSA is more likely to look at how long you Skyped your friend, at what time you Skyped them, and where you Skyped them from rather than what you said during the actual call. NSA agents want to analyze the information about the information, not the information itself.
Second, PRISM targets the online activity of foreign users, not American ones. In fact, for a user to be considered suspicious, not only must they be a non-US citizen but they must also be out of the country. So unless you’re an illegal alien living in the US but taking a vacation in Europe, you have nothing to worry about.
Lastly, PRISM does not operate under a warrantless system as it did during the days of Bush. Each data request requires a judicial review and an approval from Congress before it can be sent to the Internet companies.
Oh, and another thing. Leave Verizon out of it.
A few weeks prior to this incident, an official revealed that Verizon has also been monitoring phone data from many of their customers. While the Verizon story and this one have their similarities (both involve passing information to the NSA), they are not the same thing.
There are plenty of reasons to be nervous about PRISM but in the end, it all comes down to one fundamental question…what are you going to do about it? Stop using your phone? Abandon your Yahoo! email? (Gasp) Erase your Facebook? Every second that you’re on the Internet, your data is being exchanged from one service to another without your knowledge. When you like a photo or share a Facebook status, send an email or write a blog post, you are giving up information about your identity without a second thought. In other words, by participating in the big bad Internet world, you have already signed away your privacy rights. PRISM is no more at fault than you are.
That’s the way I see it at least but what do you think? Are people making a mountain out of a mole hill? Or is this really a breach of privacy, a threat to the future of national security? Is Big Brother really watching? Or are we just a little paranoid?