Completing the PRISM jigsaw puzzle

The NSA takes such great quantities of data legally that it has built a system to manage it.

A week on from the revelations in the Guardian and Washington Post about the PRISM revelations, and the dust is settling. The tech companies have issued their denials; Edward Snowden has revealed himself as the source of the leak; and the Guardian has published five of the slides from the presentation in which the NSA lay out the scheme. At the same time, the recontextualisation of what we previously knew has brought more information forward.

Putting it all together, we can start getting our first really good guess at what PRISM actually is:

A system for requesting and managing data from major online companies using the FISA provisions which allow for secret collection of information.

That guess comes from examining the constraints which are laid out by the various pieces of information made public:

  • PRISM only cost $20m: That's an astonishingly low price, and suggests that the vast majority of the work was done by the companies themselves. It rules out anything involving breaking encryption, or significant amounts of hardware being installed externally.
  • The firms involved have all denied it: "Well, they would say that, wouldn't they?" Nonetheless, many of the denials are worded incredibly strongly. Take Google's chief architect:

    Even if I couldn't talk about it, in all likelihood I would no longer be working at Google: the fact that we do stand up for individual users' privacy and protection, for their right to have a personal life which is not ever shared with other people without their consent, even when governments come knocking at our door with guns, is one of the two most important reasons that I am at this company.

    That suggests that the majority of what the NSA considers to be the PRISM program is in their hands, not the companies'.

  • FISA requests are not public: The Foreign Intelligence Surveillance Act, a thirty-year-old law which was most recently amended in 2008, allows US government agencies to make demands for data through a secret court. Requests to the court for warrants are rarely turned down, and companies are not allowed to publicise how many requests they make.
  • The NSA describes collection of data "directly from the servers" of participating companies: This is the claim which has got everyone into such trouble. The Washington Post appears to have based its claim that PRISM consisted of "direct access" to their servers on this phrasing; it has since retracted that claim. The Guardian has not retracted, but has now provided an alternative description of what it means:

    The Guardian understands that the NSA approached those companies and asked them to enable a "dropbox" system whereby legally requested data could be copied from their own server out to an NSA-owned system.

    That would involve collecting data "directly from servers" while not quite involving the NSA having "direct access" to the companies data. (By way of analogy, when you visit Google.com, you are downloading data from Google's servers, but it would probably be misleading to say you had "direct access" to their servers.) That matches information Google has disclosed about how it transfers data to the NSA: through good, old-fashioned FTP.

So it seems like PRISM is the name for the scheme by which FISA demands for data are transferred to the NSA. If that's the case, the technology of PRISM isn't the scary thing. Neither is the possibility of illegal activity on the part of the NSA.

Instead, it's that FISA requests are served in such great quantities that the NSA has spent $20m building special infrastructure to speed up receiving the data. Microsoft, Twitter, Google and Facebook are now lobbying the NSA to allow them to reveal how many FISA requests they've been served with: if it's astronomical, we'll have confirmation that that's the real scandal.

Alex Hern is a technology reporter for the Guardian. He was formerly staff writer at the New Statesman. You should follow Alex on Twitter.

Getty/New Statesman
Show Hide image

Pupils need internet classes? Here are 41 lessons they should learn

Forget privacy and security, here's what to do when a black and blue dress looks white and gold. 

It is imperative that children are taught how to survive and thrive on the internet, claims a new House of Lords report. According to the Lords Communication Committee, pupils need to learn how to stay safe, avoid addictive games, and become “digitally literate”.

It’s hard to argue with the report, which is a great step forward in acknowledging that the internet now basically = life. Yet although it is crucial that children learn how to stay private and secure online, there are also some equally crucial and not-at-all-flippant pieces of information that the youth urgently need to know. Here are the first 41 lessons in that curriculum.

  1. To figure out how much to donate towards your mate’s charity half-marathon, half X OR double Y, where X is the amount paid by their mum and Y is the amount donated by your closest rival, Becky
  2. Don’t mention that it’s snowing
  3. If – for some reason – you talk about bombs in a Facebook message, follow this up with “Hi Theresa May” in case Theresa May is looking, and then Theresa May will think you are just joking
  4. If you are on a train and you are annoyed about the train, do not tweet @ the social media manager who runs the account for the train, because they are not, in fact, the train
  5. If a Facebook meme starts “Only 10 per cent of people can get this puzzle right” – know that lies are its captain
  6. It’s not pronounced me-me
  7. Never say me-me nor meem, for they should not be discussed out loud
  8. People can tell if you’ve watched their Instagram stories
  9. People can’t tell if you’ve waded back through their Zante 2008 album and viewed all 108 photos
  10. People can tell if you’ve waded back through their Zante 2008 album and viewed all 108 photos if you accidentally Like one – in this circumstance, burn yourself alive
  11. Jet fuel can melt steel beams
  12. If a dog-walking photo is taken in the woods and no one uploads it; did it even happen?
  13. Google it before you share it
  14. Know that Khloe Kardashian does not look that way because of a FitTea wrap
  15. Do not seek solace in #MondayMotivation – it is a desolate place
  16. Respect JK Rowling
  17. Please read an article before you comment about a point that the article specifically rebutted in great detail in order to prepare for such comments that alas, inevitably came
  18. Don’t be racist, ok?
  19. Never, under any circumstances, wade into the Facebook comment section under an article about Jeremy Corbyn
  20.  If a dress looks white and gold to some people and black and blue to some others, please just go outside
  21. Open 200 tabs until you are crippled with anxiety. Close none of the tabs
  22. Despite the fact it should make you cringe, “smol puppers” is the purest evolution of language. Respect that
  23. Take selfies, no matter what anyone says
  24. Watch Zoella ironically until the lines of irony blur and you realise that the 20 minutes you immerse yourself into her rose-gold life are the only minutes of peace in your agonising day but also, what’s wrong with her pug? I hope her pug is ok
  25. Nazi Furries are a thing. Avoid
  26. Use Facebook’s birthday reminder to remember that people exist and delete them from your Friends list
  27. When a person you deleted from your Friends list inexplicably comes up to you IRL and says “Why?” pretend that your little cousin Jeff got into your account
  28. Don’t let your little cousin Jeff into your account
  29. “Like” the fact your friend got engaged even if you don’t actually like the fact she is reminding you of the gradual ebbing away of your youth
  30. No one cares about your political opinion and if they act like they do then I regret to inform you, they want to have sex with you
  31. Please don’t leave a banterous comment on your local Nando’s Facebook page, for it is not 2009
  32. Accept that the viral Gods choose you, you do not choose them
  33. Joke about your mental health via a relatable meme that is actually an agonising scream into the void
  34. Share texts from your mum and mock them with internet strangers because even though she pushed you out of her vagina and gave up her entire life to help you thrive as a person, she can’t correctly use emojis
  35. Follow DJ Khaled
  36. Decide that “Best wishes” is too blah and “Sincerely” is too formal and instead sign off your important email with “Happy bonfire night”” even though that is not a thing people say
  37. If someone from primary school adds you as Friend in 15 years, accept them but never speak again
  38. The mute button is God’s greatest gift
  39. Do not tell me a clown will kill me after midnight if I don’t like your comment because that is not a promise you can keep
  40. Don’t steal photos of other people’s pets
  41. Accept that incorrect "your"s and "you’re"s are not going anywhere and save yourself the time 

Amelia Tait is a technology and digital culture writer at the New Statesman.