View all newsletters
Sign up to our newsletters

Support 110 years of independent journalism.

  1. Science & Tech
13 June 2013updated 14 Jun 2013 9:29am

Completing the PRISM jigsaw puzzle

The NSA takes such great quantities of data legally that it has built a system to manage it.

By Alex Hern

A week on from the revelations in the Guardian and Washington Post about the PRISM revelations, and the dust is settling. The tech companies have issued their denials; Edward Snowden has revealed himself as the source of the leak; and the Guardian has published five of the slides from the presentation in which the NSA lay out the scheme. At the same time, the recontextualisation of what we previously knew has brought more information forward.

Putting it all together, we can start getting our first really good guess at what PRISM actually is:

A system for requesting and managing data from major online companies using the FISA provisions which allow for secret collection of information.

That guess comes from examining the constraints which are laid out by the various pieces of information made public:

  • PRISM only cost $20m: That’s an astonishingly low price, and suggests that the vast majority of the work was done by the companies themselves. It rules out anything involving breaking encryption, or significant amounts of hardware being installed externally.
  • The firms involved have all denied it: “Well, they would say that, wouldn’t they?” Nonetheless, many of the denials are worded incredibly strongly. Take Google’s chief architect:

    Even if I couldn’t talk about it, in all likelihood I would no longer be working at Google: the fact that we do stand up for individual users’ privacy and protection, for their right to have a personal life which is not ever shared with other people without their consent, even when governments come knocking at our door with guns, is one of the two most important reasons that I am at this company.

    Select and enter your email address Your weekly guide to the best writing on ideas, politics, books and culture every Saturday. The best way to sign up for The Saturday Read is via saturdayread.substack.com The New Statesman's quick and essential guide to the news and politics of the day. The best way to sign up for Morning Call is via morningcall.substack.com Our Thursday ideas newsletter, delving into philosophy, criticism, and intellectual history. The best way to sign up for The Salvo is via thesalvo.substack.com Stay up to date with NS events, subscription offers & updates. Weekly analysis of the shift to a new economy from the New Statesman's Spotlight on Policy team. The best way to sign up for The Green Transition is via spotlightonpolicy.substack.com
    • Administration / Office
    • Arts and Culture
    • Board Member
    • Business / Corporate Services
    • Client / Customer Services
    • Communications
    • Construction, Works, Engineering
    • Education, Curriculum and Teaching
    • Environment, Conservation and NRM
    • Facility / Grounds Management and Maintenance
    • Finance Management
    • Health - Medical and Nursing Management
    • HR, Training and Organisational Development
    • Information and Communications Technology
    • Information Services, Statistics, Records, Archives
    • Infrastructure Management - Transport, Utilities
    • Legal Officers and Practitioners
    • Librarians and Library Management
    • Management
    • Marketing
    • OH&S, Risk Management
    • Operations Management
    • Planning, Policy, Strategy
    • Printing, Design, Publishing, Web
    • Projects, Programs and Advisors
    • Property, Assets and Fleet Management
    • Public Relations and Media
    • Purchasing and Procurement
    • Quality Management
    • Science and Technical Research and Development
    • Security and Law Enforcement
    • Service Delivery
    • Sport and Recreation
    • Travel, Accommodation, Tourism
    • Wellbeing, Community / Social Services
    Visit our privacy Policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications.
    THANK YOU

    That suggests that the majority of what the NSA considers to be the PRISM program is in their hands, not the companies’.

  • FISA requests are not public: The Foreign Intelligence Surveillance Act, a thirty-year-old law which was most recently amended in 2008, allows US government agencies to make demands for data through a secret court. Requests to the court for warrants are rarely turned down, and companies are not allowed to publicise how many requests they make.
  • The NSA describes collection of data “directly from the servers” of participating companies: This is the claim which has got everyone into such trouble. The Washington Post appears to have based its claim that PRISM consisted of “direct access” to their servers on this phrasing; it has since retracted that claim. The Guardian has not retracted, but has now provided an alternative description of what it means:

    The Guardian understands that the NSA approached those companies and asked them to enable a “dropbox” system whereby legally requested data could be copied from their own server out to an NSA-owned system.

    That would involve collecting data “directly from servers” while not quite involving the NSA having “direct access” to the companies data. (By way of analogy, when you visit Google.com, you are downloading data from Google’s servers, but it would probably be misleading to say you had “direct access” to their servers.) That matches information Google has disclosed about how it transfers data to the NSA: through good, old-fashioned FTP.

So it seems like PRISM is the name for the scheme by which FISA demands for data are transferred to the NSA. If that’s the case, the technology of PRISM isn’t the scary thing. Neither is the possibility of illegal activity on the part of the NSA.

Instead, it’s that FISA requests are served in such great quantities that the NSA has spent $20m building special infrastructure to speed up receiving the data. Microsoft, Twitter, Google and Facebook are now lobbying the NSA to allow them to reveal how many FISA requests they’ve been served with: if it’s astronomical, we’ll have confirmation that that’s the real scandal.

Content from our partners
The promise of prevention
How Labour hopes to make the UK a leader in green energy
Is now the time to rethink health and care for older people? With Age UK

Select and enter your email address Your weekly guide to the best writing on ideas, politics, books and culture every Saturday. The best way to sign up for The Saturday Read is via saturdayread.substack.com The New Statesman's quick and essential guide to the news and politics of the day. The best way to sign up for Morning Call is via morningcall.substack.com Our Thursday ideas newsletter, delving into philosophy, criticism, and intellectual history. The best way to sign up for The Salvo is via thesalvo.substack.com Stay up to date with NS events, subscription offers & updates. Weekly analysis of the shift to a new economy from the New Statesman's Spotlight on Policy team. The best way to sign up for The Green Transition is via spotlightonpolicy.substack.com
  • Administration / Office
  • Arts and Culture
  • Board Member
  • Business / Corporate Services
  • Client / Customer Services
  • Communications
  • Construction, Works, Engineering
  • Education, Curriculum and Teaching
  • Environment, Conservation and NRM
  • Facility / Grounds Management and Maintenance
  • Finance Management
  • Health - Medical and Nursing Management
  • HR, Training and Organisational Development
  • Information and Communications Technology
  • Information Services, Statistics, Records, Archives
  • Infrastructure Management - Transport, Utilities
  • Legal Officers and Practitioners
  • Librarians and Library Management
  • Management
  • Marketing
  • OH&S, Risk Management
  • Operations Management
  • Planning, Policy, Strategy
  • Printing, Design, Publishing, Web
  • Projects, Programs and Advisors
  • Property, Assets and Fleet Management
  • Public Relations and Media
  • Purchasing and Procurement
  • Quality Management
  • Science and Technical Research and Development
  • Security and Law Enforcement
  • Service Delivery
  • Sport and Recreation
  • Travel, Accommodation, Tourism
  • Wellbeing, Community / Social Services
Visit our privacy Policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications.
THANK YOU