Last month, Britain's The Guardian and the Washington Post, via the famous/infamous Edward Snowden, reported on a mysterious government information collection program called PRISM.
PRISM is an ongoing government effort to collect information from the internet about both foreign and domestic targets. Concerns about the collection and use of this data have produced a backlash from people and businesses around the world. Many fear the effects, use, and possible misuse of information.
The National Security Agency somehow (it is not known how) obtains information about certain targets (it is not known who or why or how they are selected) from major internet entities, such as Facebook, Google, Yahoo, and others. All three of these companies, among others, strongly deny that they have granted access to the federal government for any information collection.
According to a Washington Post summary of known information:
We know that PRISM is a system the NSA uses to gain access to the
private communications of users of nine popular Internet services. We
know that access is governed by Section 702 of the Foreign Intelligence
Surveillance Act, which was enacted in 2008. Director of National
Intelligence James Clapper tacitly admitted PRISM’s existence in a blog post last Thursday. A classified PowerPoint presentation leaked by Edward Snowden states that PRISM enables “collection directly from the servers” of Microsoft, Yahoo, Google, Facebook and other online companies.
It goes on to say that
The (New York) Times says
that major tech companies have systems that “involve access to data
under individual FISA requests. And in some cases, the data is
transmitted to the government electronically, using a company’s
Data is “shared after company lawyers have reviewed the FISA request
according to company practice. It is not sent automatically or in bulk,”
the Times reports. The scheme is “a more secure and efficient way to
hand over the data.”
A source told CNet’s Declan McCullagh
that PRISM is “a very formalized legal process that companies are
obliged to do.” A source — perhaps the same one — says that “you can’t
say everyone in Pakistan who searched for ‘X’ … It still has to be
Additional reporting by Cato Institute writer Julian Sanchez raises more concerns. The law which pertains to PRISM removed the constitutionally necessary provision that a warrant must be obtained if the main target was a non citizen. However, information collected about a US citizen in the process is allowed to be stored until someone proves that it is worthless.
The NSA itself makes the determination on the worthiness of the information.
Furthermore, information under some circumstances can be obtained and kept even if the only people involved are US citizens.
The knowns, unknowns, and what is unknown that is unknown have introduced uncertainty into the equation. As US and foreign media scurry to gain further insight on the scope and target of the program, other countries may be setting up what defenses they can.
Companies involved in data collection and security, along with their
home countries, fear intrusion by American intelligence services. At a recent panel held by the Information Technology and Innovation Foundation, a guest speaker pointed out that some countries may follow Brazil in passing laws to protect digital information and commerce. This measure passed by countries fearful of surveillance could backfire in restricting information to places with archaic security.
Furthermore, it is difficult to estimate how many foreign nationals may try to avoid doing business with American firms because of PRISM and the lack of understanding about it.
Most agree that speculation about PRISM is driven in part by fear of the unknown, as well as the potential for abuse. It remains to be seen what the world's reaction will be, as well as what the full scope of the program actually is.