Courses
Cloudwards Video Courses New

Cloudwards.net may earn a small commission from some purchases made through our site. However, any earnings do not affect how we review services. Learn more about our editorial integrity and research process.

What Is the PRISM Program? NSA, Edward Snowden and Government Surveillance in 2024

Edward Snowden’s information leak is one of the biggest in U.S. history, which revealed a huge amount of data about government surveillance programs, including the PRISM program. In this article, we’ll answer the question, “What is the PRISM program?” and we’ll examine the data leak.

Kate HawkinsBrett DayIgor Kurtz

Written by Kate Hawkins (Writer)

Reviewed by Brett Day (Writer, Editor)

Facts checked by Igor Kurtz (Fact-checking editor)

Last Updated: 2024-07-31T11:25:30+00:00

All our content is written fully by humans; we do not publish AI writing. Learn more here.

Key Takeaways: What Is the PRISM Program?
  • The PRISM program is a surveillance program operated by the National Security Agency (NSA). It collects communications data that occurs between foreign targets and the U.S.
  • PRISM collects private electronic data from companies like Microsoft, Yahoo, Google, Facebook, YouTube, Skype and Apple.
  • In 2013, whistleblower Edward Snowden leaked classified details of the PRISM program. He believed that the surveillance was destroying “privacy, internet freedom and basic liberties for people around the world.” 1

Facts & Expert Analysis About the PRISM Program:

  • PRISM collects private data from U.S. service providers: This information can include items that are stored by major companies, such as emails and documents, photographs, instant messages and videos.
  • Concerns about the PRISM program’s scope: The federal government and the companies involved claim that any data collected is for specific targets and has court approval. However, the program’s secretive nature causes concerns about the constitutional rights and civil liberties of U.S. citizens.
  • PRISM was founded in 2007: After President Bush’s administration passed the Protect America Act, PRISM was established. It’s monitored by the U.S. Foreign Intelligence Surveillance Court.

In 2013, NSA contractor Edward Snowden leaked classified information to try and show the world the extent of U.S. government surveillance. Suddenly, the U.S. public began asking, “What is the PRISM program?” and “Is the U.S. government spying on me?” They started wondering if the collection of private data was an oversight or an intentional act.

While the National Security Agency, the tech companies involved and the U.S. government all reassured the public that they adhere to strict security and privacy regulations, the world wasn’t so sure. Many people began seeking ways to protect their personal information effectively, like using a VPN to encrypt their internet connections — see our guide to the 10 best VPN providers.

Our privacy experts at Cloudwards often share information on how to protect your privacy online, so we wanted to take a more in-depth look at surveillance programs (including PRISM).

  • 07/31/2024 Facts checked

    We rewrote this guide to include updated information and use an easier-to-read format.

National Security Agency: What Is the PRISM Program? 

The PRISM program (also known as SIGAD US-984XN) is one of many NSA programs designed to collect internet communications that could threaten national security. The intelligence is collected from U.S. internet companies like Microsoft, Google and Facebook with the intention of targeting foreign communications with the U.S.

Online Security

Check out our online security courses and grab a limited-time offer.
Enrollment available now!

Enroll Now

Cloud Storage Courses

Check out our cloud storage courses and grab a limited-time offer.
Registration available now!

Enroll Now

PRISM allows agents to send data collection requests to major internet services without getting individual court orders. This can include audio (like VoIP calls), videos, emails, saved documents and photographs.

According to leaked documents obtained by The Washington Post and The Guardian, the PRISM program gives the NSA and other intelligence agencies direct access to the servers of U.S. internet companies. 

However, the companies involved and the United States government refute this claim. They state that they can collect a user’s data only by obtaining permission from the FISA court, along with written directives from the director of national intelligence and the attorney general.

Purpose: What Did the PRISM Program Do?

The PRISM program was established to help collect foreign signals intelligence (SIGINT) in the form of internet communications. Drawing from the leaked information, The Washington Post reported that PRISM was the most used program in NSA reporting. At the time of the information leak, 91% of NSA data acquired under FISA was gathered using PRISM. 2

Below, we’ll quickly break down PRISM along with a few other code names and acronyms so you can better understand them.

Important Terms Glossary:

  • PRISM: This code name is for the program that the NSA uses to collect information and data from U.S. companies.
  • NSA: The National Security Agency is a U.S. intelligence agency responsible for collecting and processing data related to foreign intelligence and counterintelligence. It’s tasked with protecting U.S. communication networks.
  • FISA: The Foreign Intelligence Surveillance Act is a U.S. federal law that outlines the processes of collecting and surveilling foreign intelligence. 
  • FISC: The Foreign Intelligence Surveillance Court oversees, approves and denies requests for surveillance warrants against foreign agents or spies residing within the U.S.
  • GCHQ: The Government Communications Headquarters is a U.K. organization that provides signals intelligence and information assurance to the U.K. government and armed forces.
  • SIGAD: A Signals Intelligence Activity Designator is an alphanumeric label that identifies a particular facility used for collecting intelligence. For example, this may refer to satellites, data servers or tapped internet cables.
  • SIGINT: This stands for signals intelligence and refers to the interception of signals for use in intelligence gathering.

nsa acronyms
All NSA programs have acronyms or code names.

Why Is the PRISM Surveillance Program Important? 

The PRISM program is important because it allows the NSA and other agencies to access massive amounts of communications and user data from various large tech companies. Not only does this constitute a massive violation of privacy, it’s also been ruled unconstitutional and in violation of the 4th amendment when used against U.S. citizens.

Project PRISM History: Foreign Intelligence Surveillance Act & More

Created in 2007, the PRISM program is known as a streamlined version of the Terrorist Surveillance Program that was enacted after 9/11. The Terrorist Surveillance Program was widely criticized as it didn’t require warrants to be obtained from the Foreign Intelligence Surveillance Court (FISC). On the other hand, PRISM itself was authorized by the FISC.

PRISM operates under the Foreign Intelligence Surveillance Act of 1978 (FISA), which details the procedures for surveilling foreign targets and collecting information in the U.S.

Specifically, PRISM can collect this information legally under Section 702 of the 2008 FISA Amendments Act. This amendment makes it possible to intentionally target and obtain information from foreign persons who are reasonably believed to reside outside the U.S.

The PRISM Leak: What Did Edward Snowden Do? 

In 2013, Edward Snowden leaked PRISM documents and other information to journalists from The Guardian and The Washington Post. He decided to reveal this sensitive information after working with the NSA and the CIA, where he became disillusioned about the way that government surveillance programs operated.

The goal of the leak was to provide the public with transparency and promote debate about NSA surveillance programs. Snowden’s leaks also revealed details of other surveillance programs — such as XKeyscore, Tempora, MUSCULAR and Project 6 — and included an order from the NSA to Verizon to hand over daily telephone records and metadata on all of its customers. 3

Key PRISM Program Dates 

Here is a look at some of the key dates in the PRISM program’s history.

Circa 2007

The PRISM program is launched, and the NSA and other agencies begin using it to collect information from foreign targets.

June 6, 2013

The Washington Post and The Guardian publish leaked slides that reveal the nature of the PRISM program to the public. U.S. tech companies deny their involvement with the program. In addition, James Clapper — the director of national intelligence at the time — makes a statement asking the public to trust that the federal government respects civil liberties. 4

June 7, 2013

It’s revealed that the U.K. government has also benefited from the PRISM program since 2010. President Obama makes a statement that Congress has known about and approved of PRISM for years, and that the program doesn’t apply to U.S. citizens. 5

June 20, 2013

Procedural data regarding the NSA’s targeting and “minimization” of information is leaked, showing that the communications of U.S. citizens can be retained (despite efforts to avoid domestic communications that are strictly U.S.-based).

June 29, 2013

More leaked slides are exposed, stating that PRISM has obtained more than 100,000 records associated with “active surveillance targets.” 6 These slides also reveal that it’s possible for agencies to engage in real-time monitoring of targets.

Circa 2020

The PRISM project is ruled unconstitutional by an appeals court.

What Kind of Data Does the NSA Collect? 

The NSA collects two kinds of data: content and metadata. We will explore each type in more detail below.

Content

Content refers to information that is contained within communications. For example, when you send a text using WhatsApp, any written messages, recorded voice clips, attached photos or inserted GIFs are all considered “content.” Content is typically much more protected than metadata as it’s regarded as personal information, which is invasive to obtain.

If you want to learn how to get the most out of WhatsApp — such as changing your privacy settings, deleting messages and media, and more — check out our guide on 26 WhatsApp tips and tricks.

Metadata

Metadata is the information related to content that doesn’t describe the content itself. For example, the metadata of an email includes the date and time that it was sent or received, as well as the email addresses of the sender and recipient. However, it doesn’t include the email’s contents.

How Does the NSA Collect Data? 

Very broadly, the NSA collects data in two ways: “upstream” collection and programs like PRISM. The ability to collect data relies on two key statutes — Section 702 of the FISA Amendments Act (using programs like PRISM) and Section 215 of the Patriot Act (using upstream collection). We’ll break down upstream data collection and the PRISM program below.

How the NSA collects your data
The NSA collects data directly from many leading U.S. companies.

Upstream Collection

Upstream data collection occurs when communications are intercepted and collected as they travel along internet infrastructure and data cables. The NSA partners with communications companies like AT&T, which can access high-capacity fiber-optic cables to collect the internet data that travels along them.

The issue with this electronic surveillance method is that it doesn’t collect only foreign communications (between the U.S. and other countries) but also domestic communications within the U.S. This means that the average U.S. citizen risks having their communications collected and stored by the government.

Programs Like PRISM

Programs like PRISM use downstream data collection, which involves the NSA contacting tech companies like Google, Facebook or Apple and requesting data via subpoena. This communication data should be between the United States and foreigners overseas, but domestic communications have also been collected (supposedly inadvertently).

What Changed After Edward Snowden’s Leak? 

In the wake of Snowden’s revelations, public discourse around private data and surveillance activities was booming. Organizations like the ACLU (American Civil Liberties Union) condemned the program, calling for an end to “warrantless mass surveillance.” 7

After the Patriot Act expired, the Freedom Act was proposed, with modifications and limitations regarding the collection of telecommunication metadata of U.S. citizens. The Freedom Act was designed to assure the public that the federal government wasn’t interested in the data of U.S. citizens (even though they collected and retained it). You can learn more in our “what is the USA Freedom Act” article.

Tech companies also lost a considerable amount of public trust and business, particularly due to claims that the NSA could tap into cloud-based storage. Other companies took the initiative to create more secure technology, including online storage and smartphones. If you’re looking for secure online storage, see our roundup of the best cloud-based storage providers.

Is the PRISM Program Still Active? 

It’s impossible to know to what extent the PRISM program is still operational, and to what capacity it’s changed since Edward Snowden revealed his information. 

In 2020, an appeals court found that the program violated constitutional rights when used to indiscriminately collect information on U.S. citizens without a warrant. This should mean that now, intelligence agencies must send individual warrants or data requests to technology companies on a case-by-case basis if they need to access information.

However, PRISM is still allowed to operate as part of section 702 of the Foreign Intelligence Surveillance Act (or FISA), which allows intelligence agencies to collect data on foreigners. Since PRISM was never legally allowed to indiscriminately collect data from U.S. citizens in the first place, it’s impossible to know whether or not this is still taking place, even with the court ruling.

Final Thoughts

It’s clear that the U.S. government has the capacity to monitor almost all communications for the average U.S. citizen. Whether through phone companies or tech giants, innocent bystanders could be swept up in collection programs — the leaked PRISM documents revealed exactly that.

Fortunately, there are some simple ways to improve your security and privacy. You can use a high-quality VPN, or check out our guides on how to encrypt text messages and the 99 best free privacy tools to help protect yourself. By being aware of how you communicate, store information online and interact with the internet, you can keep your personal data as safe as possible.

What do you think about government surveillance programs? Do you think anything has changed since Edward Snowden blew the whistle? What measures do you take to maintain your personal security and privacy online? Let us know in the comments below, and thank you for reading!

FAQ: PRISM NSA

  • The PRISM program collected targeted communications information from various U.S. companies (like Google, Apple and Facebook) without requiring national intelligence agencies to obtain court orders prior to collection.

  • PRISM is a “front-end” or software program that allows NSA agents to search and retrieve data that’s considered significant to national security.

Sources:

  1. Edward Snowden: the whistleblower behind the NSA surveillance revelations — The Guardian
  2. United States Foreign Intelligence Surveillance Court — EFF
  3. NSA collecting phone records of millions of Verizon customers daily — The Guardian
  4. US intelligence chief asks public to blindly trust that the government respects civil liberties — The Verge
  5. Obama Surveillance Speech — SB Nation
  6. President Obama on NSA spying: Congress has known about it and approved for years — The Verge
  7. Five Things to Know About NSA Mass Surveillance and the Coming Fight in Congress — ACLU
↑ Top