Through a #PRISM, Darkly: Tech World’s $20 Million Nightmare

from If you’re still not feeling queasy after reading Thursday’s revelations about the National Security Agency tapping Internet records, you’re probably not paying close enough attention.

In short: a leaked intelligence presentation, verified by multiple
major news sources, claimed to reveal the existence of an NSA program
called PRISM. This program allegedly lets the NSA tap in to the servers
of major Internet organizations, possibly at will.

The names of those organizations include Facebook, Google, Apple,
Microsoft, Yahoo, YouTube and Skype.
It’s a who’s who of popular, often
beloved tech services. Who among us does not have one of these company’s
web pages open on their browser right now, or carry one of their
devices in your pocket? 

Nearly all of those companies quickly denied knowledge of PRISM
Thursday. But it was interesting that they all did so in pretty much
the same way — denying that there is any kind of NSA “direct access” to
their company’s servers (leaving the door open to some form of
warrantless indirect access), then pointing out that they comply with
the law.

If PRISM exists, it is almost certainly perfectly legal under the
Patriot Act and similar legislation. Take this little piece of light
reading, the amended foreign intelligence surveillance Act of 2008 [PDF].
Skip forward to section 702. It has a very interesting section about
compensating tech companies for their troubles. The annual budget of the
PRISM program is $20 million; we don’t know where that is supposed to
be going.

Indeed, the “how” of PRISM is still murky; there’s only so much you
can glean from a bad Powerpoint. (And it is a pretty appalling example
of the form, complete with borrowed clip art.) But put it together with
other metadata tools and wiretapping powers the NSA has acquired over
the last decade. Something that used to sound like a conspiracy theory
has become an open secret: the NSA is potentially aware of your Internet
activity right now.

No doubt whatever snooping is taking place is being done in a very
safe, anonymized way. They’re looking for metadata, or for certain
behavioral characteristics that denote terrorist activity, right? Emails
to known potential bad guys abroad in quick succession, that sort of

The Director of National Intelligence has insisted
that the leak reports were “full of inaccuracies”, without denying the
accuracy of the leaked document itself; he was also careful to point out
was that American citizens were not “targeted.” But here’s the rub: at
the level of anonymized metadata, how are you supposed to distinguish
between citizens and non-citizens? On the Internet, we’re all 1s and 0s. 

“Procedures,” said the DNI dryly, “minimize the acquisition,
retention and dissemination of incidentally acquired information about
U.S. persons.”

Your comfort level, then, largely depends on how much you trust
America’s most secretive intelligence-gathering apparatus, and what
exactly you imagine they’re up to. By dint of what the NSA is, it
doesn’t ever talk about what it does, so your mileage may vary. The
NSA’s $8 billion-a-year budget dwarves that of other intelligence
agencies. So we like to hope it’s on our side, whatever side we imagine
that to be.

True, the alleged $20 million cost of PRISM is a drop in the NSA
bucket. But that’s still $20 million spent creating an Orwellian
metadata monitoring service that could go to giving us jobs or education
or research or, you know, roads.

The “how” is murky; the “what now” is not. If PRISM or something like
it exists, it’s because we stood by and watched it assemble itself.
That is, we in the tech community and we in the U.S. as a whole. If you
disagree with it, if you think it an overreach, if you think enough is
enough, PRISM or no PRISM, then you have to demand change from Congress. 

And changing laws as entrenched as these — passed with bipartisan
support — will require you to get SOPA mad, Occupy Wall Street mad, Tea
Party mad, Howard Beale mad. Labels hardly matter on an issue of this
magnitude. Let your democratic representatives hear, and fear, your

When you’ve done that, by all means keep the conversation going on
Twitter, where it has been buzzing nonstop all evening. Not only will
that help keep the issue front and center, it also supports a company
that — so far as we know — is not embroiled in this security state

Depending on how you feel about boycotts and your confidence level in
this report, you might want to swap your Apple or Android device for
one by BlackBerry, another company not implicated in PRISM. 

Either way, that queasy feeling is probably a good thing. If this
kind of activity is out in the open, if the NSA is leaking for what is
really the first time, then there are some on the inside who feel the
same way. And we can start to have a great national debate about what it
means, whether it is necessary, and when — if ever — we should start
reining it in.

Leave a Reply