PRISM — NSA Mass Surveillance Program (2007–present)
BLUF
PRISM is an NSA surveillance program, authorized under Section 702 of the FISA Amendments Act of 2008, that compels major US internet companies — Microsoft, Yahoo, Google, Facebook, Apple, PalTalk, AOL, Skype, YouTube — to provide direct NSA access to communications data of foreign individuals using US-based services. It was classified until June 2013, when NSA contractor Edward Snowden leaked NSA documents to The Guardian and The Washington Post (Fact, High).
PRISM is the modern counterpart to the Church Committee oversight arc: it represents the rebuilding, at larger scale, of domestic surveillance capabilities curtailed by Church Committee-era reforms (1975–76), enabled by the legal architecture created after the September 11 attacks (Assessment, High).
Legal Architecture: STELLAR WIND to Section 702
STELLAR WIND (2001–2007): After September 11, Bush authorized NSA warrantless surveillance of US persons’ international communications with suspected terrorists, operating outside FISA authorization. In March 2004 Acting AG Comey and DOJ threatened mass resignation. The program was modified; its bulk collection authorities were formalized through legislation (Fact, High).
Section 702 (FISA Amendments Act 2008): Authorizes NSA to collect, without individualized court orders, communications of non-US persons reasonably believed to be located outside the United States — even when those communications pass through or are stored by US companies. The FISC approves targeting procedures annually in bulk, not individual targets. This enables collection at scale impossible under traditional Fourth Amendment warrant requirements (Fact, High).
The Snowden Revelations (June 2013)
Edward Snowden, an NSA contractor via Booz Allen Hamilton, copied approximately 1.5 million classified documents — the largest unauthorized disclosure in US intelligence history — and provided them to Glenn Greenwald and Laura Poitras. First stories published 5–6 June 2013. Snowden obtained asylum in Russia (August 2013) and remains there, charged under the Espionage Act (Fact, High).
Key Programs Revealed
| Program | Description |
|---|---|
| PRISM | Direct collection from 9 US internet companies under Section 702 |
| Section 215 bulk metadata | All US Verizon call detail records; ended by USA FREEDOM Act (2015) |
| XKeyscore | NSA tool for searching collected internet activity — emails, browsing history, social media |
| MUSCULAR | NSA/GCHQ tapping of internal fiber links between Google/Yahoo data centers |
| Five Eyes integration | GCHQ Tempora (bulk UK fiber); CSEC airport wi-fi surveillance; ASIS operations |
The Church Committee Continuity
| Dimension | Church Era (1950s–70s) | Post-9/11 Era (2001–) |
|---|---|---|
| Authorization | Executive order / no statutory basis | Patriot Act, FISA Amendments Act |
| Scope | Domestic political organizations | Bulk collection of essentially all communications |
| Oversight | None / internal | FISC (largely rubber-stamp: ~12 rejections in 34 years pre-2013) |
| How dismantled | Church Committee + FISA 1978 | STELLAR WIND / Section 702 rebuilt the architecture |
The Church Committee reforms — primarily FISA (1978) and the mandatory warrant requirement — were explicitly undermined post-9/11 by reinterpreting “foreign intelligence” collection to encompass bulk domestic data via “incidental collection” doctrine (Assessment, High).
Aftermath
USA FREEDOM Act (2015): Ended Section 215 bulk telephone metadata collection. Did not affect Section 702 (PRISM).
Section 702 reauthorization (2024): Reauthorized with minor reforms; core collection authority remains in force (Fact, High).
EU legal consequences: Schrems I (ECJ, 2015) invalidated EU-US Safe Harbor data transfer framework as European data stored with US companies was accessible to NSA under Section 702 (Fact, High).
Strategic Implications
The oversight deficit as systemic risk. The FISC process — ex parte court reviewing executive applications without adversarial challenge — is structurally incapable of meaningful judicial review of mass surveillance authorities. The Church Committee reforms were premised on adversarial oversight; post-9/11 reforms created a process with the formal apparatus of oversight without its substance (Assessment, High).
Five Eyes as SIGINT sovereignty extension. The FVEY architecture allows surveillance of each nation’s own citizens by partner services — circumventing domestic legal restrictions while maintaining technical compliance (Assessment, High).
NSO Group/Pegasus parallel. The PRISM architecture is the government-side equivalent of the NSO Group/Pegasus model for state surveillance of private devices. PRISM is the US state-level benchmark against which Pegasus proliferation risk should be calibrated. See NSO-Group-Pegasus-Surveillance-Export-SYNTHESIS (Assessment, High).
Cross-References
- Church Committee — direct oversight predecessor; PRISM rebuilt what Church dismantled
- September 11 and the Global War on Terror — legal enabling condition
- COINTELPRO — domestic surveillance doctrine lineage
- NSO-Group-Pegasus-Surveillance-Export-SYNTHESIS — commercial equivalent
- SIGINT
- NSA
Sources
| Source | Type | Confidence |
|---|---|---|
| Privacy and Civil Liberties Oversight Board (PCLOB). Report on the Surveillance Program Operated Pursuant to Section 702 of FISA. July 2014. | Primary, official | Fact, High |
| Greenwald, Glenn. No Place to Hide. Metropolitan Books, 2014. | Secondary, journalist/participant | Fact, High |
| The Guardian / Washington Post. Snowden NSA document releases, June–December 2013. | Primary, leaked documents | Fact, High |
| Bamford, James. The Shadow Factory. Doubleday, 2008. | Secondary, investigative | Fact-Assessment, High |