Could This Be How PRISM Technically Works?

A plausible account of the technical and institutional details from a long-time national security reporter.

National security reporter Marc Ambinder, who has long been known for his contacts within the intelligence community (he used to work here at The Atlantic), just tweeted what seems like a plausible explanation for how PRISM might function.

His account resolves what has been a remarkably strange situation: Namely, that the government has basically acknowledged the program, yet the capabilities ascribed to PRISM seem incompatible with the full-throated denials of the technology companies who are supposedly working with the government. 

The key sticking point was whether or not the government had "direct access" or, as the Washington Post put it, whether the government was "tapping directly" into servers at Google, Facebook, etc. 

Here's Ambinder's reporting:

On the "no direct access"--[content providers]* push to a separate server the subset of accounts that the FISC order covers; NSA monitors them in real time. 
Let's say court order says "all Yahoo accounts in Pakistan" Yahoo would push those accounts to the server; NSA could watch them in real time. They'd try & figure who & where the incoming emails were coming from. US persons data minimized automatically if possible (often it's not). 
If they're up on a Pak bad guy email and someone in Denver sends that account an email saying "I need more explosives," NSA notifies FBI via a Guardian tip. Then FBI opens prelim investigation to determine if the Denver person is a bad guy & takes over. Of course, to ID the person sending the email to Pakistan, analysis of US persons email might be required. Incidental targeting happens now. And that's how it works. Basically.

* Ambinder originally tweeted that it was ISPs pushed to a separate server, but corrected himself in this tweet. He has also noted that he assumes the court orders are narrower than "all Yahoo accounts in Pakistan." 

Presented by

Join the Discussion

After you comment, click Post. If you’re not already logged in you will be asked to log in or register with Disqus.

Please note that The Atlantic's account system is separate from our commenting system. To log in or register with The Atlantic, use the Sign In button at the top of every page.

blog comments powered by Disqus

Video

What Happened to the Milky Way?

Light pollution has taken away our ability to see the stars. Can we still save the night sky?

Video

The Faces of #BlackLivesMatter

Scenes from a recent protest in New York City

Video

Desegregated, Yet Unequal

A short documentary about the legacy of Boston busing

Video

Ruth Bader Ginsburg on Life

The Supreme Court justice talks gender equality and marriage.

Video

Social Media: The Video Game

What if the validation of your peers could "level up" your life?

Video

The Pentagon's $1.5 Trillion Mistake

The F-35 fighter jet was supposed to do everything. Instead, it can barely do anything.

More in Technology

Just In