Prism is a top-secret $20m-a-year NSA surveillance program, offering the agency access to information on its targets from the servers of some of the USA’s biggest technology companies: Google, Apple, Microsoft, Facebook, AOL, PalTalk and Yahoo. The UK’s spy agency GCHQ has access to Prism data.
NSA documents suggest the agency can use Prism to access information “directly from the servers” of US companies – a claim they strongly deny. Other documents showed the NSA had paid out millions of dollars to “Prism providers”, and showed Microsoft had helped the NSA circumvent its users’ encryption.
The UK’s GCHQ spy agency is operating a mass-interception network based on tapping fibre-optic cables, and using it to create a vast “internet buffer”, named Tempora – a kind of Sky+ for huge amounts of data flowing in and out of the UK. The content of communications picked up by the system are stored for three days, while metadata – sender, recipient, time, and more – is stored for up to thirty days. Metadata is effectively the “envelope” of a communcation: who it’s from, when it was sent and from where, and who it’s to, and where – but not the actual contents of the communication.
The system, part of GCHQ’s stated goal to “Master the Internet”“>, is enabled using a little-known clause of a law passed in 2000 for individual warranted surveillance, known as RIPA. The telecoms companies involved in the surveillance program were later named as BT, Verizon Business, Vodafone Cable, Global Crossing, Level 3 Viatel and Interoute.
3. Phone collection
The very first story from the NSA files showed the agency was continuing a controversial program to collect the phone records (“metadata”) of millions of Americans – a scheme begun under President Bush. The scheme was widely believed to have been scrapped years before.
The program, which was re-authorised in July, allows the agency to store who Americans contact, when, and for how long. The agency is not, however, allowed to store the contents of calls. The Obama administration later released hundreds of pages of confidential documents about the program, showing aspects of the surveillance had at one stage been judged unconstitutional by secret oversight courts.
“Upstream” refers to a number of bulk-intercept programs carried out by the NSA, codenamed FAIRVIEW, STORMBREW, OAKSTAR and BLARNEY. Like similar GCHQ programs, upstream collection involves intercepting huge fibre-optic communications cables, both crossing the USA and at landing stations of undersea cables.
The collection, which relies on compensated relationships with US telecoms companies, allows the NSA access to huge troves of phone and internet data, where at least one end of the communication is outside of the country. Later disclosures revealed the NSA keeps all the metadata it obtains through Upstream and Prism in a database system called MARINA for 12 months.
5. Cracking cryptography
The NSA and GCHQ have been undertaking systematic effort to undermine encryption, the technology which underpins the safety and security of the internet, including email accounts, commerce, banking and official records.
The NSA has a $250m-a-year program working overtly and covertly with industry to weaken security software, hardware equipment, and the global standards on security, leading experts to warn such actions leave all internet users more vulnerable.
Both agencies’ codenames for their ultra-secret programs are named after their countries’ respective civil war battles: BULLRUN for the NSA, and EDGEHILL for GCHQ.