Solving the mystery of PRISM
How the NSA organizers its signals intelligence collection
What exactly is PRISM? How does it work? Who uses it?
Let's assume that the companies whose data is sucked in by a National Security Agency tool called PRISM are denying their knowledge of the word and its associations in good faith. And let us also accept their denials that they've given someone at the NSA "direct access" to their servers.
So where are we?
Subscribe to The Week
Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.
Sign up for The Week's Free Newsletters
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
There are many types of nicknames and special words that the NSA uses.
Some refer to collection tools. Some refer to data processing tools.
Each data processing tool, collection platform, mission and source for raw intelligence is given a specific numeric signals activity/address designator, or a SIGAD. The NSA listening post at Osan in Korea has the SIGAD USA-31. Clark Air Force Base is USA-57.
PRISM is US-984XN.
Sign up for Today's Best Articles in your inbox
A free daily email with the biggest news stories of the day – and the best features from TheWeek.com
Each SIGAD is basically a collection site, physical or virtual; the SIGAD alphanumerics are used to indicate the source of intelligence FOR a particular report.
The NSA often assigns classified code names to the product of SIGADs. These can be confused with the nicknames or proper names of the collection platforms themselves, which may or may not be classified. What PRISM does is classified; the fact that there is a "PRISM" tool that does something is not.
Analysts working on a problem can request that a particular collection site be tasked, or used. The form they fill out is known as an SP0200. Additionally, when they wish to discontinue using a SIGAD for a mission, they send in another SP0200.
To make things even more complicated, the NSA assigns every administrative and technical operation, location and cell its own alphanumeric designation. The NSA office that tasks and troubleshoots the SENIOR SPAN platform, attached to U2 spy planes, is known as G112. The agency's Special Collection Service, which operates out of embassies, is F6.
Other NSA nicknames refer to databases. "Marina" is a database for metadata collected from telephone records. Most database names are not classified, but their association with a particular technology or a dataset is classified.
That is, Marina=telephone metadata — classified. Marina by itself ... unclassified.
I think, but don't know, that the Verizon metadata contained in the FISC order we saw goes into the Marina database.
On top of this, for especially sensitive programs, like those involving analysis and collection of domestic telephone or email metadata, or those involving offensive cyberwarfare, the NSA creates "special access programs" that are identified by a code word, an unclassified nickname, and a digraph. The existence of these SAPs and their code words are classified TOP SECRET. Sometimes, small NSA collection cells access particularly sensitive or advanced collection platforms, like, say, tiny flying bugs. These technologies are not shared with every NSA collection cell; the technologies themselves are classified. (I don't know if the NSA actually uses tiny flying bugs).
So: An analyst sits down at a desk. She uses a tool, like PRISM, to analyze information collected and deposited in a database, like CONTRAOCTAVE. Then she uses another tool, perhaps CPE (Content Preparation Environment), to write a report based on the analysis. That report is stored in ANOTHER database, like MAUI. MAUI is a database for finished NSA intelligence products. Anchory is an intelligence community-wide database for intelligence reports.
If the analyst was analyzing the content of telephone traffic, he or she would access the desired traffic stream through the use of a "selector," which is the NSA's term for production lines. The stuff inside a selector comes from one or more SIGADs. A selector is kind of like an RSS feed that fills itself with content from several sources.
A system called XKEYSCORE processes most of the SIGINT traffic that comes into the NSA by way of various SIGADs, and compartmentalizes it by selector. A selector might be "RUSFOR," which would stand for Russian foreign ministry intercepts. Or something like that. Recorded signals intercepts are stored in a database called PINWALE.
This is all very complicated, and that is on purpose. But this brief tutorial is important. PRISM is a kick-ass GUI that allows an analyst to look at, collate, monitor, and cross-check different data types provided to the NSA from internet companies located inside the United States.
The programs that use PRISM are focused, as the government said yesterday, on foreign intelligence. A lot of foreign intelligence runs through American companies and American servers.
The chain of action works like this.
Under the FISA Amendments Act of 2008, the NSA and the attorney general apply for an order allowing them to access a slice of the stuff that a company like Facebook keeps on its servers. Maybe this order is for all Facebook accounts opened up in Abbottabad, Pakistan. Maybe there are 50 of them. Facebook gets this order.
Now, these accounts are being updated in real-time. So Facebook somehow creates a mirror of the slice of stuff that only the NSA can access. The selected/court-ordered accounts are updated in real-time on both the Facebook server and the mirrored server. PRISM is the tool that puts this all together. Facebook has no idea what the NSA is doing with the data, and the NSA doesn't tell them.
The companies came online at different points, according to the documents we've seen, maybe because some of them were reluctant to provide their data and others had to find a way to standardize their data in a way that PRISM could understand. Alternatively, perhaps PRISM updates itself regularly and is able to accept more and more types of inputs.
What makes PRISM interesting to us is that it seems to be the ONLY system that the NSA uses to collect/analyze non-telephonic non-analog data stored on American servers but updated and controlled and "owned" by users overseas. It is a domestic collection platform USED for foreign intelligence collection. It is of course hard to view a Facebook account in isolation and not incidentally come into contact with an account that is owned by an American. I assume that a bunch of us have Pakistani Facebook friends. If the NSA is collecting on that account, and I were to initiate a Facebook chat, the NSA would suck up my chat. Supposedly, the PRISM system would flag this as an incidental overcollect and delete it from the analyst's workspace. Because the internet is a really complicated series of tubes, though, this doesn't always happen. And so the analyst must sometimes "physically" segregate the U.S. person's data.
What happens if I, in America, tell my Pakistani friend via Facebook chat that I am going to bomb a bridge? We don't know precisely what happens when, in the course of a foreign intelligence intercept, a U.S. person creates evidence of their complicity with terrorism. The analyst must be able to distinguish between relevant and non-relevant communication. If the analyst catches my threat, then he or she will immediately initiate a procedure that sends the information to the FBI, which begins its own investigation of me. The NSA does not continue to collect on me. The FBI does — and probably uses the NSA tip as probable cause to obtain a FISA order to start collecting data using a PRISM-type tool of its own.
What if the location of the other person is unknown? The NSA has a tool called AIRHANDLER that helps them geolocate the origin of these special signals.
Here is an important thing to know: Everything the NSA analyst leaves an audit trail. And the NSA has a staff of auditors who do nothing but sample the target folders for over-collects.
There are many unknowns, of course, and many places where the system could break down. We do not know the minimization rules. They are highly classified. We do not know how long minimized data sits in storage. We don't know how many NSA analysts are trained to handle U.S. persons' data, or HOW they are trained. We don't know the thresholds to determine what the NSA finds to be relevant enough. We don't know how long the NSA can collect on a target without getting a FISA order, though we do know that they can start collecting without one if the circumstances demand it.
Marc Ambinder is TheWeek.com's editor-at-large. He is the author, with D.B. Grady, of The Command and Deep State: Inside the Government Secrecy Industry. Marc is also a contributing editor for The Atlantic and GQ. Formerly, he served as White House correspondent for National Journal, chief political consultant for CBS News, and politics editor at The Atlantic. Marc is a 2001 graduate of Harvard. He is married to Michael Park, a corporate strategy consultant, and lives in Los Angeles.
-
Will Starmer's Brexit reset work?
Today's Big Question PM will have to tread a fine line to keep Leavers on side as leaks suggest EU's 'tough red lines' in trade talks next year
By The Week UK Published
-
How domestic abusers are exploiting technology
The Explainer Apps intended for child safety are being used to secretly spy on partners
By Chas Newkey-Burden, The Week UK Published
-
Scientists finally know when humans and Neanderthals mixed DNA
Under the radar The two began interbreeding about 47,000 years ago, according to researchers
By Justin Klawans, The Week US Published
-
Why Puerto Rico is starving
The Explainer Thanks to poor policy design, congressional dithering, and a hostile White House, hundreds of thousands of the most vulnerable Puerto Ricans are about to go hungry
By Jeff Spross Published
-
Why on Earth does the Olympics still refer to hundreds of athletes as 'ladies'?
The Explainer Stop it. Just stop.
By Jeva Lange Last updated
-
How to ride out the apocalypse in a big city
The Explainer So you live in a city and don't want to die a fiery death ...
By Eugene K. Chow Published
-
Puerto Rico, lost in limbo
The Explainer Puerto Ricans are Americans, but have a vague legal status that will impair the island's recovery
By The Week Staff Published
-
American barbarism
The Explainer What the Las Vegas massacre reveals about the veneer of our civilization
By Damon Linker Published
-
Welfare's customer service problem
The Explainer Its intentionally mean bureaucracy is crushing poor Americans
By Jeff Spross Published
-
Nothing about 'blood and soil' is American
The Explainer Here's what the vile neo-Nazi slogan really means
By Edward Morrissey Published
-
Don't let cell phones ruin America's national parks
The Explainer As John Muir wrote, "Only by going alone in silence ... can one truly get into the heart of the wilderness"
By Jeva Lange Published