Back More
Salem Press

Table of Contents

Privacy Rights in the Digital Age

PRISM

by Eric Merriam

The code name for a controversial electronic surveillance program conducted by the U.S. government. Under PRISM, a federal agency—most often the National Security Agency (NSA), (although the Federal Bureau of Investigation and the Central Intelligence Agency also participate)—collects and retains stored electronic information obtained from a variety of Internet companies for foreign intelligence purposes. While the United States Director for National Intelligence (DNI) has asserted that PRISM is actually the name for the computer program that facilitates the government's collection of foreign intelligence, the term is often used to describe the overall surveillance program.

PRDA_p416_001.jpg

The government's claimed legal authority for PRISM is the FISA Amendments Act of 2008, Section 702, which authorizes foreign intelligence electronic surveillance when certain conditions are met. Among those conditions, the information collection may not intentionally target any person known at the time of acquisition to be located in the United States; may not intentionally target a person reasonably believed to be located outside the United States if the purpose of such acquisition is to target a particular, known person reasonably believed to be in the United States; may not intentionally target a U.S. person reasonably believed to be located outside the United States; may not intentionally acquire any communication as to which the sender and all intended recipients are known at the time of the acquisition to be located in the United States; must include minimization procedures designed to reduce the chance that the government will collect and retain information about U.S. persons; and must be conducted in a manner consistent with the Fourth Amendment to the Constitution of the United States.

Under Section 702, when the U.S. government wishes to obtain information on a target, the attorney general and DNI certify to the Foreign Intelligence Surveillance Court (FISC) that, among other things, procedures are in place to ensure that the data collection is targeting only non-U.S. persons outside the United States and that a significant purpose of the collection is foreign intelligence. The FISC reviews the certification for compliance with Section 702, and then a federal agency issues a directive to an Internet company compelling the company to produce information on the target. The directives include demands for information for specific “selectors,” such as specific email addresses. The company is then required to produce all its records for those selectors. Once transmitted by the Internet company, the U.S. government stores the communications in several databases to which intelligence agencies have access.

Despite Section 702's requirement that collection may not intentionally target a U.S. person, there are several ways the government might obtain information on U.S. persons under PRISM. For instance, if a U.S. person communicates with a non-U.S. person who has been targeted or if two non-U.S. persons discuss a U.S. person, these are “incidental” collections, and the communications may be retained and used by the government. On the other hand, “inadvertent” collections of information on U.S. persons, such as if a U.S. person is erroneously targeted, or there is a technological malfunction, must be destroyed. If the government is intentionally targeting a U.S. person, it is required first to obtain a court order.

A few specific companies comprise the vast majority of Internet companies that the federal government has used in its PRISM collection program: Microsoft (including its Hotmail and Outlook email programs and subsidiary Skype), Yahoo!, and Google. The type of records the companies might produce includes Email; instant messages; text, voice, and video chat; and file transfers of various types. Although the program is not authorized to target persons in the United States, PRISM is able to obtain significant quantities of foreign communications because much of the world's Internet communication uses the companies mentioned above.

The legal status of PRISM has been the subject of debate, with some members of Congress claiming to have been unaware of PRISM's existence or that Section 702 authorized such intelligence gathering. The activities now termed PRISM were initially conducted after 9/11 under the president's Terrorist Surveillance Program, arguably under the legal authority of the initial Foreign Intelligence Surveillance Act. In 2007, Congress specifically codified authorization for the PRISM activities in the Protect America Act. When this temporary legal authority expired, Congress included it in the FISA Amendments Act of 2008. All three branches of the U.S. federal government appear to have participated in authorizing PRISM and related activities, including congressional authorization through Section 702 and ongoing oversight, executive branch approval of Section 702 and implementation of PRISM, and judicial branch oversight through the FISC.

In 2013, details of the previously clandestine PRISM were leaked by NSA contractor Edward Snowden through the Guardian and New York Times newspapers. PRISM is sometimes confused with another intelligence-gathering program, also revealed by Mr. Snowden, through which the government engages in bulk collection and retention of telephone call metadata from U.S. telephone service providers. Another common misunderstanding is that PRISM gives the government direct access to Internet company servers. The government and such companies have repeatedly insisted that the companies provide copies of records to the government pursuant to lawful directives and orders, but the program does not allow the government to have direct access to the companies' electronic storage systems.

Further Reading

1 

Ball, James. “NSA's PRISM Surveillance Program: How It Works and What It Can Do.” The Guardian, June 2013.

2 

Privacy and Civil Liberties Oversight Board. Report on the Surveillance Program Operated Pursuant to Section 702 of the Foreign Intelligence Surveillance Act, July 2, 2014.

3 

Savage, Charlie, Edward Wyatt, and Peter Baker. “U.S. Confirms That It Gathers Online Data Overseas.” New York Times, June 2013.

See also: Foreign Intelligence Surveillance Act (FISA); Foreign Intelligence Surveillance Court (FISC); National Security Agency (NSA); Protect America Act of 2007; Snowden, Edward; Terrorism and privacy; Wiretapping

Citation Types

MLA 9th
Merriam, Eric. "PRISM." Privacy Rights in the Digital Age, edited by Christopher T. Anglim & JD, Salem Press, 2016. Salem Online, online.salempress.com/articleDetails.do?articleName=PRDA_0164.
APA 7th
Merriam, E. (2016). PRISM. In C. Anglim & JD (Ed.), Privacy Rights in the Digital Age. Salem Press. online.salempress.com.
CMOS 17th
Merriam, Eric. "PRISM." Edited by Christopher T. Anglim & JD. Privacy Rights in the Digital Age. Hackensack: Salem Press, 2016. Accessed May 30, 2026. online.salempress.com.