PRISM – not as bad as you thought? (And don’t call it PRISM!)


You’ve almost certainly heard about PRISM, an abbreviation that has come to mean “US surveillance of everything.”

Since Naked Security first wrote about this unfolding drama last week, a raft of new information has come to light.

The whistleblower who leaked the information has come forward; his employer has responded; and the US Department of National Intelligence itself has spoken on the record.

The conspiracy theories probably haven’t been shaken, but they’ve certainly been stirred.

Whistleblower comes forward

A chap by the name of Edward Snowden, who’s 29 years old and works for a defence contractor, has outed himself as the source of the PRISM leak.

According to The Guardian, he slipped out of the US, flew to Hong Kong and holed up in a hotel.

Apparently, he’s been out of his room only three times in the past three weeks.

From Hong Kong, he blew the whistle, purportedly claiming that:

I don't want to live in a society that does these sort of things.

He also seems to have come up with a very quotable quote that will probably end up being seen as selfless by his fans, but as mildly messianic by his detractors:

I understand that I will be made to suffer for my actions, but I will be satisfied if the federation of secret law, unequal pardon and irresistible executive powers that rule the world that I love are revealed even for an instant

Employer responds

His employer, the redolently-named Booz Allen Hamilton, has reacted with undisguised outrage:

Booz Allen can confirm that Edward Snowden, 29, has been an employee of our firm for less than 3 months, assigned to a team in Hawaii. News reports that this individual has claimed to have leaked classified information are shocking, and if accurate, this action represents a grave violation of the code of conduct and core values of our firm. We will work closely with our clients and authorities in their investigation of this matter.

US National Intelligence speaks publicly

The US Office of the Director of National Intelligence has gone public, too.

The Director himself, James R. Clapper, has opened up a list of previously-classified nuggets about the PRISM project.

(You can download the official version from the DNI’s website. [PDF, 3 pages.])

Here’s a very brief summary of the DNI’s brief summary:

  • It’s not called PRISM; that’s just the name of the computer system that makes it work.
  • It’s really called the Collection of Intelligence Pursuant to Section 702 of the Foreign Intelligence Surveillance Act, or Section 702 for short.
  • Section 702 doesn’t operate outside the oversight of Congress and the courts.
  • It doesn’t collect information without court approval or without informing service providers.
  • It isn’t allowed to target anyone inside the US, or any US citizen anywhere.
  • It isn’t allowed to target foreigners in order to target people inside the US.
  • It’s actually been jolly useful and has mitigated potential computer network attacks.

There you have it.

Department of Justice gets involved

The DNI followed up its declassification by passing the buck to the Department of Justice, pretty much ruling out any further comment from the intelligence community:

Because the matter has been referred to the Department of Justice, we refer you to the Department of Justice for comment on any further specifics of the unauthorized disclosure of classified information by a person with authorized access. The Intelligence Community is currently reviewing the damage that has been done by these recent disclosures. Any person who has a security clearance knows that he or she has an obligation to protect classified information and abide by the law.

And that’s that.

You get to have your say

All I can say is that I can’t see the DNI persuading people to stop using PRISM as a collective noun for the entire schemozzle, and I can’t see the schemozzle abating for quite some time.

What do you think? What will happen next?

Let us know in the comments below!