Prism, as an individual unit of technological information collection, is not a particularly threatening thing. Similar tools are used in the business world to track customer behaviour online to help deliver personalised advertising to the internet user. This is usually done by collating huge amounts of internet traffic and behaviour, known as ‘big data’, and turning it from a chaotic scramble to a digestible and quantifiable source of information on people’s online activity.
The reason why PRISM is such a threat to individuals private information and a breach of public trust is the purposes and the context that PRISM is used. When it was created in 2007, the PRISM scheme was intended to be targeted at potential foreign criminal suspects, who’s online activity passed through servers based on US soil. With the primacy of silicone valley in internet services, it was likely that such information would pass through. Fair enough. Governments have kept a keen eye on potential foreign agitators, extremists and organized criminals for centuries, however the remit of the NSA allows to it target much more than these obvious targets.
According to the presentation slides produced for the consumption of NSA staff which were leaked earlier this month by the Manchester Guardian and the Washington Post, staff only needed to be 51% sure that the target was foreign. If a US citizen was targeted, either accidentally or not, this was “nothing to worry about”. Thus in practise, everyone is vulnerable and everyone is a target, and there were no legal safeguards that prevented the NSA spying on its own citizens. As Snowden revealed, all the data received by the NSA and PRISM was processed “by default” and with potential targets including the President themselves, it seems even the 51% certainty rule was purely optional and not always observed.
Not only is the remit of PRISM the detail that makes it a threat to personal liberty, but also the access to data it enjoys does as well. Its list of contributors reads like a who’s who of the top internet and computing firms. Apple, Microsoft, Facebook, Google, Skype; the list goes on and on. What this means is that all the data that passes through these services is vulnerable to PRISM. Video conversations, photos, private chat, internet phone conversations, web cams, microphones, even the contents of emails, all were collected and all were analysed by PRISM, as the Washington Post reported, “They could watch you as you typed”.
The computing firms were quick to deny the accusations of compliance in the massive state espionage operations; however they really had little choice but to comply. The process of the US state getting access to their information was fairly straightforward. A state attorney general would submit a request for access, the FBI would collect the information and the NSA would analyse it. Companies could theoretically deny access but risked costly and lengthy state lawsuits. The companies were also given certain benefits for accepting the access requests also, it certainly wasn’t a charity on their part.
The firms accused of compliance with PRISM have aggressively and swiftly denied all accusation, no surprise when the firms essentially trade in trust. Viktor Mayer-Schonberger of the Oxford Internet Institute has claimed there are serious consequences for the collective reputations of the likes of Google, Microsoft and Facebook if this erosion of trust continues. The importance of trust is exemplified in the actions of the firms. Microsoft recently began a huge advertising campaign specifically reiterating the point that “privacy is our priority”, and google publish quarterly transparency reports to convince their customers that they can be trusted with their private information.
Transparency is where their only salvation may lie. Google have begun to put pressure on the intelligence community to become more transparent, both for their sake as well as the American public’s.
So far most of the threats to personal liberty have centred around the US and its citizens. What does this mean for the rest of the world? The fact that the companies the US government had access to were so widely used, coupled with the allegations that PRISM and the NSA process everything as a default, means that the online activity of anyone who used any of the services provided by the companies working with the NSA since 2007 when it was first established, have had their online behaviour potentially analysed by the US state. This is why the EU and many European states have been quick to demand answers as to whether EU citizens have been targeted.
It’s bad news for UK citizens also; it seems GCHQ has had access to the data collected by the NSA to spy on its own people in a similar fashion. Worryingly the response of the government was the increasingly typical response of “nothing to hide, nothing to fear”, a seemingly unapologetic and Orwellian response to something quite as serious as the accusations are. Questions still remain unanswered as well. We still do not know, for example, if a warrant is required by GCHQ to target a UK citizen, and indeed whether any of this is even legal under various EU and UK legislation including the Data Protection Act. It seems the government is entitled to keep its secrets from the population but the population isn’t entitled to keep its secrets from the government.
Europe seems more in civil liberties camp than the security obsessed Anglo-Saxon states. Demands for details and greater protection of private information have been taken up by both the EU Commission and the European Parliament. It seems the countries of Europe and the EU itself are far more willing to protect the private information of its citizens than the UK government is.
How did this all start? PRISM began in earnest in 2007 but can trace its roots back to a series of programmes that introduced warrantless surveillance in 2001. By 2007 mounting public pressure had forced the Bush administration to end this programme, however, instead of abandoning it outright, they simply found it a new home in the 2007 Protect America Bill made it possible to electronically spy on anyone, so long as it was ‘reasonably believed’ that they were foreign (hence the 51% certainty mentioned earlier). Next year when an amendment was passed that immunized companies from handing over private data to the state, the PRISM programme was up and running, already with Giants such as Microsoft firmly in tow. Over time more and more companies were added, the latest being Apple, and the Obama administration has also actively allowed this policy to continue.
The PRISM scheme then presents itself as a serious threat to personal liberties, not just to US citizens who are being spied on by their own government, but to everyone, from the Embassies of EU member states, the president of the USA and the average citizen, who despite having no previous convictions, have been watched silently by men in ironically architecturally dystopian state institutions. Many state legislators in many countries have tried to argue the security provided is crucial, and that legal guidelines are followed, but it’s an easy defence to take, when those that spy on their own people are also the ones that make the law.