The first season of our show starts with a flashback. The year was 1978, and the Foreign Intelligence Surveillance Act (FISA) was signed into U.S. law. At the time, FISA was enacted to ensure the government obtained orders from a secret FISA court before conducting surveillance on suspected terrorists in the United States. After FISA, they had to go to a special court of federal judges to prove probable cause of compromised national security on each case [source: Totenberg]. This mirrors domestic law enforcement: Unless there is a warrant issued through probable cause, you can't put a wire up to intercept phone calls or telecommunications.
After Sept. 11, 2001, things changed. President George W. Bush authorized warrantless wiretaps, skipping the part where the special court reviewed each case. When there was outcry after the program became public, the Bush administration proposed changes to FISA that were adopted in 2008 through the FISA Amendments Act. The result was that now the federal intelligence agencies like the National Security Agency still didn't need a warrant but did have to have that FISA secret court review the target and techniques.
Now we get to Section 702 of FISA. Let's hear it from the Director of National Intelligence: "In short, Section 702 facilitates the targeted acquisition of foreign intelligence information concerning foreign targets located outside the United States under court oversight" [source: Wittes]. When it comes to the Internet, "foreign" isn't hard to find: There's loads of foreign Internet traffic going through U.S. servers, or saved on them. E-mailing Saudi Arabia from Afghanistan? Still probably going through a U.S. server to get there. FISA's rejiggering basically allowed for the government to ask companies to pretty please let them look at that information -- including content -- if they could be "reasonably sure" it wasn't a U.S. citizen or anyone inside the U.S.
According to the initial reports, PRISM was a program that allowed the government to directly access servers from some huge players, like Facebook and Google. As the Guardian first reported, "Companies are legally obliged to comply with requests for users' communications under US law, but the Prism program allows the intelligence services direct access to the companies' servers" [source: Greenwald and MacAskill]. (We'll discuss – and dispel -- this claim more later.)
In other words, if the leaked documents were to be believed, the government was basically able to search private company servers for anything it wanted, without having to make individual, targeted requests. Once they had that data, they just had to make sure -- with "51% confidence" -- of the "foreignness" of the target [source: Gellman and Poitras]. So if you're thinking no problem, you're outside the U.S. or have no foreign contacts, not so fast. The reality is with such a large search, there's a huge trove of "incidental" data collected. Although analysts may be scrutinizing only foreign data, that doesn't mean they're not collecting information about U.S. citizens or those on U.S. soil in the process [sources: Gellman and Poitras, Fresh Air].