How the PRISM Surveillance System Works

Season 2: The Players

Of course, you know that face by now, that of Edward Snowden, the former NSA contractor.
Of course, you know that face by now, that of Edward Snowden, the former NSA contractor.
© Bobby Yip/Reuters/Corbis

As we enter season 2 of our saga, we begin to focus in on some of the specifics -- and specific players -- that are part of the PRISM program. And there are some doozies: Microsoft, Yahoo, Google, Facebook, PalTalk (what, you don't know PalTalk?), YouTube, Skype, AOL and Apple all agreed to cooperate, according to the leaked documents between 2007 and 2012.

And what are they supposedly taking from those servers? Well, e-mail, chats (video or voice), videos, photos, stored data, Skype conversations, file transfers, logins, social networking. Everything.

To understand why these companies might agree to a PRISM arrangement, let's go back to those few years after 9/11. The government was getting the idea that to track terror, it needed e-mails -- and the content of those e-mails -- from key terrorism players. The NSA would go to Microsoft and ask for boatloads of information from its servers, related to foreign targets. It was time-consuming for all involved (engineers had to comb through masses of information), especially as the targets and the information piled up [source: Braun et al.]. Finally, the government threw up its hands and probably said something like, "There oughta be a better way!"

And that's when, in 2008, Section 702 was added. Section 702 changed the FISA process. Instead of specific individual targets, an order from the Director of National Intelligence and Attorney General is written that broadly describes the surveillance that they want to take place -- maybe a list of e-mails, or even people living in a certain area. It just can't target any U.S. citizen or anyone on U.S. soil. A group of judges approves this broad plan, to ensure that "special court review" takes place. From there, the government can give directives to these specific companies, like Google and Yahoo, asking for the information they need [source: Braun et al.]. No judge is reviewing each case, in other words, on these targeted, specific directives. But the companies also appear to not be just handing over wide troves of content or information, nor do they report giving access to their servers [source: Braun et al.].