Overview
PRISM was a clandestine surveillance programme operated by the United States National Security Agency that collected internet communications from at least nine major American technology companies. Authorised under Section 702 of the Foreign Intelligence Surveillance Act (FISA), PRISM allowed the NSA to obtain emails, chat logs, video calls, stored data, VoIP traffic, file transfers, and social networking data directly from the servers of Microsoft, Google, Yahoo, Facebook, PalTalk, YouTube, Skype, AOL, and Apple.
The programme’s existence was unknown to the public until June 5, 2013, when former NSA contractor Edward Snowden leaked a classified 41-slide PowerPoint presentation to journalists Glenn Greenwald and Laura Poitras. The Guardian and The Washington Post published simultaneous exposés, triggering the largest public debate about government surveillance since the Church Committee hearings of 1975.
Authorisation and Legal Framework
PRISM operated under the legal umbrella of the FISA Amendments Act of 2008, specifically Section 702, which permits the Attorney General and Director of National Intelligence to authorise the targeting of non-US persons reasonably believed to be located outside the United States. The Foreign Intelligence Surveillance Court (FISC) approved collection orders that were then served on technology companies, compelling cooperation under gag orders that prohibited disclosure.
The NSA characterised PRISM as a “downstream” collection tool — meaning data was collected from providers rather than directly intercepted from fibre optic cables, which was covered by a separate programme called UPSTREAM (also revealed by Snowden). According to the leaked slides, PRISM was described as the number one source for NSA raw intelligence used in President Obama’s daily briefing.
Scale and Scope
The leaked slides dated the programme’s inception to 2007, when Microsoft became the first company enrolled. By 2013, nine companies were participating. The slides claimed PRISM accounted for nearly one in seven intelligence reports produced by the NSA. GCHQ, the UK’s signals intelligence agency, was confirmed to have had access to PRISM data through a liaison arrangement, raising significant legal questions in the United Kingdom about bulk collection of British citizens’ communications without judicial oversight.
An NSA inspector general report later estimated the programme collected data on hundreds of millions of people globally, the vast majority of whom were not the intended foreign intelligence targets.
Corporate Response and Denials
All nine named companies initially denied knowingly participating in any programme giving the government “direct access” to their servers. This was technically accurate — the architecture involved companies complying with court orders to produce specific data rather than providing a persistent backdoor. Subsequent reporting and declassified documents confirmed the practical effect was equivalent: the NSA received comprehensive data sets on targeted individuals and, through so-called “about collection,” large quantities of incidental communications involving US persons.
Aftermath
Snowden was charged under the Espionage Act and fled to Russia, where he was granted asylum. The revelations prompted reforms including the USA FREEDOM Act of 2015, which ended bulk collection of US phone metadata under Section 215 of the PATRIOT Act. Section 702 itself was reauthorised multiple times. A 2020 US federal appeals court ruling found the original metadata programme Snowden exposed was illegal under FISA — but PRISM, operating under a different legal authority, remained in place.
The programme’s existence is fully confirmed by US government statements, declassified FISC opinions, and congressional testimony.