The Washington Post has revealed four new slides from its trove of top secret PRISM information, appearing to confirm some of the initial reports earlier in June about the nature of the US government surveillance program.
Notably, the new slides appear to confirm whistleblower Edward Snowden's claims that PRISM allows the NSA and FBI to perform real-time surveillance of email and instant messaging, though it's still not clear which specific internet service providers allow such surveillance. (As originally reported, PRISM providers include Microsoft, Yahoo, Google, Facebook, PalTalk, YouTube, Skype, AOL, and Apple.) In notes accompanying the new slides, the Post claims that "depending on the provider, the NSA may receive live notifications when a target logs on or sends an email, text, or voice chat as it happens."
One slide, containing a screenshot of a PRISM web interface, appears to show the scope of the government's record keeping. The screenshot, which The Washington Post dates as of April 5th, shows 117,675 "records." The Post claims that these are "active surveillance targets," but neither the Post nor the content of the slide indicate whether each of these records pertain to unique individuals under active surveillance. The extent of the information held within each record is also unknown.
There's still a substantial gap of knowledge about how PRISM works
Two of the new slides detail the data collection process, from the initial input of an agency analyst, to data analysis under several previously-reported analysis tools such as Marina (internet data), Mainway (call records), Nucleon (voice data), and Pinwale (video data). As the Post reports, and as one slide indicates, the FBI checks stored communications against its own databases to verify that targeting selectors do not match US citizens — but no such check appears to be performed for live surveillance. Critics of PRISM and other US surveillance programs contend that the government's broad efforts capture "incidental" data belonging to innocent Americans.
There's still a substantial gap of knowledge about PRISM between the public and the US government, and the latest leak provided by The Washington Post doesn't address fundamental concerns, including the allegation that the NSA has "direct access" to the servers of companies like Google, Facebook, and Microsoft (a claim internet companies have strenuously denied). It's also not clear why the Post decided to wait on releasing these particular slides since they only seem to confirm earlier reporting; the Post and The Guardian still possess a broader collection of PRISM slides, and potentially other documents, provided by whistleblower Edward Snowden.