PRISM (2007–): The NSA's Section 702 Collection From U.S. Tech Companies.

What PRISM is, in a paragraph.

PRISM is a National Security Agency program, begun in 2007, that collects the content of internet communications — emails, instant messages, stored files, photos, video and voice chats, and more — from major U.S.-based technology and communications providers. It operates under Section 702 of the FISA Amendments Act of 2008, which authorizes the warrantless targeting of non-U.S. persons reasonably believed to be located outside the United States to acquire foreign intelligence. Under PRISM, the government serves directives on providers (the leaked slides list Microsoft, Yahoo, Google, Facebook, PalTalk, YouTube, Skype, AOL, and Apple, added between 2007 and 2012), and the providers turn over the communications of the NSA's targeted “selectors” (such as email addresses). This is “downstream” collection — obtaining data from the companies that hold it — as distinct from “UPSTREAM” collection, which taps the internet backbone directly. PRISM was the first program disclosed in the June 2013 Snowden leaks, reported simultaneously by The Guardian (Glenn Greenwald) and The Washington Post (Barton Gellman). The disclosure prompted a sharp dispute over an NSA slide's claim of “collection directly from the servers” of the companies, which the companies vehemently denied, saying they provided only specific data in response to lawful, targeted legal process. Because Section 702 targets foreigners but inevitably collects the communications of Americans who correspond with them (“incidental collection”), and because the FBI and NSA can then query that data for U.S.-person information, PRISM and Section 702 have remained at the center of the surveillance-reform debate through every reauthorization.

The documented record.

The legal basis: Section 702

PRISM rests on a specific statute. Verified Section 702 of the FISA Amendments Act of 2008 permits the government, with annual certifications approved by the FISA Court, to target non-U.S. persons reasonably believed to be abroad in order to acquire foreign intelligence, compelling U.S. providers to assist. It does not require an individualized warrant for each target. Section 702 was the legislative successor to the warrantless collection conducted under STELLAR WIND and the 2007 Protect America Act, bringing that activity under a statutory and FISA-Court framework [1][2].

The program and its providers

The leaked materials documented the program's reach. Verified The PRISM slide deck identified participating providers and the dates each was brought in: Microsoft (2007), Yahoo (2008), Google (2009), Facebook (2009), PalTalk (2009), YouTube (2010), Skype (2011), AOL (2011), and Apple (2012). The slides described the categories of data collectible — email, chat, videos, photos, stored data, VoIP, file transfers, and more — varying by provider. PRISM provided the NSA a large share of its internet-communications intelligence [3][4].

The June 2013 disclosure

PRISM was the opening revelation of the Snowden affair. Verified On June 6, 2013 — one day after the first Snowden story (the Section 215 telephone-metadata order) — The Guardian and The Washington Post simultaneously published the PRISM slides. The reporting identified PRISM as a major NSA collection program operating against the named companies. It immediately became the most-discussed element of the early disclosures because it named household-name technology firms [3][4].

The “direct access” dispute

A central factual controversy concerned how the data was obtained. Disputed One NSA slide described collection “directly from the servers” of the providers, which initial reporting took to imply unfettered NSA access to company systems. The named companies forcefully denied giving the NSA direct or unfettered access, stating that they disclosed specific user data only in response to lawful, targeted legal demands, often via secure file transfers or dedicated portals. The reconciled understanding is that PRISM is compelled, targeted, provider-mediated collection — not a backdoor into corporate servers — though the precise mechanics vary by provider, and the “direct access” phrasing remains a point of contention between the slide's language and the companies' descriptions [3][4][5].

Incidental collection and U.S.-person queries

The core civil-liberties issue is the effect on Americans. Verified Although Section 702 targets only non-U.S. persons abroad, it inevitably acquires the communications of the Americans who communicate with those targets — “incidental collection.” The resulting database of communications can then be queried, including for U.S.-person identifiers; the FBI's querying of Section 702 data for information about Americans, sometimes called the “backdoor search” concern, has been a recurring subject of FISA Court criticism and reform proposals. The government has resisted estimating how many Americans' communications are incidentally collected [2][5][6].

Oversight and reauthorization

PRISM/Section 702 has been repeatedly reviewed and renewed. Verified The Privacy and Civil Liberties Oversight Board's July 2014 report on Section 702 concluded that the program was valuable and operated within the statute but recommended reforms, particularly around U.S.-person queries and transparency. The FISA Court has documented compliance incidents and ordered changes. Congress has reauthorized Section 702 on a recurring basis (including in 2017 and subsequently), each time amid debate over warrant requirements for U.S.-person queries and other protections [2][6].

The official explanation.

The government's position is that PRISM is a lawful, court-supervised, and highly valuable foreign-intelligence program. Claimed Officials have described Section 702 collection as among the NSA's most productive sources of intelligence on foreign threats, conducted under FISA Court oversight, with targeting and minimization procedures designed to limit the retention and use of U.S.-person information. The Privacy and Civil Liberties Oversight Board's 2014 review broadly supported the program's legality and value while recommending reforms [2][6].

Critics — civil-liberties organizations, some legislators, and privacy advocates — argue that Section 702's targeting of foreigners is a mechanism that sweeps in large volumes of Americans' communications without a warrant and then permits warrantless querying of that data for U.S.-person information. Disputed The dispute centers on the “backdoor search” problem, on the government's refusal to estimate incidental collection of Americans, and on whether provider-compelled bulk-scale targeting is consistent with the Fourth Amendment. The technology companies, for their part, contested the “direct access” characterization and pressed (with partial success) for greater transparency about the legal demands they receive [3][5][6].

The unanswered questions.

How many Americans are collected

The government has never provided a reliable estimate of how many U.S. persons' communications are incidentally collected under Section 702. Unverified Repeated congressional requests for such an estimate have gone unmet, the government citing methodological and privacy difficulties — leaving the scale of the program's effect on Americans formally unknown [2][6].

The precise collection mechanics per provider

The exact technical means by which each provider furnishes data — and how that maps onto the disputed “direct access” language — has never been fully and publicly reconciled. Disputed The general model (compelled, targeted, provider-mediated) is established; the per-company specifics remain partly opaque [3][5].

The constitutionality of querying

Whether the FBI's and NSA's querying of Section 702 data for U.S.-person identifiers requires a warrant is unresolved by the Supreme Court. Disputed Lower courts and the FISA Court have addressed aspects of it; reform proposals to impose a warrant requirement have repeatedly been debated in reauthorization fights without a definitive constitutional ruling [2][6].

Primary material.

The accessible record on PRISM is held principally at these locations:

• The leaked PRISM slide deck — the NSA presentation published June 6, 2013, the original primary disclosure, reproduced (in part) by The Guardian and The Washington Post.
• The Privacy and Civil Liberties Oversight Board report on Section 702 (July 2014) — the principal official analysis of the program's operation and legality.
• The text of Section 702 of the FISA Amendments Act (2008) and its reauthorizations, and the declassified FISA Court opinions on Section 702 compliance.
• The technology companies' transparency reports and statements — Microsoft, Google, Apple, Facebook, and others, disputing “direct access” and documenting the legal process they receive.
• Barton Gellman, Dark Mirror (2020), and Glenn Greenwald, No Place to Hide (2014) — the journalists' accounts of the disclosure.

Critical individual sources include: the June 6, 2013 reporting and slides; the 2014 PCLOB Section 702 report; and the declassified FISA Court opinions documenting querying and compliance issues.

The sequence.

1. 2007 PRISM begins; Microsoft is the first provider brought in.
2. 2008 The FISA Amendments Act enacts Section 702, the program's legal basis.
3. 2008–2012 Yahoo, Google, Facebook, PalTalk, YouTube, Skype, AOL, and Apple added.
4. June 6, 2013 The Guardian and The Washington Post publish the PRISM slides; the “direct access” dispute erupts.
5. July 2014 The PCLOB reports on Section 702, supporting its legality while recommending reforms.
6. 2017 onward Congress reauthorizes Section 702 amid recurring debate over U.S.-person query protections.

Cases on this archive that connect.

The Snowden Disclosures (File 025) — the source of the PRISM revelation and the broader corpus.

STELLAR WIND (File 175) — the warrantless predecessor whose content-collection activity Section 702 (and thus PRISM) legalized.

MUSCULAR (File 177) — the sibling program that tapped Google and Yahoo data-center links abroad, bypassing the legal constraints PRISM operated under.

Boundless Informant (File 178) — the tool that quantified the global collection of which PRISM was a major source.

More related files coming as the archive grows. Planned: UPSTREAM collection, XKeyscore, and the FISA Court.

Full bibliography.

1. Gellman, Barton, and Poitras, Laura, “U.S., British intelligence mining data from nine U.S. Internet companies in broad secret program,” The Washington Post, June 6, 2013.
2. Greenwald, Glenn, and MacAskill, Ewen, “NSA Prism program taps in to user data of Apple, Google and others,” The Guardian, June 6, 2013.
3. Privacy and Civil Liberties Oversight Board, Report on the Surveillance Program Operated Pursuant to Section 702 of the Foreign Intelligence Surveillance Act, July 2, 2014.
4. FISA Amendments Act of 2008, Section 702; declassified Foreign Intelligence Surveillance Court opinions on Section 702 compliance and querying.
5. Statements and transparency reports of Microsoft, Google, Apple, Facebook, Yahoo, and others responding to the PRISM disclosure.
6. Gellman, Barton, Dark Mirror: Edward Snowden and the American Surveillance State, Penguin Press, 2020.