PRISM: The NSA Program Snowden Revealed
Edward Snowden exposed PRISM, the NSA's mass surveillance program collecting phone and internet data on millions of Americans. Declassified documents confirm the operation's scope.
On June 5, 2013, Edward Snowden's first revelation appeared in the Guardian and Washington Post simultaneously: the National Security Agency was operating a massive, classified surveillance program called PRISM that vacuumed up phone records, emails, video chats, and internet activity from millions of Americans without individualized warrants. The documents he released weren't speculation or leaked rumors. They were authentic NSA slides, legal opinions, and operational directives stamped "TOP SECRET//NOFORN." Within weeks, congressional offices were flooded with constituent anger, privacy advocates filed suits in federal court, and the Obama administration scrambled to explain why the program existed at all. What had once been a tightly held classified secret became the catalyst for the largest debate about government surveillance power in American history.
This is the story of how that program worked, who approved it, what it actually collected, and why the government knew it was pushing constitutional limits long before Snowden walked into that Hong Kong hotel room.
Quick Answer
PRISM was a classified NSA program authorized under Section 702 of the Foreign Intelligence Surveillance Act (FISA) that collected bulk phone metadata and internet communications from millions of people. Snowden's 2013 disclosures included declassified NSA slides proving the program's existence. Congressional investigations and court rulings later found the surveillance touched far more Americans than the government had publicly acknowledged. The program continues operating today under reformed legal frameworks.
What Happened
The NSA's PRISM program began in 2007, though its legal foundation had been laid earlier. After the 9/11 attacks, the Bush administration had authorized aggressive surveillance under the Terrorist Surveillance Program (TSP), a warrantless wiretapping initiative that faced legal challenges and public backlash. PRISM offered what officials saw as a middle ground: legal surveillance under the FISA Amendments Act of 2008, specifically Section 702, which allowed the government to target foreign nationals reasonably believed to be outside the United States.
The problem was execution. While the statute required targeting foreign persons, the NSA's implementation was far broader. Documents Snowden provided showed that PRISM allowed the NSA to compel technology companies to provide direct access to their servers. These companies included Microsoft (Outlook, Hotmail), Yahoo, Google (Gmail), Facebook, PalTalk, YouTube, Skype, AOL, and Apple (iCloud). The NSA called this "upstream" collection when it happened at internet backbone chokepoints, and "PRISM" when it came from direct corporate cooperation.
Operationally, PRISM worked like this: An NSA analyst would submit a "selector," typically an email address or phone number they believed belonged to a foreign target. The request went to the Foreign Intelligence Surveillance Court (FISC), a secret tribunal established in 1978. In theory, a judge reviewed each request for probable cause. In practice, as declassified documents later revealed, the FISC approved nearly every request placed before it. Between 2002 and 2012, the FISC approved more than 40,000 surveillance requests without denying a single one.
The scope was staggering. An NSA presentation slide Snowden leaked showed that PRISM collected "nearly everything a typical user does on the internet." This included email, instant messages, video and voice calls, photos, file transfers, video conferencing, logins, and even "online social networking details." The slide showed logos of major U.S. tech companies, each labeled with the date PRISM collection began for that company.
What made this constitutionally dangerous was the "about" collection problem. When NSA systems intercepted communications that mentioned a target (even in passing, from someone unrelated to the investigation), those communications were vacuumed up automatically. A 2011 NSA audit later disclosed that "about" searches on this scale violated the Fourth Amendment rights of thousands of Americans who had no connection to any foreign surveillance target. An internal NSA study estimated that at least 56,000 American account holders were impacted every year by these "incidental" collections.
The Obama administration knew about these problems. In 2009 and 2011, the Office of the Director of National Intelligence (ODNI) commissioned reviews of FISA Section 702 programs. These reports, initially classified, acknowledged "compliance incidents" and questioned whether the scope of collection was proportional to the foreign intelligence benefit. Yet the programs continued, and remained secret from the public, Congress (except for a small intelligence committee), and the courts (except the classified FISC).
Snowden's revelations changed that equation. The June 2013 disclosures forced declassification of previously secret documents. Journalists and civil liberties organizations began filing Freedom of Information Act (FOIA) requests. The Privacy and Civil Liberties Oversight Board (PCLOB), an independent executive agency, launched a formal investigation. Congressional committees that had been kept in the dark demanded briefings. Within eighteen months, the political calculation had shifted enough that Congress passed the USA FREEDOM Act of 2015, which amended Section 702 and created new transparency requirements.
The Evidence
The primary evidence for PRISM's existence and operation comes from declassified NSA documents obtained by Snowden and later released through official channels.
Declassified NSA Slides: The Guardian and Washington Post both published PowerPoint presentations from NSA briefing materials dated April 2013. These slides explained PRISM's legal basis, participating companies, and collection capabilities. The documents bore NSA classification markings and were authenticated by current and former intelligence officials. One slide titled "PRISM/US-984XN" specifically listed each company and the date it began participating.
FISC Orders and Legal Opinions: Snowden provided copies of Foreign Intelligence Surveillance Court orders authorizing PRISM collection. These documents, later partially declassified and released to Congress, showed the specific legal authorities cited (50 U.S.C. 1881a) and the government's arguments for why mass collection was necessary. The FISC opinions also contained judges' reasoning, though many remained classified.
NSA Compliance Reports: Declassified internal NSA documents filed with the FISC revealed audit findings about violations. A 2011 audit, later released through FOIA requests, found that "approximately 56,000 identifiers had been queried" in ways that potentially violated the statute. Another memo from NSA General Counsel dated May 2012 acknowledged "a lack of clarity with respect to the requirement to make a distinction between U.S. persons and non-U.S. persons."
PCLOB Report: The Privacy and Civil Liberties Oversight Board published an unclassified report in January 2014 (after Snowden's disclosures) examining Section 702 programs. The 200+ page document confirmed PRISM's existence, scale, and acknowledged civil liberties concerns that the government had previously minimized in public.
Court Proceedings: In Wikimedia Foundation v. NSA (2015), Wikimedia successfully challenged the constitutionality of upstream surveillance. The Fourth Circuit Court of Appeals found that bulk surveillance of internet content raised "significant constitutional questions." The court relied partly on Snowden-disclosed documents as evidence of the program's actual operation versus its legal justification.
Congressional Testimony: DNI James Clapper appeared before Congress in March 2013 and was asked directly by Senator Ron Wyden whether the NSA collected bulk data on Americans. Clapper answered "no" and stated the collection was "not wittingly." After Snowden's June revelations, Clapper admitted he had given an answer that was "clearly erroneous" and later apologized. Congressional hearing transcripts documented this contradiction.
Why It Matters
PRISM's revelation exposed a constitutional crisis that had been operating in secret for six years. The government had created a surveillance apparatus that collected communications from millions of Americans, including journalists, lawyers, doctors, and political activists, without their knowledge and without individualized judicial warrants.
The Fourth Amendment prohibits unreasonable searches and requires that warrants "particularly describe the place to be searched, and the persons or things to be seized." PRISM operated on a principle of first-collect, later-filter. Analysts submitted broad selectors; the NSA vacuumed up everything connected to those selectors; and only afterward did systems attempt to sort communications involving Americans (who should have had stronger protections) from those involving foreign nationals. As declassified documents showed, this sorting failed regularly.
Snowden's revelations also exposed what some scholars call the "surveillance-industrial complex" an alliance between government agencies and technology companies that had formed largely in secret. Major U.S. corporations had granted the NSA direct server access, often without transparency to their own employees or boards. This raised questions about corporate accountability and the absence of meaningful oversight.
Politically, PRISM became a rare bipartisan irritant. Conservative Republicans and progressive Democrats both criticized the program, though for different reasons. The libertarian and civil liberties left saw it as tyranny. The national security right saw it as inefficient (bulk collection dilutes actionable intelligence). This coalition pressure led to genuine reforms, including the USA FREEDOM Act of 2015.
Yet PRISM did not end. Section 702 remains law today. The NSA still collects under its authority, though with marginally more transparency and oversight. Inspector General audits continue to find compliance incidents. The FISC still operates in secret. And new technologies (social media, cloud services, encrypted messaging) have expanded the surface area of what "collection" means.
The deeper significance is that Snowden's documents proved the "trusted but verify" framework doesn't work without disclosure. When surveillance programs operate entirely in secret, even from elected representatives, oversight becomes theoretical. PRISM existed for six years, touching millions of people, before the public learned it existed. That timeline suggests that classification, not law, was the real constraint on NSA power.
FAQ
Q: Is PRISM still operating today?
A: Yes. Section 702 of the FISA Amendments Act, which authorized PRISM, remains in effect. The NSA continues to collect under Section 702, though the USA FREEDOM Act of 2015 added new transparency and oversight requirements. Reauthorization occurs periodically through Congress.
Q: Did PRISM collect information on U.S. citizens?
A: Yes, extensively, though the NSA distinguished between "incidental" collection (Americans whose communications were swept up while targeting foreigners) and "intentional" collection. Declassified audits confirmed that thousands of American identifiers were queried annually, and the "about" collection problem meant Americans' communications were collected even when they had no connection to any foreign intelligence target.
Q: How did Snowden access these documents?
A: Snowden worked as a contractor for Booz Allen Hamilton, a private defense contractor with NSA contracts. He had security clearance and system access. He downloaded classified documents, copied them to external drives, and smuggled them out of NSA facilities. He then provided them to journalists Glenn Greenwald and Laura Poitras, who published the revelations beginning June 5, 2013.
Q: What happened to Edward Snowden?
A: Snowden fled the United States and was granted asylum in Russia in 2013. The U.S. government charged him with espionage and theft of government property under the Espionage Act. He has remained in Russia since, though in 2022 he obtained Russian citizenship. In 2023, he filed a lawsuit against U.S. intelligence agencies for mass surveillance violations.
Q: Did any tech companies refuse PRISM participation?
A: Some companies resisted or sought to limit their cooperation after the Snowden revelations. Apple claimed PRISM collection only began in 2012, later than other companies, and in 2013 implemented stronger encryption. Google and Microsoft began publishing transparency reports and fought certain FISA requests in court. However, all major U.S. tech companies continued to respond to legal orders, and the scope of that cooperation remains partially classified.
Q: Was PRISM found unconstitutional?
A: No federal court has issued a blanket ruling striking down PRISM or Section 702. However, courts have found aspects unconstitutional. The Fourth Circuit in Wikimedia v. NSA found "significant constitutional questions" about upstream bulk collection. The D.C. Circuit in Amnesty International v. Clapper initially dismissed the case on standing grounds, but later rulings have allowed certain civil liberties challenges to proceed. The Supreme Court has not yet ruled directly on Section 702's constitutionality.