In a new leak of slides provided originally by Edward Snowden, and published by The Washington Post, detail exactly how the NSA PRISM secret spying program works: from targeting “selectors,” accessing private Internet companies’ data, to processing the data.
In the Foreign Intelligence Surveillance Act (FISA) court approved PRISM program, NSA analysts are able to tap into top Internet companies to obtain information on foreigners, without individual warrants.
When an NSA analyst targets a “selector” (a person’s name, email address, phone number or some other digital signature), he is able to target a foreigner and directly “tap” into companies’ data like Microsoft, Google, Yahoo, Apple, and others, as long as there is “reasonable belief” that the search will not return results for U.S. citizens, permanent residents or anyone else who is located in the United States. Of course we all know that chances are there will undoubtedly be times when American citizen data will be part of the data collection.
If a target turns out to be an American or a person located in the United States, the NSA calls the collection “inadvertent” and usually destroys the results. If the target is foreign but the search results include U.S. communications, the NSA calls this “incidental” collection and generally keeps the U.S. content for five years. The Post seems to stand behind the original “direct access” argument and also says that the NSA search requests, performed on equipment maintained by the FBI onsite, are called “tasking,” for example:
[…] to a private company and to an NSA access point that taps into the Internet’s main gateway switches. A tasking for Google, Yahoo, Microsoft, Apple and other providers is routed to equipment installed at each company. This equipment, maintained by the FBI, passes the NSA request to a private company’s system.