Security expert Steve Gibson explains how PRISM (People Really Interested in Spying on Me) works and “it really will upset a lot of people.” The tap is upstream on Tier 1 and backbone routers and not at server farms.
He says we’re relying on Congressional oversight yet the people running the programs are lying to Congress. There’s a serious chilling effect, self-censorship, as in, maybe I shouldn’t Google “IED” because it might put me on a list. FISA Article 215 gives NSA access to all phone company metadata records. This allows them to build detailed records of the relationships and connections between all of us. The FBI unjustly went after Martin Luther King using surveillance like this. NSA also also collects credit card data in the same manner.
The internet is a collection of interconnected private networks. Routers relay the data. As the data gets towards the destination the numbers of connections concentrates, ie, a router near a Google server farm will tend to send the vast bulk of its data to a Google. Or to ATT. Whistleblower Mark Klein testified in 2006 that ATT sent internet traffic in SF to 611 Folsom Street where a splitter diverted a complete copy to a separate room, SG3, which was controlled by NSA.
Gibson’s point is that NSA taps into Tier 1 routers, and splits the data off, hence the name PRISM. They don’t have to tap your house or a server farm, just on the Tier 1 routers. Thus Apple, Facebook, and Google et al are correct in saying NSA didn’t have access to their servers. Forget server farms, the question we need to ask is, do they have access to routers near those companies by tapping the fiber optic lines. NSA targets the bandwidth provider of big high tech companies to tap the routers closest to them.
All email is readable on the routers because it’s not encrypted (unless you use encryption software.) Semantic technology is used to analyze the data further.