Yep, you're right. PRISM is a process through which NSA obtains legal orders to demand information from companies through a federal law known as FAA 702. I tried to set the record straight on this last summer:
http://news.cnet.com/8301-13578_3-57588337-38/
Since then, we've learned that FAA 702 orders add up to a tiny fraction of user accounts. The order of magnitude is 1,000 accounts per company per year. I really can't get too worked up about this; there are bad guys out there and that figure seems not immediately unreasonable. What we should get worked up about is bulk AT&T etc. fiber taps that vacuum up everything without any accountability, but, well, PRISM is a nice sexy name and everyone's attention spans are short and, yikes, isn't this confusing and BULLRUN and EDGEHILL are too hard to remember. Right?
No companies "joined" PRISM. The slides are likely referring to when NSA managed to write the conversion utilities to import FAA 702-obtained records into the PRISM database. But critical thinking is hard and life is short. Right?
Since then, we've learned that FAA 702 orders add up to a tiny fraction of user accounts. The order of magnitude is 1,000 accounts per company per year. I really can't get too worked up about this; there are bad guys out there and that figure seems not immediately unreasonable. What we should get worked up about is bulk AT&T etc. fiber taps that vacuum up everything without any accountability, but, well, PRISM is a nice sexy name and everyone's attention spans are short and, yikes, isn't this confusing and BULLRUN and EDGEHILL are too hard to remember. Right?
No companies "joined" PRISM. The slides are likely referring to when NSA managed to write the conversion utilities to import FAA 702-obtained records into the PRISM database. But critical thinking is hard and life is short. Right?