The only companies that participate in PRISM are government security contractors. You appear not to have understood what PRISM is, which is astonishing given how much documentation we have about it.
If PRISM is in your threat model… You can safely assume that any large enough US-affiliated web service, hardware and software manufacturer is in scope of something like this. Good luck evading.
PRISM was done under warrants or on non-citizens, and never with the consent of the companies involved, so no they're not involved in anything resembling the same way, as far as we know (unless you have specific new information to share from a credible source).
I referenced PRISM in a comment to a recent Apple article on HN a couple of days ago. It triggered HN and Apple fans and the comment ultimately got shadow-banned by moderators.[1]
Anyway, it’s astonishing that so many people willfully continue to use products/services offered by the core companies that are members of PRISM surveillance. Members provide access to ALL user data/information to NSA et al. Here are some technology/telecom company members (and approx. date joined):
I doubt any of the companies are willing partners in PRISM - it's terribly bad for business, as Americans are only 4% of humans and being forced on threat of personal imprisonment to spy for the American government is not a really wise customer acquisition strategy.
It is really quite likely that the access to Apple and Google and other large providers' systems is done at an operations level, without knowledge of their management and providing for complete plausible deniability. How many network admins and ops people at Apple have physical access to the machines where keys are generated, stored, and used?
The #1 realtime end-to-end encrypted messaging service on the planet (where the software development and cyphertext transmission are both physically present inside the legal jurisdiction of the US) would be your first choice, no?
I'll take a flight simulator hidden in Excel over widespread, systematic violations of privacy any day thanks. Want to maintain trust from your customers? Don't spy on them.
You didn’t mention any other companies in your PRISM companies. The others shared data for PRISM AND have been profiling people and selling or sharing their behavioral data.
It's not clear from the slides that the companies were "participating" at all. Further Snowden leaks showed that the NSA was cracking large internet companies' internal systems communications. PRISM doesn't necessarily need their cooperation at all.
The NSA didn't cut those companies a check. As the slides very clearly show, PRISM is an integration program between the NSA and the FBI to consume the data that the FBI already gets from issuing wiretap requests for specific users.
You may have forgotten the part where it's directly fed to the NSA. PRISM existed and still exists, and there is ongoing collaboration between every large tech company and the NSA.
These are some of the biggest corporations in the world, with resources to push back on behalf of their users---if they wanted to. Heck, at least Yahoo did something. At some point the PRISM collaborators took a calculated risk that their users would not find out, or if they did, it would be of no consequence to their business. Maybe it was the classified assurances, or maybe the whole "direct access" line for deniability. I may not have any say in NSA programs or secret courts, but I'm still a consumer and techie and can vote with my money and time. I'm gonna do my best not to support companies that actively build a surveillance state.
reply