[Splendor]

From what I understand PRISM splits the fiber coming out of the companies implicated on it's way to the backbone. This does not require the knowledge of the companies implicated. Since it's actually splitting the light inside the fiber, PRISM is a cute name.

[jlgreco]

That is basically a continuation of the Room 641A concept.

There are a few problems with that theory when you consider that these companies are using SSL now. They cannot MiTM data from a beam splitter and we know they are not actively MiTM'ing traffic from a spliced cable with their own private key signed by a cooperating CA (doing this would be noticed quickly if they tried it en masse). If they have the companies private keys then they could be passively decrypting the traffic, unless DHE/ECDHE were being used. If that was the case then they would need the companies private key and the ability to do an active MiTM.

I don't doubt that they are doing something, but I don't think we have enough information yet to say what. Hopefully further releases will shed more light on this.

[twinge]

Add on top of that the PRISM program only costs $20m/year. There is just no way a massive nationwide clandestine fiber tap collecting data from companies moving petabytes a day between datacenters can cost a mere $20m/year.

The thing that is most frustrating about this leak is we only get 4 slides out of a 41 slide deck, and are left to fill the gaps with paranoid worst-case assumptions. And the Internet is a great echo chamber of paranoid assumptions.

[jlgreco]

Well, we also don't know if PRISM is piggybacking on another, possibly far more expensive system (the hypothetical hardware could already be in place, and under the budget of another far more expensive program).

Really, we just don't know. We don't know anything, except that it sure seems that something is going on. The documents are not getting the same treatment as the fabricated documents of a raving lunatic anonymous coward on Slashdot.

It seems fairly prudent to assume the worse case scenario, better safe than sorry, but it is important to not confuse that assumption with knowledge.

[jessaustin]

If they're going to lie about the existence of the program, I don't see why they can't lie about how much it costs too.

[twinge]

The program cost comes directly from the slides: http://en.wikipedia.org/wiki/File:Prism_slide_5.jpg

[marshray]

And everything the NSA puts on Powerpoint about its own budget is true?

[wavefunction]

I guess it depends on the audience the presentation is intended for, but if it's internal I'd hope they weren't lying to themselves.

[TheCondor]

Mitm seems heavy handed. They already have help from one side, google and company could log the session key and pass it on.