What does the government do with the Internet data it collects?
It's not clear from the documents obtained by the Washington Post and the Guardian, but, as with phone records, the National Security Agency appears to be building a database of much of the Internet traffic.
How is it stored?
The companies participating in PRISM produce enormous amounts of data daily, so storing it would require computing power the likes of which the public has never seen. People who study technology and security believe that's why the NSA has been building a million-square-foot data center near Salt Lake City.
That center will reportedly cost about $2 billion to construct — and $40 million a year to power such a wide swath of supercomputers.
Forget megabytes, gigabytes and terabytes. According to a report last year by Wired magazine, the Utah facility will be able to handle so much information that its storage capacity is measured in what are known as yottabytes. A yottabyte is so big as to be nearly unimaginable by casual computer users: It's enough information to fill 200 trillion DVDs.
It's more information than moves through the entire Internet in a single year.
Computer scientists don't have a name for whatever is bigger than a yottabyte. It's so big, they don't need one yet.
Does this apply to Americans?
But President Obama said Friday that Americans are not targeted by this program.
That's also true. It all comes down to the word "targeted." Here's why.
The agency can't target Americans. Targeting is different from collecting. PRISM dumps massive amounts of data from users all over the world into the NSA's computers, and much of that comes from the accounts of American citizens.
All this information lives on NSA computer servers. At this point, the government has your information but can still say it hasn't targeted you. Basically, PRISM might have all your emails but, until someone reads them, you haven't been targeted.
NSA analysts are supposed to focus only on non-U.S. citizens outside the United States. According to the Washington Post, though, "incidental" collection of Americans' data is common, even at the targeting stage.
Let's say analysts are looking at a suspected terrorist. They pull his emails and all his Facebook friends. Then they take all those people and pull their data, too.
According to NSA training materials obtained by the Post, analysts are required to report to their superiors whenever this results in collection of U.S. content, but, the training materials say, "It's nothing to worry about."
How is this legal?
The PRISM documents don't spell out the whole program. James Clapper, the director of national intelligence, said late Thursday that it was approved by a judge and is conducted in accordance with U.S. law.
Because the authorization came from the Foreign Intelligence Surveillance Court, all the legal justification is classified.
That court was created by the Foreign Intelligence Surveillance Act of 1978 and is known in intelligence circles as the FISA court. Cases are heard inside vaults in a Washington federal courthouse. Its rulings are almost never made public.
It's not clear whether the companies agreed to be part of PRISM voluntarily or were under court order but, either way, the companies almost certainly signed agreements with the government spelling out their cooperation. The Post reported that the government has the authority to force companies to participate.
But the companies are denying all this, right?
Sort of. Apple, for instance, issued a statement saying it had "never heard of PRISM."
That's not surprising. PRISM is a government code name for a collection effort known officially as US-984XN. There would be no reason for the NSA to share the code name with the companies.
Apple's statement continued, "We do not provide any government agency with direct access to our servers, and any government agency requesting customer data must get a court order."
From what we know about PRISM, there apparently was a FISA court order authorizing this effort. And PRISM does not require direct access to company servers. More likely, in fact, the NSA or the companies would set up a designated route to transfer data to the government. That's easier for the company and less legally problematic for the NSA.
Is this newly detailed surveillance keeping America safe?
The Obama administration, like the Bush administration before it, says yes. But because both the phone data program and PRISM remain classified, it's impossible to thoroughly verify these claims.
The president can choose what he wants to declassify, which gives him an advantage in the debate for public opinion. And the politics of national security are stark: Terrorist threats tend to raise demand for new, more aggressive surveillance tactics; the absence of attacks helps justify the surveillance.
The documents obtained by the Post and Guardian show that PRISM has been a major source of intelligence, one that provides more information to the president's morning briefing book than any other program.
Obama said Friday that Congress was well aware of these programs and a FISA judge approved them.
So what's the scandal here?
This week, Americans have gotten a glimpse at a government surveillance machine that has been churning for years, gathering information on its citizens.
The stories are important not because they show rogue, illegal government spying. They matter because they reveal, in stark fashion, what the government has made legal over the past decade and where that has taken the country.