Should you be scared of Prism?

The NSA says Prism is real - so who's being spied on?

Prism leak

Back when AOL was the world's biggest internet service provider, conspiracy theorists claimed that the whole thing was a front for the CIA or the FBI: every message you sent or GIF that you patiently downloaded would be logged by the Feds, and if you used certain keywords you'd find black helicopters hovering over your house.

It looks like they had the right idea - and, if anything, they massively underestimated the security services' ambitions.

According to separate reports by the Washington Post and The Guardian, a programme called PRISM is pulling "audio, video, photographs, emails, documents and connection logs" from AOL, Google, Yahoo, Facebook, PalTalk (it's a video chat service), YouTube, Skype and Apple, with DropBox "coming soon".

Facebook, Google, Microsoft, Apple and Yahoo have all flatly denied giving the US government access to their users' data, but then they would, wouldn't they? It certainly casts the Xbox One's always-on microphone in a very different light.

Is it tinfoil hat time, or is something genuinely frightening going on?

Should you buy shares in Bacofoil?

Let's assume that the Prism story isn't an elaborate attempt to troll the media, and that the leaked presentation The Washington Post based its story on is genuine. Are the tech firms telling the truth, or choosing their words carefully?

Apple told CNBC that it doesn't let any government agency have "direct access" to its servers. Facebook similarly says there's no "direct access". Yahoo uses the D-word too, and Microsoft denies participation in any "voluntary" national security programme.

Direct? Voluntary? What about indirect and compulsory? The Washington Post reports that the scheme was created under the Protect America Act in 2007 to do exactly what civil libertarians feared the CAA would do: give the government "a green light to seek indiscriminate access to domestic communications".

Don't worry, America! The Director of National Intelligence, James Clapper, told the Associated Press that the articles are "misleading" and that the surveillance is only for foreigners, not Americans. The Washington Post begs to differ, noting that "Prism searches are reportedly "designed to produce at least 51 per cent confidence in a target's 'foreignness'" — the lowest conceivable standard. PRISM training materials reportedly instruct users that if searches happen to turn up the private information of Americans, 'it's nothing to worry about'.

Prism clearly exists and people's data is clearly being intercepted - and if GCHQ isn't doing something similar in the UK, then I'll be amazed if some of the Prism stuff doesn't make its way to the British security services. The big question is, should we be worried about it?

The worry isn't that potential terrorists' online activities are being tracked: it's whether the rest of us, the non-terrorists, are being adequately protected. The security services have enormously powerful tools at their disposal - if you haven't read about Palantir or Riot before, prepare to be scared silly - and ordinary people need equally powerful legislation to ensure those tools aren't misused.

The tech may be new, but the questions it raises aren't: as Juvenal asked in the first or second century, who watches the watchmen?