Ambers provides an extremely thorough, acronymn-filled explainer on the NSA program:
What makes PRISM interesting to us is that it seems to be the ONLY system that the NSA uses to collect/analyze non-telephonic non-analog data stored on American servers but updated and controlled and “owned” by users overseas. It is a domestic collection platform USED for foreign intelligence collection. It is of course hard to view a Facebook account in isolation and not incidentally come into contact with an account that is owned by an American. I assume that a bunch of us have Pakistani Facebook friends.
If the NSA is collecting on that account, and I were to initiate a Facebook chat, the NSA would suck up my chat. Supposedly, the PRISM system would flag this as an incidental overcollect and delete it from the analyst’s workspace. Because the internet is a really complicated series of tubes, though, this doesn’t always happen. And so the analyst must sometimes “physically” segregate the U.S. person’s data.
What happens if I, in America, tell my Pakistani friend via Facebook chat that I am going to bomb a bridge? We don’t know precisely what happens when, in the course of a foreign intelligence intercept, a U.S. person creates evidence of their complicity with terrorism. The analyst must be able to distinguish between relevant and non-relevant communication. If the analyst catches my threat, then he or she will immediately initiate a procedure that sends the information to the FBI, which begins its own investigation of me. The NSA does not continue to collect on me. The FBI does — and probably uses the NSA tip as probable cause to obtain a FISA order to start collecting data using a PRISM-type tool of its own.
Great to have a simple empirical explanation – and it reaffirms my view that this is not unconstitutional at all.