Among the revelations made last week by NSA leaker Edward Snowden, few were more jarring than the suggestion that private security contractors have the capability to monitor your every online communication seemingly on a whim, in real-time. As he told the Washington Post, "They quite literally can watch your ideas form as you type."
Like most everything else Snowden disclosed, it seemed like something out of a spy movie. But with the caveat that no one outside the NSA truly knows the extent of the agency's reach, cybersecurity experts say that Snowden's charge rings true, at least in part. According to PowerPoint slides Snowden provided to the Post and the Guardian, PRISM collected stored communications information from sites such as Facebook, Skype, Google, and Yahoo, boasting of access to online social networking details, email, file transfers, photos and video and voice chats.
Barring direct access (physically installing some sort of keystroke capture, for example) analysts probably don’t have the capability to jump into a random Skype conversation and see what’s being typed—nor would they want to. "Are they probably actually doing that for like arbitrary people?," asked Julian Sanchez, a research fellow at the Cato Institute who specializes in tech privacy. "Probably not because that would take a lot of time and not be very useful."