1. PRISM is…

…a formerly secret government program (started under George W. Bush and continued under Barack Obama) that harvests user data from the servers of internet companies. The public intent is foreign surveillance with strict judicial oversight, but the lines are blurry enough for the occasional Axel Foley-esque work-around. PRISM itself appears to help not with the data collection specifically, but with compiling and analyzing the data - which is important, since it’s coming from different sources and different formats.

2. Tech companies DID foster back-door access to user data.

“We never heard of such a thing!” exclaimed Silicon Valley in near-unison last week after the PRISM news broke. As it turns out, they did in fact know they were forking over information to the government. (They are legally obliged to do so, so if they don’t know there ought to be a bunch of unemployed business attorneys in Silicon Valley pretty soon.)

Tech companies created virtual safe rooms on their servers where government agencies could access requested data. This allows companies to remain compliant without opening up broader user data. (The government agents who request the data probably didn’t mention the code name PRISM, so CEOs are likely telling the truth when they say they have “never heard of” the program.)

3. The NSA almost certainly scooped up data from American citizens. 

Requests to gather data from tech companies goes through the Foreign Intelligence Surveillance Court. The threshold for issuing a warrant requires only 51% confidence that a potential target is foreign. That basically means that an intelligence agent needs to prove he or she isn’t intentionally targeting American citizens.

The math on this suggests that it’s almost certain that plenty of data from American citizens on American soil was scooped up in the collections.

4. And they were looking at LOT of data.

PRISM pulls data from as many as 50 technology companies, according to CNET, and an internal PowerPoint boasts about the wide range of data types available. Emails, videos, video chats, Facebook logins, Skype calls, instant messages, and requests for extra lives in Candy Crush were all in play.

5. This is different from the Verizon thing.

They broke at the same time, so the revelations seem connected. The Verizon surveillance program involved wide-spread data about domestic and overseas phone calls, though not the content of the calls themselves. PRISM is intended to target foreign communications in online environments, and does investigate the content of that communication.

In other words, the Verizon data pull lets the NSA know that you don’t call your parents nearly enough; the PRISM data pull lets the NSA know that you spent all morning commenting on cat videos.