Thanks to documents leaked by former National Security Agency contractor Edward Snowden, we learned last week about a secret NSA program called PRISM. The program allegedly allows the U.S. government to access the data of foreign users using services like Google, Facebook, and Yahoo. But how does the program really work?

Initially, as reported by The Guardian and The Washington Post, it seemed like the NSA had direct access to the company's servers and could get the data they needed without intervention from the Internet companies. That notion was strongly denied by almost every company mentioned in the the NSA powerpoint presentation that revealed PRISM. And further reporting has revealed that PRISM isn't as evil as we initially thought.

SEE ALSO: NSA Snooping Matters, Even If You Have 'Nothing to Hide'

As Mashable reported last week, PRISM is probably more like a data ingestion API system that allows for streamlined processing of Foreign Intelligence Surveillance Act requests. And Google revealed to Wired that its secret system to siphon data to the NSA was nothing more than a secure FTP.

There's still a lot we don't know, and we still need answers to a lot of questions. But what would PRISM look like if we took the information we have available today, via press reports, the companies' statements and what the Director of National Intelligence has disclosed? Ashkan Soltani, an independent privacy researcher and consultant, along with another researcher, nicknamed "semipr0," have made an infographic that cleanly lays out how PRISM might work:





In his blog post accompanying the infographic, Soltani elaborates on how he created the infographic, warning that this visualization shows how PRISM would look "if we took all the statements [by companies and officials] made at face value."

Soltani and semipr0 are assuming that PRISM doesn't give direct access to the NSA, that the system enables "historical and prospective surveillance," and that some companies have systems and software in place that enable the delivery of the data, and that they "cannot see the queries," like The Washington Post reported.

SEE ALSO: NSA Surveillance News: Everything You Need to Know

With these assumptions, they speculate that PRISM could be a contractual relationship between the companies and the U.S. government to set up the system, or a process for requesting, transferring and ingesting the companies' responses.

For Soltani and semipr0, this is how the process works, as laid out in the infographic above.

First, the government approaches the company and establishes a system that they will follow from then on to process FISA requests.

Once the system is in place, an NSA agent, from his or her computer, can send a request to the company for user data. After that, the FBI makes sure the request doesn't specifically target U.S. citizens. Then the request is sent to the company either through more traditional legal process, like a letter or an email, or through an automated API-like process, similar to what Facebook has set up for criminal investigations.

Finally, and as Soltani writes, "this is where things get interesting," the company fulfills the request. This is also where most of the mystery surrounding PRISM still resides. Google has said that it uploads the data to a secure FTP, and sometimes it even delivers it by hand. The New York Times has reported that Facebook has set up some sort of secure "mailbox" or dropbox within its servers to drop the data. Facebook refused to disclose how it cooperates with the NSA, and we don't know how other companies do it.

Soltani speculates that Scenario B (as imagined in the infographic above) is how Microsoft and Skype do it because "an onsite box would allow the government to conduct real-time voice intercepts," he writes.

A lot of questions still remain unanswered, and Soltani himself admits that this is a work in progress. But with the information we currently have available, this infographic is perhaps the best visualization of how PRISM might work.

Mashable composite, image via iStockphoto, alexsl; logo courtesy of NSA; Infographic courtesy of Ashkan Soltani and semipr0