These are all denials of things around the periphery of the PRISM issue like inferred details of the mechanisms by which the data is gathered, and none of them are denials of the core of what supposedly is happening under PRISM in terms of the scope of user data that has been collected by the NSA.
If you look at the "denials", they all only deny one or more of the following things:
1. That the government has direct access to the providers systems,
2. That customer information is provided to the government outside of what the provider believes is legally required,
3. That customer information is turned over to the government without a court order.
Lets start with the "direct access" piece, because this appears to be a common inference as to how the broad scope of information at issue is provided to the government, but the "direct access" characterization seems to be at odds with the slide titled "PRISM Collection Details" in the presentation that is the source of the accusations. That slide strongly suggests that there is a distinct collection of data that is available for NSA users, varying in content by provider.
The idea that it is a "voluntary program" or one outside of a process dependent on court orders isn't inconsistent with anything that has been made public from the source documents, but it doesn't seem to be demanded by them, either. What is clear from the documents (assuming their authenticity and accuracy) and the direct characterizations of them (rather than what are clearly inferences and not direct characterizations) provided in the coverage is that different providers were brought into the program at different times, and that the program involves some form of "cooperation" by the providers -- but none of that implies that it is voluntary or doesn't involve court orders of some kind (perhaps, specifically, FISA warrants)-- and that from each provider the collection of data is limited to a provider-specific list of particular kinds of data, and that the data is provided to the NSA directly from the companies servers (but the "direct access" rather than direct provision thing appears to be an inference from the direct provision, rather than itself a direct characterization.)
In fact, the recently revealed broad Verizon FISA warrant suggests exactly how this could have been achieved with FISA warrants -- instead of being dates on which a negotiated agreement was reached with each provider, the dates the providers are listed as being brought into the program could be the dates on which a broad FISA warrant (similar to the Verizon one, but specifying different data) was issued mandating collection of specified data from the specified provider. The providers could then honestly deny participation in a voluntary program, or providing direct access to their servers, or providing customer information without a court order -- they could even honestly not know that the FISA warrant they were served was part of a broader program directed at wide range of providers. Such a warrant could specify directly (or make timeliness requirements that make this the only way to comply) that the data be provided by being fed to the NSA from the companies servers, without providing the NSA access to the servers.
IOW, everyword of the denials could be literally true, with the substance of the story -- that the NSA is being fed the vast array of customer data described in the stories about PRISM and can access data from that collection freely at will -- being true at the same time, the only things that are in conflict between the story and the denials are peripheral inferences and implications about the mechanism that appear in the story (such as "direct access" or the absence of court orders or other compulsory process.)
To me the presence or absence of court orders is absolutely a substantive distinction, as is the question of whether information is requested for only a limited subset of customers or for all (or a significant fraction of) customers.
> To me the presence or absence of court orders is absolutely a substantive distinction
Its perhaps a substantive distinction in terms of the culpability of the providers, but its not (IMO) a substantive distinction in terms of the abuse of surveillance by the government if the scope of information collected is as broad as described in the story. PRISM is just as bad if it is done via broad FISA court orders of the type of the Verizon order as if it is done without a court order.
> as is the question of whether information is requested for only a limited subset of customers or for all (or a significant fraction of) customers.
While the providers have denied providing information as part of a "voluntary program" or "without court orders", none have addressed the scope or breadth of information, so, while that may be an important distinction, its not one that is addressed by the denials at all.
If you look at the "denials", they all only deny one or more of the following things: 1. That the government has direct access to the providers systems, 2. That customer information is provided to the government outside of what the provider believes is legally required, 3. That customer information is turned over to the government without a court order.
Lets start with the "direct access" piece, because this appears to be a common inference as to how the broad scope of information at issue is provided to the government, but the "direct access" characterization seems to be at odds with the slide titled "PRISM Collection Details" in the presentation that is the source of the accusations. That slide strongly suggests that there is a distinct collection of data that is available for NSA users, varying in content by provider.
The idea that it is a "voluntary program" or one outside of a process dependent on court orders isn't inconsistent with anything that has been made public from the source documents, but it doesn't seem to be demanded by them, either. What is clear from the documents (assuming their authenticity and accuracy) and the direct characterizations of them (rather than what are clearly inferences and not direct characterizations) provided in the coverage is that different providers were brought into the program at different times, and that the program involves some form of "cooperation" by the providers -- but none of that implies that it is voluntary or doesn't involve court orders of some kind (perhaps, specifically, FISA warrants)-- and that from each provider the collection of data is limited to a provider-specific list of particular kinds of data, and that the data is provided to the NSA directly from the companies servers (but the "direct access" rather than direct provision thing appears to be an inference from the direct provision, rather than itself a direct characterization.)
In fact, the recently revealed broad Verizon FISA warrant suggests exactly how this could have been achieved with FISA warrants -- instead of being dates on which a negotiated agreement was reached with each provider, the dates the providers are listed as being brought into the program could be the dates on which a broad FISA warrant (similar to the Verizon one, but specifying different data) was issued mandating collection of specified data from the specified provider. The providers could then honestly deny participation in a voluntary program, or providing direct access to their servers, or providing customer information without a court order -- they could even honestly not know that the FISA warrant they were served was part of a broader program directed at wide range of providers. Such a warrant could specify directly (or make timeliness requirements that make this the only way to comply) that the data be provided by being fed to the NSA from the companies servers, without providing the NSA access to the servers.
IOW, every word of the denials could be literally true, with the substance of the story -- that the NSA is being fed the vast array of customer data described in the stories about PRISM and can access data from that collection freely at will -- being true at the same time, the only things that are in conflict between the story and the denials are peripheral inferences and implications about the mechanism that appear in the story (such as "direct access" or the absence of court orders or other compulsory process.)