His answer to the question "What direct access means":
1) More detail on how direct NSA's accesses are is coming, but in general, the reality is this: if an NSA, FBI, CIA, DIA, etc analyst has access to query raw SIGINT databases, they can enter and get results for anything they want. Phone number, email, user id, cell phone handset id (IMEI), and so on - it's all the same. The restrictions against this are policy based, not technically based, and can change at any time. Additionally, audits are cursory, incomplete, and easily fooled by fake justifications. For at least GCHQ, the number of audited queries is only 5% of those performed.
For me, this was a really unsatisfying answer. Maybe the question should have been more specific, but I took it to relate to the PRISM programme and the specific technology that provided direct access to data at the companies involved. His reply seemed to focus on the policies (or lack thereof), with an example relating to call logs (which I already assumed would be provided by some (S)FTP feed from the carriers and bulk loaded into a database anyway).
Maybe he doesn't know how every server is configured. Why would he be expected to?
If one data feed uses a fiber tap and another uses a daily sftp transfer, does it really matter if some/most/all of Americans' communications is ending up in a database to be queried by analysts today and god-knows-who 30 years from now?
1) More detail on how direct NSA's accesses are is coming, but in general, the reality is this: if an NSA, FBI, CIA, DIA, etc analyst has access to query raw SIGINT databases, they can enter and get results for anything they want. Phone number, email, user id, cell phone handset id (IMEI), and so on - it's all the same. The restrictions against this are policy based, not technically based, and can change at any time. Additionally, audits are cursory, incomplete, and easily fooled by fake justifications. For at least GCHQ, the number of audited queries is only 5% of those performed.