CNET is reporting that a "former government official who is intimately familiar with [the] process of data acquisition" detailed in the leaked PRISM slides says that the NSA had no direct access to tech company servers. In fact, the Washington Post had updated its original story with a statement saying that "It is possible that the conflict between the PRISM slides and the company spokesmen is the result of imprecision on the part of the NSA author." If CNET's sources is correct, it could indeed be the case that the original reporting on PRISM was the result of "misreading" the leaked PowerPoint presentation. Steward Baker, the NSA's general counsel in the 1990s, told CNET that the original Washington Post coverage looked "rushed and wrong."
One source reportedly agreed with the many company statements we've seen so far, saying "It's a very formalized legal process that companies are obliged to do." CNET's Declan McCullagh reports that the government must request account details about specific people who are not US citizens and need to have "a specific finding that they're involved in an activity related to international terrorism." These requests reportedly are "Section 702 orders" and are subject to FISA court review — though such review has been likened to a rubber stamp.
As the story develops, the difference between the strong denials from the companies involved and what's known about government access appears to be getting smaller. Still, even if the original PRISM report turns out to be slightly less worrisome than originally feared, there are still serious unanswered questions: telephone companies still appear to be offering unfettered access to metadata and the so-called "secure portals" first reported by The New York Times are still cause for concern.