Following Alex Stamos’ intriguing A Taxonomy of PRISM Possibilities I noted the following path suggested:
The PRISM program exists and gathers large amounts of information indiscriminately. The NSA is gathering broad data sets by passively sniffing huge amounts of traffic on backbones and at interchange points without the knowledge of the end-providers. The NSA is decrypting traffic using the private keys of these companies which it convinced them to turn over.
In short, one of the paths he seems to suggest is one where (2 B ii a c b) the NSA is passively sniffing without the knowledge of the end-providers but the NSA has their Private Keys.
Even though at first glance it might look like a contradiction – why would they allow them to have their Private Keys if they though they were likely to sniff their traffic, there’s always the chance the Private Key was handed over for other reasons at another time. The chance that this might be the case should now make any organisation become more than normally wary about who has access to their Private Keys.
Unless, and as Stamos says,
This is a way that these companies could cooperate with the NSA without large numbers of employees being involved.
And be able to pretend to themselves while denying in public – as many have – that they’ve allowed any backdoors by Government agencies into their servers and services.