When he first responded to the reports that gave the first details of the NSA's PRISM data collection program, the Director of National Intelligence, James Clapper, had said he would work towards declassifying information about the program in order to correct what he called "numerous inaccuracies" and "reckless disclosures" by the media. Today, Clapper made good on that promise by releasing a fact sheet about the program.
The first set of points explain it all really:
PRISM is not an undisclosed collection or data mining program. It is an internal government computer system used to facilitate the government's statutorily authorized collection of foreign intelligence information from electronic communication service providers under court supervision, as authorized by Section 702 of the Foreign Intelligence Surveillance Act (FISA) (50 U.S.C. § 1881a). This authority was created by the Congress and has been widely known and publicly discussed since its inception in 2008.
Under Section 702 of FISA, the United States Government does not unilaterally obtain information from the servers of U.S. electronic communication service providers. All such information is obtained with FISA Court approval and with the knowledge of the provider based upon a written directive from the Attorney General and the Director of National Intelligence. In short, Section 702 facilitates the targeted acquisition of foreign intelligence information concerning foreign targets located outside the United States under court oversight. Service providers supply information to the Government when they are lawfully required to do so.
The Government cannot target anyone under the court-approved procedures for Section 702 collection unless there is an appropriate, and documented, foreign intelligence purpose for the acquisition (such as for the prevention of terrorism, hostile cyber activities, or nuclear proliferation) and the foreign target is reasonably believed to be outside the United States. We cannot target even foreign persons overseas without a valid foreign intelligence purpose.
In addition, Section 702 cannot be used to intentionally target any US citizen, or any other US person, or to intentionally target any person known to be in the United States. Likewise, Section 702 cannot be used to target a person outside the United States if the purpose is to acquire information from a person inside the United States.
Finally, the notion that Section 702 activities are not subject to internal and external oversight is similarly incorrect. Collection of intelligence information under Section 702 is subject to an extensive oversight regime, incorporating reviews by the Executive, Legislative and Judicial branches.
So, it sounds like the aims of the program and the legality of the program are all square on the surface. And, as we just learned the program focuses on metadata, not the content of emails or instant messages. We can't 100% confirm that's what is actually happening with the program, but given how it is really targeting areas like Iran and Pakistan, the explanation does match up with what we're learning.