Occasionally, when in the name of security, someone says "we can neither confirm nor deny x", x isn't happening (for whatever value of "happening" is appropriate to x). In this case, given the US attitude to jurisdiction the reality may be quite simple. Any data or communications processed on or passed through any system that is owned, operated, managed or otherwise controlled by any US entity or subsidiary thereof may be arbitrarily hoovered up by the NSA or other similar agencies. They will then analyse it however they wish for whatever purpose they want. This can happen regardless of what connections are known to exist between the US authorities and any individual provider. Attempting to discover the scope and extent of those connections may thus be a pointless exercise. The same thing probably happens in many other countries too.