Because the company has to provide the data (or not). The company can (must) decide to exclude data that doesn't have a FISA warrant, for example.
The threat to this model is the idea that a FISA warrant might not be required until monitoring has gone on for 72 hours, but that was just as much of a threat with the prior model, where the data were manually extracted and sent by the company instead of using the automated dropbox setup.
This hypothesis is certainly plausible, but I haven't seen any proof for it besides the self-serving statements of people who aren't under oath and who anyway aren't necessarily in a position to know for sure. Which isn't much, as proof goes.
Was Snowden under oath? Did well-known concepts such as Occam's Razor suddenly stop applying because a contractor with biases and motives of his own decided to drop a bunch of data on a WaPo reporter with a 72 hour deadline to publish?
Regardless of what prism is, if it's a reasonable system with oversight and consequences for those abusing their power, why is it secret?
There's nothing necessarily wrong with something like PRISM (especially since we don't even know what it is), but the choice about whether it's right or wrong belongs to the people as a whole, most certainly not to a few people happened to have grabbed that power.
What's the point of democracy and accountability if it's unclear what people are accountable for nor what you're voting on? This kind of system should never ever have been introduced in secrecy.
It's secret because of OPSEC, the same reason that essentially everything else an intelligence agency does is secret.
Does the public go down and tell the Admirals how to staff a warship? Or what controls to use when deciding to launch weapons? Those are life and death decisions where the military essentially handles its own oversight with Congress and government civil servants involved at the higher levels to handle public interest in accountability and oversight. Yet I don't see the public up in arms about that.
Now, if the people say they don't like Prism and don't want it then the NSA should gut it; that's the right of the people to decide.
But I wish we wouldn't be so quick to jump to the idea that the public must personally audit and review all such government programs as a rule, because as far as I can tell from the seats I've sat in the public has never actually believed that in general at all, and are normally quite content to allow their Congressmen and our shared values as citizens (for those actually doing the work) to provide that oversight.
The threat to this model is the idea that a FISA warrant might not be required until monitoring has gone on for 72 hours, but that was just as much of a threat with the prior model, where the data were manually extracted and sent by the company instead of using the automated dropbox setup.