There's no question that they're monitoring upstream traffic. In fact they may still be doing the old ECHELON trick in which the US eavesdrops on non-Americans, the rest of the world spies on Americans (among others) - and then everyone swaps the data received.
But in the light of the PRISM documents it's even more likely than it was before that the NSA doesn't have the ability to decrypt HTTPS, or at the minimum that the US considers it too important to risk giving it away by using it on routine Top Secret signals intelligence. (And/or maybe too resource-intensive to use for that.) The strongest evidence for this is that we haven't heard anything about such a capacity yet from Snowden, Greenwald et al., who all have the full PRISM deck (along with other documents) in their possession and would surely tell us about it if they knew of it. So either 1) the PRISM slides do mention the ability to decrypt SSL or SSH streams but Snowden and the journalists haven't picked up on it (not impossible given the apparent incompetence they displayed over "direct access"), 2) it's too sensitive to mention in a self-aggrandising Top Secret overview of upstream and "direct collection" Internet signals intelligence, which probably means it's not in use (or at least not in regular use) for upstream collection or 3) they really don't have it.
A supporting reason to think that they don't have it, or hardly ever use it, is the apparent emphasis on "direct collection" in the PowerPoint. Why go to the hassle of dancing the frenemy minuet with Google and other fairly-anti-surveillance Silicon Valley firms when you can just get what you want from upstream collection at the apparently more-accommodating telcos? This isn't conclusive because even if you could understand all the traffic into and out of someone's Facebook account you'd still like to be able to see the internal state of the account, in particular so that you'd know what they'd been doing before the upstream surveillance began. But I think it's at least as likely that the whole new focus on direct collection is a workaround for the fact that, thanks to SSL and SSH, upstream collection just isn't what it used to be back in the days of ECHELON.
As the slide said, You Should Use Both: direct collection to give you access to US-company servers, probably bypassing the HTTPS problem, and upstream access to give you data, probably only unencrypted data (email!), that passes through the US without going to a US-company server.
(If you want an exotic alternative theory, you could speculate that the PRISM document is a fake, a limited hangout http://en.wikipedia.org/wiki/Limited_hangout by the US spooks, maybe precisely to direct attention away from their ability to decrypt HTTPS streams. But this now seems unlikely, for example because DNI Clapper would surely have to have approved a managed release of a set of documents that both gave away the Verizon metadata surveillance and so also implicated him in perjury.)
I can't remember which interview it was, if on Democracy Now, or his MIT lecture video, but Bill Binney stated that the NSA in fact does decrypt HTTPS.
If Bill Binney said that, and if he is right, I'd assume the most likely explanation is that NSA can push over some low-security SSL connections of the type jerf describes above https://news.ycombinator.com/item?id=5877362 , but has to rely on "direct access" to get around most or all high-quality (but still widely-used) SSL encryption. (Or, again, that it also has the capacity to break high-grade HTTPS connections, but it's holding that back for really important occasions.)
With the history of the gov/NSA being effective crypto gods - my money is they are ahead of decrypting SSL and HTTPS and even of it is not real-time, they store streams from target end points regularly for slower offline decrypt.
I wonder why so many people believe this. Many simple and weak ciphers have been around for decades and - although they are considered to be very insecure by cryptographers - certainly can't be decrypted in real-time (!) on this scale (!).
This has been talked about many times now. All compromising a CA lets them do is to create believable certificates to be able to man in the middle connections, but they can't be doing that for a large number of connections because it's resource intensive and detectable.
They still don't have the private keys of the sites if they break into the CA.
I find this quite plausible, with or without the knowledge of Page, Zuckerberg et al. the NSA might very well have the private keys of these companies. I would not be surprised if the CEO's of these companies choose to be ignorant of the NSA's methods to not have to lie to the public, shareholds and Congress.
Also, given that the world's best engineers work at either high-tech companies or the NSA there will be some who have switched between these industries, giving the NSA/CIA a headstart to get any information these companies hold through old-fashioned spy-tactics.
But in the light of the PRISM documents it's even more likely than it was before that the NSA doesn't have the ability to decrypt HTTPS, or at the minimum that the US considers it too important to risk giving it away by using it on routine Top Secret signals intelligence. (And/or maybe too resource-intensive to use for that.) The strongest evidence for this is that we haven't heard anything about such a capacity yet from Snowden, Greenwald et al., who all have the full PRISM deck (along with other documents) in their possession and would surely tell us about it if they knew of it. So either 1) the PRISM slides do mention the ability to decrypt SSL or SSH streams but Snowden and the journalists haven't picked up on it (not impossible given the apparent incompetence they displayed over "direct access"), 2) it's too sensitive to mention in a self-aggrandising Top Secret overview of upstream and "direct collection" Internet signals intelligence, which probably means it's not in use (or at least not in regular use) for upstream collection or 3) they really don't have it.
A supporting reason to think that they don't have it, or hardly ever use it, is the apparent emphasis on "direct collection" in the PowerPoint. Why go to the hassle of dancing the frenemy minuet with Google and other fairly-anti-surveillance Silicon Valley firms when you can just get what you want from upstream collection at the apparently more-accommodating telcos? This isn't conclusive because even if you could understand all the traffic into and out of someone's Facebook account you'd still like to be able to see the internal state of the account, in particular so that you'd know what they'd been doing before the upstream surveillance began. But I think it's at least as likely that the whole new focus on direct collection is a workaround for the fact that, thanks to SSL and SSH, upstream collection just isn't what it used to be back in the days of ECHELON.
As the slide said, You Should Use Both: direct collection to give you access to US-company servers, probably bypassing the HTTPS problem, and upstream access to give you data, probably only unencrypted data (email!), that passes through the US without going to a US-company server.
(If you want an exotic alternative theory, you could speculate that the PRISM document is a fake, a limited hangout http://en.wikipedia.org/wiki/Limited_hangout by the US spooks, maybe precisely to direct attention away from their ability to decrypt HTTPS streams. But this now seems unlikely, for example because DNI Clapper would surely have to have approved a managed release of a set of documents that both gave away the Verizon metadata surveillance and so also implicated him in perjury.)