"That is very heavily qualified denial."
Good spot. They're catching up, or hiding. The leakers could be exaggerating, but there's a kernel there.
Could be a problem - was the program legal/authorized in the first place? Might be some tiptoe-ing due to that concern.
I had asked that question on another thread. to do this, they needed pools of hotel records, credit card records, immigration records, a bunch of other stuff to qualify a intersection of data down to a modestly short list of possible hits. where did they get it all from?