You’re confusing ‘spying’ and signals intelligence (SIGINT). I can’t offer any proof but the volume of material being produced from SIGINT (in this case, allegedly) is far too large to be extracted without dedicated infrastructure, even if you could reliably co-opt hundreds of administrators around the world and keep them quiet.

To me it looks like confusion between ‘legal intercept’ and ‘direct access’. There are already security-checked compliance staff responding to requests from police / intelligence services (there’s even one for the 3 network in the UK advertised on LinkedIn right now) and PRISM – if it is as it seems (and that’s a massive if) – is probably the automation of that process. The ‘direct access’ is to the dedicated systems the operators already run to meet their legal obligations.