I believe Google on this. The language is clear and non-weasel-y. Google does not hand over user data to the government unless specifically requested. There is no open-ended access.
But I also believe the government works with ISP's (all major ISPs) so that they can intercept traffic. Which would be a type of MITM attack allowing them to get data from all major web sites.
I'm not much of a conspiracy theorist but those statements are hardly unambiguous. It's the "press reports" that are called false. Close-ended could pretty much be just as broad. The second sentence is hedged with "on such a scale". What is "information about our users' Internet activity"? Does that preclude sharing the actual internet activity? Also, Page keeps referring to "orders" but the press reports suggest some sort of volunteering.
Of course it's hedged with a limitation of scale. Obviously Google, like any other company, is going to provide information on much smaller scales (e.g. a user or a handful of users) for investigation based on specific court-issued warrants. It would be lying to state that Google never provides information about any user activity at all.
In this sentence, I would prefer Google to say: "First, we have not joined any program that would give the U.S. government—or any other government— OR ANY OTHER ENTITY - direct OR INDIRECT OR ANY OTHER TYPE OF access to our servers. [capitalized words are mine]
Except that that would be untrue, because there are perfectly legitimate reasons why the government would have access to data on a small scale - e.g. subpoenaing an individual's records in a specific criminal trial.
The fundamental problem here is that we have allegations that the US Government ordered all these companies to do something bad(tm) and not talk about it. So, if we assume that the allegations are correct, then the companies denying it are in on it, and the denial is false. But if the allegations are not true(either wholly or just for Google), then their denial may be entirely true. That's why it's problematic, because if you believe that the reports are true, then Google's actions are perfectly in-line with that belief. If you believe they're false(or even not as extensive as reported), then Google's actions are perfectly in-line with that belief.
So realistically, the best approach is just to wait and see.
Unless you can MITM SSL, having ISP access isn't enough. Remember, Google's the company that discovered that Turktrust had issued rogue CA certificates through Chrome's cert pinning.
Root certs don't let you decrypt content encrypted with a descending cert. They just let you issue new certs that'll be considered valid. So, a MITM could send a client a compromised cert in the hopes that the client will encrypt content with it (after accepting it as valid due to it validating up the cert chain to root), but Chrome's certificate pinning is specifically designed to detect this class of attack - it is how the compromised Turkcert certs were discovered.
Even if you hold the root certs and can issue attack certs that validate up the cert chain, you can't MITM a cert-pinned client. In order to attack a cert-pinned site, the NSA would have to inject their own certs into Chrome's cert store, or have Google's private cert keys. Either would require compliance from Google.
But I also believe the government works with ISP's (all major ISPs) so that they can intercept traffic. Which would be a type of MITM attack allowing them to get data from all major web sites.