Plus, careful wording allows all sorts of out. Google says they don't provide a "back door", but this sort of thing could be defined as coming in the front door.
At least as far as we know. We're in new territory here--this is a secret court with secret rulings so it's unknown what kind of orders have been issued. There may very well be one that requires denial. Or the NSA could be skipping a step and be making use of its backhaul fiber firehoses and a cache of certificates to decrypt SSL traffic. Hopefully we'll find out...
Confirming or denying, or stating the (in)ability to talk about it is a breach of the requirement to keep the information classified. The proper response is 'we do not know what you're talking about'. Which is what they said. It can't be conflated with something stupid like 'cannot confirm or deny' which tells you right away.
Plus, careful wording allows all sorts of out. Google says they don't provide a "back door", but this sort of thing could be defined as coming in the front door.