The NSA has finally decided to tell the world how the Internet surveillance program PRISM works, though it's been almost a year since its existence was revealed by one of the very first Edward Snowden leaks.

On Tuesday, the spy agency released a report on Section 702 of the Foreign Intelligence Surveillance Act (FISA), which is the legal justification for PRISM. The document explains how the NSA collects Internet data but, perhaps unsurprisingly, it reveals almost nothing new.

However, even though it doesn't go into many technical details, it appears to confirm that the program pretty much works the way two security researchers theorized back in June.

See also: This Is How the NSA Is Trying to Win Over the Media

Ashkan Soltani, a security and privacy researcher, along with another researcher, nicknamed semipr0, drew up an infographic based on the information leaked by Snowden, as well as news reports.

In their model, PRISM is a system with which the NSA requests data from tech companies, through the FBI. The tech companies then send the requested information to the spy agency via different technical means.

In the newly released document, dated April 16, the NSA's Office of Civil Liberties and Privacy confirms that its collection of Internet data happens always with "the knowledge of the service providers." And the document clarifies that the NSA doesn't have direct access to the companies' servers, as the first reports of PRISM wrongly indicated. Tech companies have repeatedly denied their knowledge of PRISM since it was uncovered.

This collection can happen two ways.

The first one is via the PRISM program, which legally compels service providers (in this case presumably Google, Facebook, Yahoo and others) to turn over to the NSA the communications to and from a target, which the NSA refers to as "selector." The second way is by compelling service providers (in this case ISPs like AT&T) to "lawfully intercept" (read: "tap") Internet traffic going through their networks. This process has usually been referred to as "upstream" collection.

The NSA is quick to point out that "U.S. persons" are "never targeted by PRISM." But the agency can use a U.S. person's "identifier" — a telephone number or an email address — to search through its database of collected Internet data "when such a query is reasonably likely to return foreign intelligence information," the document reads.

But, NSA reassures, there are remedies if it mistakenly targets a U.S. person: the NSA "must cease collection immediately and, in most cases must also delete the relevant collected data and cancel or revise any disseminated reporting based on this data," the document reads.

Soltani, the researcher who made the PRISM infographic and has been working with The Washington Post on its Pulitzer-prize winning coverage of the Snowden documents, joked on Twitter that by spoofing the origin of emails (making them looks like they come from the United States) one could trick the NSA.

And, he told Mashable, it could be seen as strange that the NSA is publishing this information when it has repeatedly accused media outlets of irresponsibly disclosing details that could jeopardize its mission.

"It's just amusing to see the press (and Snowden) criticized for publishing sensitive information that would jeopardize NSA's capability when publishing that detail does the same," he told Mashable in an online interview. "It essentially gives would-be terrorists ideas on how to potentially skirt around 702 collection because of legal (policy) restrictions on the NSA."