It's been exhaustively denied. However, given all we know about the CIA/NSA and their activities over the years (ECHELON, AT&T room 641a, intercepting and backdooring routers, PRISM, etc., et. al.), there is no amount of bloviating from Microsoft that will make me believe NSAKEY wasn't, and isn't, exactly what it looks like. In the end, you can't prove a negative, so all you can do is believe whatever you want to believe, informed by everything else we already know.