This also doesn't mean PGP and Tor users are completely inaccessible. Law enforcement has performed successful attacks on Tor using a variety of tactics, and even the most impressive encryption tool can't get around a local malware infection. The age of the documents has also raised concerns: documents from 2012 show the NSA struggling to crack the AES encryption standard — one of the most widely used standards in cryptography — and some observers are worried that the NSA's efforts may have succeeded in the two years since.
For security experts, the result is a mixed bag. Many of the cracked standards were already known to be faulty, so the news of widespread HTTPS circumvention is alarming, but not entirely surprising. At the same time, anyone depending on PG or Tor to throw off surveillance should be relieved to find evidence that the tools have often succeeded in doing just that. But for Appelbaum, the broader lesson was the ongoing fight between government surveillance and private communications. "During the crypto wars, we thought that we had won.... We thought that with cryptography we could change the entire balance," Appelbaum said. "We can say now that the first crypto wars were not won. If anything they were lost, or they're still going on now."