Note the relevant text:
Mr. Ball said he noted these files were unusually large, and discovered that they were actually created in a different program, Pretty Good Privacy, which enabled each file to run as a separate, encryption-protected "virtual hard drive." Without the correct password, the files were completely unintelligible.Now others will say that the following means the found the keys, but that would be wrong. Read the paragraph above once more then this paragraph:
It's the equivalent of "a safe with a combination," Mr. Ball said in court. He sent the files to British intelligence services, which returned them decrypted, or unlocked. Once able to open the files, Mr. Ball testified, he still wasn't able to read most of the messages contained with them: Mr. Karim had enciphered the text, leaving it scrambled and unreadable.
Mr. Karim left police a clue, however. On the external hard drive was a disguised file that looked like it was meant for viewing thumbnail-size photographs—but that actually consisted of text with instructions for using a spreadsheet containing a purpose-built formula to decipher the message, according to Mr. Ball. The spreadsheet also worked in reverse, enciphering messages before sending to another member of the group, Mr. Ball said.This means the second level of encryption, not PGP, so the four main questions are:
- Is PGP cracked?
- Did PGP pony up a backdoor?
- Did the investigators sneak the keys?
- Is there a mole that provided the keys?