Yes, we've lost everything encrypted with single DES, PPTP, SSL less than 1024 (?) bit keys, Debian Etch, and so on.
But on the other hand: Snowden was successfully able to evade Boundless Informant and conduct a confidential conversation with Greenwald and Laura Poitras (certainly already an active surveillance target for her film of William Binney).
And even 1024-bit SSL, unless you believe the NSA can't afford to devote <$1M per year per key to the effort:
http://news.cnet.com/8301-13578_3-57591560-38/facebooks-outm...
Eran Tromer, an assistant professor of computer science at Tel Aviv University who wrote his 2007 dissertation on custom code-breaking hardware, said it's now "feasible to build dedicated hardware devices that can break 1024-bit RSA keys at a cost of under $1 million per device." Each dedicated device would be able to break a 1,024-bit key in one year, he said.
But on the other hand: Snowden was successfully able to evade Boundless Informant and conduct a confidential conversation with Greenwald and Laura Poitras (certainly already an active surveillance target for her film of William Binney).
So the crypto wars are not yet lost.