My guess:
-SSL protects only as far as the cloud; they sits after decryption and can get the clear text data
-They can hack into people's computers (using zero day) and read the data before it's ever encrypted
-SSL/TLS do not offer forward security, so the encrypted data can be stored and then cracked if/when the keys become available later
-Man-in the middle attacks that substitute fake keys to both sides and capture the data anyway. It hepls if they captured one or more certificate authorities.
-Brute-force attacks against poorly-configured keys (too short) for SSL and VPNs.
-They can hack into people's computers (using zero day) and read the data before it's ever encrypted
-SSL/TLS do not offer forward security, so the encrypted data can be stored and then cracked if/when the keys become available later
-Man-in the middle attacks that substitute fake keys to both sides and capture the data anyway. It hepls if they captured one or more certificate authorities.
-Brute-force attacks against poorly-configured keys (too short) for SSL and VPNs.