Most likely they just don't know what they're talking about. This is a government answer to a question posed by parliament, which means that it probably went through a lot of hands, most of which don't even know what PGP stands for, let alone what the technology does.<p>The statement itself is very vague anyway, saying that "it depends on the strength and the quality of the encryption". Which most likely translates to: they cannot actually break PGP, but they have some tricks to get key material via other means, and then obviously they can decrypt.
Note that "depending on the type and quality of the encryption" can mean "if you use 512-bit keys" (or e.g. use weak entropy to generate the keys). Indeed, that's the likely explanation - if Germany really figured out how to decrypt best-practice PGP, they wouldn't be blabbing about it.<p>(Also note that the Subject: line is unencrypted by design.)
Understand that Western governments have had legal access to rubber-hose cryptography for some time. Inasmuch as a person may be beaten with a rubber hose until the passphrase is revealed, I've no doubt they are able to break PGP.
I think the title sounds much to factual for such a vague statement. They that they are <i>in principle</i> able to decrypt <i>such encryption</i>, that can mean anything from "we can if the key is weak" over "there is a law which permits us to install a backdoor on your pc" to "we can beat you up until you tell us your password".<p>And it is in the best interest of german intelligence agencies to make such a vague statement. If they would admit that they are unable to break pgp, that would be taken as a software recommendation by everyone who is afraid of them.
"Can decrypt" is a phrase that gives many interpretations<p>For example, SSH, can you do a MITM? Can you decode a pcap dump? Only for a specific crypt?<p>Same thing with a PGP, if you have resources you can certainly throw several machines at a dictionary attack and can come with a decryption for most cases (after a long time).
The answer given is so vague and devoid of meaning they could just as well have answered with a "Some times may be". I don't see any reason to be concerned about the security of PGP.