Didn't the companies (Google, Facebook etc.) just give the information to NSA, or did I miss something?

I don't see how SSL key length is relevant in the whole discussion if the weakest link is the company, not the transport method used.