The NSA has no real standing on helping secure anything
I'm not an expert on technical aspects, but I don't see why anyone would see the NSA (or any similar agency) as having any role in ensuring any data can be sent with absolute security. If the NSA knows some crypto is truly secure, they will never admit publically such a method is safe. So, any method the NSA recommend *has* to have been broken. It's that simple. I'm guessing RSA incorporated NSA-approved crypto components mainly to secure government business -- a win-win for the NSA.
The NSA's (and some of Congress') public comments are exemplary in their ability to say something while saying nothing. The massive data vault being assembled in (I think) Utah (and probably elsewhere) is absolutely designed to capture every packet of digital communications transmitted from all points of the world. The encrypted bits will get summarily decrypted and indexed, either through vulnerabilities or by brute force, in advance of any potential warrant for the content. The NSA likely thinks they can do this even with domestic communications because the end result is sealed from outside investigators until a warrant is presented (and it's a pretty low bar to get one). Meanwhile, I recall it only takes a 50.1% likelihood that the communications qualifies as domestic to give that modicum of protection.
I don't envy the NSA's mission though. They are trying to operate in a world where the public demands both absolute privacy and protection from destructive actors using these same protections to help execute truly evil things. But the laws protecting privacy (for U.S. citizens, at least) are just plain hollow. Our protections are in the hands of a few secretly appointed judges who do not understand what they are being asked and have no real public oversight. I doubt they've rejected a single application for a warrant. This is my biggest problem with the whole situation. The Congress also needs to stop being toothless, ignorant enablers of this secret court -- but Congress' credibility is nothing to crow about either.
The NSA should just stay out of the commercial security business and stay away from academic contributions because they have no standing or credibility. They should quietly listen on targets identified by a (eventual) transparent oversight process and make it easier for the constituent agencies to obey the law. As things stand today, there is *nothing* these agencies can't get away with. And that's probably what they all want.
Biting the hand that feeds IT
