[Kalium]

You're so completely right that the NSA, CIA, and more already agree with you!

The IC invests massive resources into enhancing security. I've seen it firsthand - software projects like SELinux and a whole slew of research projects come to mind in addition to stuff I worked on. Though if you've only ever been exposed to the other side of the house, it's easy to be ignorant that the defensive missions exist at all. Certainly it tends to not make any news, ever.

[cdf2theworld]

It's true, I've only been on the military side of the IC, so everything I've been exposed to has been offensive in nature. That being said, the attitude of everyone I've met in the IC has been "we need to be able to access everything, at any cost". This attitude comes from the top (how else would it be so pervasive), and it is completely at odds with any sense of security for the average citizen. I think that this overall attitude is what really skews me. I'm familiar with SELinux, and why it was made open source; but I'm also familiar with Dual_EC_DRBG. Seems SELinux release may have been more a red herring or PR stunt than an actual attempt to protect security of the average person, given how much effort they put into defeating the security of the average person.