[mindslight]

The problem is that the NSA (and USG in general) views security in terms of perpetuating the status quo, rather than letting broken institutions fail so that better approaches can take their place. It's akin to how the guy putting a skimmer on ATMs is at worst a red herring - the banks are the actual culprit by still using info-only cards with plaintext account numbers, 36 years after D-H! In order to actually move forward, at some point ATM impersonation should stop being considered fraud as the banks have had plenty of time to understand that their assumptions are utterly faulty and that they actually know nothing about the identity of an ATM user (and therefore under the current system have no authorization for withdrawals). But instead of secure user-based tokens with explicit capability limits, we get ever more feel good patches on a fundamentally unsolvable problem.

[jonhendry]

And the NSA has what to do with that?

My point is that the government aren't the only people trying to fuck us. The private sector, big and small, is trying to do so as well.

[mindslight]

'The citizens' is referencing the group uniformly. 'Citizens' and 'USG' clearly have a large intersection, but the point is that importance should be distributed throughout the former. That some citizens are bad actors doesn't change this.

I was drawing a parallel with bank security as the same institution-based priorities apply to the NSA. Their version of 'security' primarily involves securing the position of USG and its subsidiaries by monitoring everyone to gain intelligence against possible threats (including the non-criminal threats). This makes the citizens, who should be the most important, less secure.