[AnthonyMouse]

DUAL EC DRBG: No more of that.

Or as another example, consider what happens when the NSA discovers a security vulnerability in a common crypto library. If the NSA is allowed to use it for surveillance then they will do that instead of disclosing it, meanwhile the vulnerability persists in the wild just waiting for someone even worse to discover it. You can imagine the epic fail if the Chinese government got hold of Heartbleed six months before the OpenSSL maintainers.

[csandreasen]

There haven't been any actual concrete disclosures showing that DUAL EC DRBG was backdoored, just loads of conjecture. Maybe it was, maybe it wasn't - the same conjectures were put forth regarding the manipulated S-boxes in DES and it turned out twenty years later that the NSA was actually strengthening the algorithm, not weakening it. If DUAL EC was backdoored, it was a pretty pathetic attempt: it was hardly ever used (only 720 confirmed vulnerable servers out of a survey of 21.8 million[1]) and due to its slow speed there were recommendations not to use it long before Snowden came along. One year later and nothing in the Snowden cache has been leaked providing concrete proof showing a backdoor; I'm not holding my breath for it.

Regarding Heartbleed, the NSA denied having knowledge of the bug before its disclosure. There was a follow up post on the Whitehouse blog[2] that discussed some of the criteria the administration would use in determining whether or not the NSA should disclose a 0-day.

It sounds like you're wanting them to actively search for vulnerabilities in software they didn't write and might not even be used by their targets (the Chinese government could have taken advantage of Heartbleed, but I don't know how many Chinese government sites use OpenSSL). That's not what we currently fund them to do, and I get the impression that most American tech companies wouldn't want the NSA's help anyways.

[1] http://dualec.org/

[2] http://www.whitehouse.gov/blog/2014/04/28/heartbleed-underst...