There is a difference between trying to break cryptography, and prioritizing breaking cryptography over protecting civilians.
This is true for almost everything in the world. I want for example that the police try to stop criminals, but I do not want them to go around with minigun's and spraying the street with bullets. I want the police to prioritize the safety of civilians.
Same goes for NSA. They are perfectly free to try break hostile entities encryption, but they should not sabotage US civilians security while doing so. When they sabotage standards, or keep vulnerabilities secret so they and criminals can break into peoples computers, then NSA is not prioritizing protecting civilians.
> When they sabotage standards, or keep vulnerabilities secret so they and criminals can break into peoples computers, then NSA is not prioritizing protecting civilians.
Even the standards that they have been shown to sabotage (Lotus Notes, Clipper, Dual_EC_DRBG), they have sabotaged it in a way that should have reduced the security of the system against NSA, but not in general. I'll note that I disagree with this concept (I'm not a mathematician but it seems to me that it is difficult to prove theoretically that the NSA private key could never be derived when you know the plaintext and ciphertext). However even on these NSA was trying to maintain the security of the cryptosystem itself, it's not as if they introduced a deliberate backdoor where the thing falls apart if you guess the right 8-letter password.
I see your point about knowing about software vulnerabilities and not acting on them. But the problem is that software will always have vulnerabilities, and the citizenry at large isn't exactly good at keeping always up-to-date. So if NSA divulges every 0-day they know, then they don't help the public that much, but do help the enemies of the public protect their software that much better.
You could almost argue that the NSA "buying up 0-days" is directly beneficial to the citizens, by ensuring that at least those vulns don't end up in the hands of someone who'd actually do something rotten with them.
They're doing it to spy on the rest of the world, which is something that they've done for their entire existence. It's one of the two major reasons they exist at all.
It happens that now the rest of the world is using the same crypto we're using, but that's not NSA's fault. Nor is it a major degradation over a status quo; the government has usually been able to "spy on us", it's only been a short time comparatively speaking that it was even possible for the average citizen to completely encipher their communications. Telegrams, for instance, were copied and read as a matter of course if they crossed international boundaries.
This is true for almost everything in the world. I want for example that the police try to stop criminals, but I do not want them to go around with minigun's and spraying the street with bullets. I want the police to prioritize the safety of civilians.
Same goes for NSA. They are perfectly free to try break hostile entities encryption, but they should not sabotage US civilians security while doing so. When they sabotage standards, or keep vulnerabilities secret so they and criminals can break into peoples computers, then NSA is not prioritizing protecting civilians.