I'm wondering when somebody in congress will initiate legal action against the NSA for weakening national security.
It's generally acknowledged by now that the NSA has intentionally weakened various cryptographic algorithms, including AES. I'm responsible for various WAN links at my organization, and they use AES-256 IPSec tunnels to secure the traffic. That traffic is extremely sensitive in nature. The NSA may have intended to only allow themselves to crack this encryption, but how am I supposed to know that some other hacker hasn't figured out how to take advantage of the NSA's actions? How do I tell my director that our data is secure, and that we're meeting state and federal regulatory requirements?