This seems to be a recurring argument: they have RSA breaking magic sauce in a safe in a bunker in a fort.
If they do indeed - surely they would at least employ it in the backend to decrypt data? The documents we are seeing are geared towards analysts and provided from the groups implementing various attacks/capturing/decryption functionality. They wouldn't even have to reveal anything - just "give us data, we'll send you back decrypted results". Yet they frequently set rather low expectations for decryption. And then theres the organizational question. Why have groups targeting VPNs, IPSec, HTTPS etc. when breaking RSA gives you a golden key to any of these?
What I'm saying is these arguments routinely devolve into "it's so secret, they can't tell their own employees or analysts and they can't use it for the capability could be leaked". At that point the consequence is that the magic RSA breaking sauce becomes pointless as you can't use it, certainly not for the objective the NSA has spent the last decade on: capture everything.
I see it like the judicious use of signals intelligence in WWII. If you use it for everything, you risk tipping the enemy off that their crypto is broken. You have to balance the benefit from the inherent knowledge leak from using it.
I'm not saying they have it, but if they had it, they would be foolish to use it all over instead of only on key targets.
If they do indeed - surely they would at least employ it in the backend to decrypt data? The documents we are seeing are geared towards analysts and provided from the groups implementing various attacks/capturing/decryption functionality. They wouldn't even have to reveal anything - just "give us data, we'll send you back decrypted results". Yet they frequently set rather low expectations for decryption. And then theres the organizational question. Why have groups targeting VPNs, IPSec, HTTPS etc. when breaking RSA gives you a golden key to any of these?
What I'm saying is these arguments routinely devolve into "it's so secret, they can't tell their own employees or analysts and they can't use it for the capability could be leaked". At that point the consequence is that the magic RSA breaking sauce becomes pointless as you can't use it, certainly not for the objective the NSA has spent the last decade on: capture everything.