1) They don't necessarily need to break all encryption, just knowing who is talking to who and then delivering a tailored payload is their M.O.; The Tailored Access Operations division exists just for this.

2) They didn't build a Yottabyte-scale datacenter for no reason

3) They have the capability to compromise certificate authorities. Pinned certs aren't universal.

4) Speculation, but, Snowden's revelations probably set off an "arms race" of sorts for developing this capability. Lots more people started using Tor, VPNs, and more, so it would almost be dereliction of duty on their part if they didn't dramatically increase their capability, because the threats they are there to stop didn't disappear.

5) ML/LLM/AI has been around for a while, machine learning analysis has been mainstream for over a decade now. All that immense data a human can never wade through can be processed by ML. I would be surprised if they aren't using an LLM to answer questions and query real-time and historical internet data.

6) You know all the concerns regarding Huawei and Tiktok being backdoored by the Chinese government? That's because we're doing it ourselves already.

7) I hope you don't think TAO is less capable than well known notorious spyware companies like the NSO group? dragnet collection is used to find patterns for follow-up tailored access.

They don't break encryption, they circumvent it. They get into people's computers and access the stored data after it's been decrypted. They stockpile zero day vulnerabilities and use them against their targets in order to install persistent malware. They intercept equipment and literally implant hardware onto the PCBs that let them access the networks. They have access to hordes of government CCTVs. They have real time satellite imaging. They have cellphone tower data.

>NSA does not have magic tools to break modern encryption.

They don't. But they have other options.

For example, Cloudflare is an American company that has plaintext access to the traffic of many sites. Cloudflare can be compelled to secretly share anything the NSA want.

So instead of collecting at AT&T Room 631 you now collect at Google Room Whatever.

The NSA has spent no small amount of time in the last decade obviously interfering with NIST and public encryption standards. The obvious reason is they _want_ to have the magic tools to break some modern encryption.

Dont need to break encryption if you read data from the source -- O/S vendors will do it for you.

Israel produced Pegasus for hacking smartphones and taking them over. You don't think NSA can do that? They control all the endpoints they want.

You should read about Project Cloudflare

They surely don't have any kind of access to letsencrypt root certs whatsoever

This is naive to the point where it is indistinguishable from disinformation.

Aside from a tiny minority of people applying their own encryption (with offline confirmed public keys) at end points with securely stored air gapped private keys, this information is available to the US government, it’s the god damn job of the NSA.

store now... decrypt later...