The NSA almost never says anything publicly. However, the NSA's primary role in the shadow-world of electronic espionage is to protect the communications of the US government, and crack those of the US government's real, imagined, or potential adversaries. Since this list of possible adversaries includes practically everyone, the NSA is determined to defeat every conceivable cryptographic technique. In pursuit of their institutional goal, the NSA labors (in utter secrecy) to crack codes and cyphers and invent its own less breakable ones.
The NSA also tries hard to retard civilian progress in the science of cryptography outside its own walls. The NSA can suppress cryptographic inventions through the little-known but often-used Invention Secrecy Act of 1952, which allows the Commissioner of Patents and Trademarks to withhold patents on certain new inventions and to order that those inventions be kept secret indefinitely, "as the national interest requires." The NSA also seeks to control dissemination of information about cryptography, and to control and shape the flow and direction of civilian scientific research in the field.
Cryptographic devices are formally defined as "munitions" by Title 22 of the United States Code, and are subject to the same import and export restrictions as arms, ammunition and other instruments of warfare. Violation of the International Traffic in Arms Regulations (ITAR) is a criminal affair investigated and administered by the Department of State. It is said that the Department of State relies heavily on NSA expert advice in determining when to investigate and/or criminally prosecute illicit cryptography cases (though this too is impossible to prove).
The "munitions" classification for cryptographic devices applies not only to physical devices such as telephone scramblers, but also to "related technical data" such as software and mathematical encryption algorithms. This specifically includes scientific "information" that can be "exported" in all manner of ways, including simply verbally discussing cryptography techniques out loud. One does not have to go overseas and set up shop to be regarded by the Department of State as a criminal international arms trafficker. The security ban specifically covers disclosing such information to any foreign national anywhere, including within the borders of the United States.
These ITAR restrictions have come into increasingly harsh conflict with the modern realities of global economics and everyday real life in the sciences and academia. Over a third of the grad students in computer science on American campuses are foreign nationals. Strictly appled ITAR regulations would prevent communication on cryptography, inside an American campus, between faculty and students. Most scientific journals have at least a few foreign subscribers, so an exclusively "domestic" publication about cryptography is also practically impossible. Even writing the data down on a cocktail napkin could be hazardous: the world is full of photocopiers, modems and fax machines, all of them potentially linked to satellites and undersea fiber-optic cables.
In the 1970s and 1980s, the NSA used its surreptitious influence at the National Science Foundation to shape scientific research on cryptography through restricting grants to mathematicians. Scientists reacted mulishly, so in 1978 the Public Cryptography Study Group was founded as an interface between mathematical scientists in civilian life and the cryptographic security establishment. This Group established a series of "voluntary control" measures, the upshot being that papers by civilian researchers would be vetted by the NSA well before any publication.
This was one of the oddest situations in the entire scientific enterprise, but the situation was tolerated for years. Most US civilian cryptographers felt, through patriotic conviction, that it was in the best interests of the United States if the NSA remained far ahead of the curve in cryptographic science. After all, were some other national government's electronic spies to become more advanced than those of the NSA, then American government and military transmissions would be cracked and penetrated. World War II had proven that the consequences of a defeat in the cryptographic arms race could be very dire indeed for the loser.
So the "voluntary restraint" measures worked well for over a decade. Few mathematicians were so enamored of the doctrine of academic freedom that they were prepared to fight the National Security Agency over their supposed right to invent codes that could baffle the US government. In any case, the mathematical cryptography community was a small group without much real political clout, while the NSA was a vast, powerful, well-financed agency unaccountable to the American public, and reputed to possess many deeply shadowed avenues of influence in the corridors of power.
However, as the years rolled on, the electronic exchange of information became a commonplace, and users of computer data became intensely aware of their necessity for electronic security over transmissions and data. One answer was physical security -- protect the wiring, keep the physical computers behind a physical lock and key. But as personal computers spread and computer networking grew ever more sophisticated, widespread and complex, this bar-the-door technique became unworkable.
The volume and importance of information transferred over the Internet was increasing by orders of magnitude. But the Internet was a notoriously leaky channel of information -- its packet-switching technology meant that packets of vital information might be dumped into the machines of unknown parties at almost any time. If the Internet itself could not locked up and made leakproof -- and this was impossible by the nature of the system -- then the only secure solution was to encrypt the message itself, to make that message unusable and unreadable, even if it sometimes fell into improper hands.
Computers outside the Internet were also at risk. Corporate computers faced the threat of computer-intrusion hacking, from bored and reckless teenagers, or from professional snoops and unethical business rivals both inside and outside the company. Electronic espionage, especially industrial espionage, was intensifying. The French secret services were especially bold in this regard, as American computer and aircraft executives found to their dismay as their laptops went missing during Paris air and trade shows. Transatlantic commercial phone calls were routinely tapped by French government spooks seeking commercial advantage for French companies in the computer industry, aviation, and the arms trade. And the French were far from alone when it came to government-supported industrial espionage.
Protection of private civilian data from foreign government spies required that seriously powerful encryption techniques be placed into private hands. Unfortunately, an ability to baffle French spies also means an ability to baffle American spies. This was not good news for the NSA.
By 1993, encryption had become big business. There were one and half million copies of legal encryption software publicly available, including widely-known and commonly-used personal computer products such as Norton Utilities, Lotus Notes, StuffIt, and several Microsoft products. People all over the world, in every walk of life, were using computer encryption as a matter of course. They were securing hard disks from spies or thieves, protecting certain sections of the family computer from sticky-fingered children, or rendering entire laptops and portables into a solid mess of powerfully-encrypted Sanskrit, so that no stranger could walk off with those accidental but highly personal life- histories that are stored in almost every PowerBook.