And if that weren't bad enough

There are vulnerabilities available in many operating, communication, and encryption systems which require greater or lesser degrees of sophistication to exploit. Some of these are deliberately placed by a developer, manufacturer, or other intermediary in the software/hardware supply chain and qualify as backdoors, but most are the result of honest mistakes, lack of funding, insufficient testing, or run-of-the-mill incompetence. This is where the NSA's so-called "Advanced Intercept Capabilities" come in, and we actually have much less to be worried about here. Advanced Capabilities are usually targeted techniques against specific computers which, rather than passive eavesdropping, exploit them to give up non-standard information, like the various side-channel attacks carried out on Tor.

The critical issue with Advanced Capabilities is two-fold, first, we must cease the NSA's sabotage operations carried out against products used by U.S. persons, and second, we must provide an effective bug-disclosure policy which does not allow computer vulnerabilities discovered in the course of signals intelligence gathering to remain exploitable by criminals and enemies of America.