How can they provide adequate defenses without having the best offensive hackers? At the very least, penetration testing is an indispensable tool in cyber security.
Also, surveillance of criminal and terrorist organizations without offensive capabilities is impossible.
The NSA have been accused of discovering vulnerabilities in systems and software but keeping them undisclosed so that they can exploit them themselves. A defensive security agency could be actively trying to secure these systems protecting us not just from government surveillance but all types of nefarious hackers.
Again, you seem to not understand how I discriminate between means and their use. Spying on European officials is a problem with oversight, not with capabilities. Arguably, European officials are a lot softer targets than a crime cartel or terrorists in this regard.
> "Spying on European officials is a problem with oversight, not with capabilities."
Snowden has showed this to be absolutely false. "Oversight" has been the nominal preventative for spying on our allies for decades, and it has always failed because these are spy agencies we are talking about. Their nature (and job description) is to do things in secret. You cannot oversee what you cannot see. The NSA has a fundamental incentive to hide as much of its activities as possible, and American politicians have a fundamental incentive to look the other way lest they appear "soft on terrorism" or some such nonsense. What few laws constrain the behavior of the NSA, GCHQ, etc are routinely ignored or "interpreted" to their own favor.
You cannot let the technological genie out of the bottle and expect a close watch on the genie to keep it under control. Mass surveillance technology is a pandora's box that you can't control.
Snowden and others have also shown that other countries' intelligence agencies will happily take over from the NSA and spy on you. For example the Chinese and Russians.
Hacking tools are not mass surveillance technology. Trojans just don't work for that.
And if you can't control how these agencies use their abilities, how do you propose to take these away from them? Adequate oversight is easier to achieve.
Having offensive hackers, and using them for penetration purposes - that is "white hats", is fine by me. Using them for "black hat" purposes is not. That makes them the bad guys.
They should be using their capabilities to increase the security protections they have in place. For example, if they discover a vulnerability, they should work to get it fixed, instead of leaving it there so everyone is vulnerable, just so they can use it to attack others.
