The NSA has never said much about the open secret that it collects and sometimes even pays for information about hackable flaws in commonly used software. But in a rare statement following his retirement last month, former NSA chief Keith Alexander acknowledged and defended that practice. In doing so, he admitted the deeply contradictory responsibilities of an agency tasked with defending Americans' security and simultaneously hoarding bugs in software they use every day.

>"I would love to have all the terrorists just use that one little sandbox over there so that we could focus on them. But they don’t."

"When the government asks NSA to collect intelligence on terrorist X, and he uses publicly available tools to encode his messages, it is not acceptable for a foreign intelligence agency like NSA to respond, 'Sorry we cannot understand what he is saying'," Alexander told the Australian Financial Review, which he inexplicably granted a 16,000-word interview. "To ask NSA not to look for weaknesses in the technology that we use, and to not seek to break the codes our adversaries employ to encrypt their messages is, I think, misguided. I would love to have all the terrorists just use that one little sandbox over there so that we could focus on them. But they don’t."

The NSA has been widely criticized for using its knowledge of security flaws for spying, rather than working to patch those flaws and make internet users more secure. Alexander's defense of the practice boils down to the notion that separating friend and foe when seeking to break codes has become a nearly impossible task.

"The interesting change has been the diffusion of encryption technologies into everyday life," he told AFR. "It used to be that only, say, German forces used a crypto-device like Enigma to encipher their messages. But in today’s environment encryption technology is embedded into all our communications."

At other points in his statement, Alexander argued that the NSA does disclose some of the vulnerabilities it finds in software to those who can patch the flaws, insisting that it focuses its bug-hunting primarily on defense, rather than using vulnerabilities for offensive purposes. He also went further, stating that the NSA "categorically [does] not erode the defenses of U.S. communications, or water down security guidance in order to sustain access for foreign intelligence."

The latter claim contradicts numerous reports that the NSA is seeking to weaken encryption to give itself a backdoor into encrypted communications.

Last December, a group of advisers to the White House issued a report to President Obama calling on him to rein-in the intelligence community's use of so-called zero-day vulnerabilities–newly discovered hackable software bugs for which there exist no patch. The group went on to propose that zero-days only be used sparingly for “high priority intelligence collection," and that those uses must be approved by a "senior-level, interagency approval process."

"In almost all instances, for widely used code, it is in the national interest to eliminate software vulnerabilities rather than to use them for US intelligence collection," the report reads. "Eliminating the vulnerabilities–'patching' them–strengthens the security of U.S. Government, critical infrastructure, and other computer systems."

Obama's response to his advisers' review, however, added a major loophole, allowing any zero-day vulnerabilities to be exploited if they have a "clear national security or law enforcement” application.

The White House's review of its policy over the use of zero-day vulnerabilities only began after the leak of documents by Edward Snowden outlining the NSA's surveillance programs. But Alexander makes it clear in the wide-ranging interview that he believes the debate isn't worth what he describes as a dangerous compromise of the NSA's secrets.

Asked his opinion of the awarding of the Pulitzer Prize to the Washington Post and Guardian newspapers for their reporting on Snowden's revelations, Alexander said that he was "greatly disappointed that we have rewarded those who have put so many lives at risk."