Before the US crypto export regulations were finally disolved the export version of Lotus Notes used to include a key escrow / backdoor feature called differential cryptography. The idea was that they got permission to export 64 bit crypto if 24 of those bits were encrypted for the NSA’s public key. The NSA would then only have the small matter of brute-forcing the remaining 40 bits to get the plaintext, and everyone else would get a not-that-great 64 bit key space (which probably already back then NSA would have had the compute power to brute force also, only at higher cost).
Anyway as clearly inside the application somewhere would be an NSA public key that the NSA had the private key for, I tried reverse engineering it to get the public key.
In doing this I discovered that the NSA public key had an organizational name of “MiniTruth”, and a common name of “Big Brother”. Specifically what I saw in my debugger late one night, which was spooky for a short moment was: