Not so. The 16-round Blowfish cipher (private key) is subject to no patents, and is even available as shareware for Macs (iCrypt), and unless the NSA has some results the public doesn’t have access to is not susceptible to cipher-text only attack, and the best published known-plaintext attack requires 2^129 blocks of encrypted text to break the cipher for generic keys.
Twofish, also not patented, with freely available source code, is supposedly stronger (according to Sshneier, who helped in the development of both.
The main problem for AQ is a public key key-exchange protocol, which as I noted, is easy to do if one doesn’t care about US patents (and AQ plainly cares nothing about violating US laws regarding theft, murder, destruction of goverment property, . . . so the threat of a patent enfringement suit from the holders of the RSA patent isn’t exactly going to trouble them.)
The problem for Al Queada is the extra code the CIA slipped into their version.