> At any rate, assuming all fibre optic is tapped, how does that explain breaking SSL?
Large governments don't need to break SSL. They have SSL root keys and can man-in-the-middle at will. Doing so across the board would likely be detected, but targeted usage likely wouldn't be.
If this was widespread, I'd expect someone to have found a Google cert signed by different root. Then again I suspect Google pins their certs in chrome for a reason.
> Doing so across the board would likely be detected but targeted usage likely wouldn't be
This whole conversation is about wholesale data access, so targeting is not relevant. Besides, even if you are talking about targeting, the claim is, they are storing data and then targeting 'retrospectively'. So without a time machine there's no way they are going to be able to go back and MITM the targeted conversations they want to listen to after the fact. They would have to be MITM everything all the time.
Large governments don't need to break SSL. They have SSL root keys and can man-in-the-middle at will. Doing so across the board would likely be detected, but targeted usage likely wouldn't be.
If this was widespread, I'd expect someone to have found a Google cert signed by different root. Then again I suspect Google pins their certs in chrome for a reason.