[arghwhat]

No you can't.

The data you can't read is not only encrypted data. Most unencrypted data will be data you can't read, due to there being absurd amounts of file formats and protocols. How do you intend to be able to validate that the content of all, say, CAD and 3D model files is not malicious? How will you deal with new codecs? New network protocols?

Encrypted data is, unless the protocol is severely broken, almost indistinguishable from random data, which without context and knowledge of all file formats and protocols in the world, is indistinguishable from most real, unencrypted data. And not only that, you can hide information in almost any data type. Encrypted content can be hidden in a perfectly normal looking picture or video just fine. Look up steganography.

Encrypted communication cannot be detected in any sane manner.

[knodi123]

> Most unencrypted data will be data you can't read, due to there being absurd amounts of file formats and protocols

Well I sure couldn't read it, but the NSA could.

> How will you deal with new codecs? New network protocols?

With a massive staff and constant influx of money. I did say it would be expensive. Still, I think it's within the reach of state-level actors.

> Encrypted data is, unless the protocol is severely broken, almost indistinguishable from random data, which without context and knowledge of all file formats and protocols in the world, is indistinguishable from most real, unencrypted data.

Sure- context is a critical tool. I don't know why you stipulated "without context", though.

> Encrypted content can be hidden in a perfectly normal looking picture or video just fine. Look up steganography.

UNencrypted data can be hidden in the same way. I know what steganography is, and sure, the art of hiding data is a great way to hide data. Separate issue, though.

> Encrypted communication cannot be detected in any sane manner.

I think the facilities and manpower for detecting unauthorized use of encryption would indeed be insane, from several perspectives. And it would require a bunch of legislative support, too. But WITH legislative support, mandated back doors, ISPs that are cooperative, shitloads of manpower and money.... Yeah, I think it would be possible to detect encrypted traffic. Could a person who hadn't already attracted the attention of the "agencies" choose to hide small amounts of data in an innocuous file? Sure, but they could glue an SD card to a homing pigeon, too. I'm thinking more of PGP, SSL, VPNs, WhatsApp and the like.

[arghwhat]

No amount of staff will be able to predict file formats and protocols before they are designed, and unless file formats and protocols are permitted prior to being "understood" by this hypothetical internet filtering agency, then no new formats or protocols can be formed, or even updated. However, permitting them prior to being understood also mean that arbitrary traffic will be permitted, as long as the formats and protocols mutate faster than they are implemented by the bad guys (the state-level actors you describe).

The only scenario where I can think of a setup where a filtering agency would be able to block "dangerous content", while still permitting legit use, would be one where each and every file format and protocol creation/update would require applying for a permit to the respective agencies in every country where the format is to be used. The absurd bureaucracy this would entail, such as the time it takes for the agency to write some form of verification, would kill most, if not all, innovation. The only innovation I could imagine still living in such an environment would be circumvention efforts.

Furthermore, steganography is not a separate issue. In the hypothetical scenario where this is both possible and the resources for this exercise are present, the entire exercise becomes moot once you realize that you can encode anything as a jpeg or video file with a minimal overhead. Applications would just all implement protocols that exchange JPEG's or MP4's with a small overhead, leading to no traffic being stopped as "unreadable".

And before you ask: Detecting such measures is not possible in the general case.