[uh_oh]

Yes, but how would they do this exactly? To collect anything valuable from Google they would need to MITM SSL on a large scale. And Chrome actually ships with a list of pinned certificates, including those for Google, making it difficult to MITM even for the government.

[deno]

They wouldn’t do that, obviously, even if it was actually feasible. That kind of MITM would be easily detectable (though still effective, in short term)—we know when the Chinese do it.

However the private keys have to deployed, on scale. So if as someone here is suggesting the NSA has infiltrated those companies, they could have got those keys and just decrypt the stream.

I wouldn’t bet my money on that… but it’s more likely than breaking the encryption, and if they can get military secrets, I guess they could get the keys.

Also those companies could have just volunteered them—that’s where the emphasis on ‘direct’ access comes in.

[uh_oh]

My understanding is that MITM (but in a perfect way, using the leaked private key) is still required, if ephemeral Diffie-Hellman is involved. You can't just passively record the stream and decrypt it, since you don't know the exchanged DH secret.

The suggestion that the companies actually gave them the keys and this explains the "direct access" phrase makes a lot of sense!