[JoshTriplett]

Not necessarily possible even with the private keys. If you use an SSL cipher with ephemeral keys, such as the DHE_* or ECDHE_* family of ciphers, then an eavesdropper with a recorded but not MITMed conversation cannot decrypt it even with the server's private SSL key.

See http://vincent.bernat.im/en/blog/2011-ssl-perfect-forward-se... for example.

[thrownaway2424]

Which of course they do not. Google uses ECDHE_RSA. DDG uses RSA. ixquick, "the world's most private search engine", uses RSA. Bing does not even offer https.

[jonknee]

Google does pin their keys in Chrome though, so they know if there is a MITM (and they have, Chrome's certificate pinning led to DigiNotar's downfall). It's a non-scalable hack, but definitely a good one for the largest search engine and a leading email provider to be able to provide.

[faddotio]

What's preventing the government from coercing DDG to start log collections at their end, and then sealing it with a gag order?