NSA Encryption Bypass

Most governments don't, but even the NSA taps into unencrypted or weak links along the pipe. https://www.newyorker.com/news/amy-davidson/tech-companies-s..."SSL added and removed here! :)"

Google is using SSL with ECDHE which provides perfect forward secrecy. Having a copy of the SSL certificate won't do the NSA any good.

Possibly no direct access because the NSA has copies of Facebook, Google and Apple SSL private keys? Just sniffing the backbone...

They already tap into every cable, no matter whether they own it or not. See NSA breaking into Google datacenters and wiretapping cables. Granted, they were only able to do this because the internal traffic was not encrypted. Still, global traffic analysis is nothing to scoff at, and with enough surveilance points privacy becomes almost nonexistent, even in the presence of encryption.

The journalist forgets that tapping into the cables only works for unencrypted traffic - this is actually the reason that NSA bothered Google and others in the first place.

The NSA pulls all data going in and out of Google without their permission. Being the man-in-the-middle, they intercept all communications even if encrypted.

Probably because NSa can break most encryption.

Pretty much nil. The NSA isn't stupid; even in the (exceptionally unlikely) case that they can just MITM any SSL connection without arousing suspicion in even a well-monitored network, why would they reveal that? Much easier to just hack your computer/telephone/...

If it is not E2E encrypted, 3-letter agencies can put their tap somewhere in the Google infrastructure.

Wouldn't the NSA be able to capture the data on the way out anyways?