A significant portion of the emails I receive are encrypted in transit using TLS. So governments would have to routinely MITM TLS traffic in order to surveil every single email.
I never said that TLS "cannot be surveilled," nor did I imply it in my two short sentences. I simply laid out a technical requirement to carry out such an attack.
For attackers to passively surveil TLS en masse, they'd need to MITM those connections. That in turn requires rogue CAs signing the attacker's certificates in large numbers. If that happens, the public would notice and the CAs involved would be permanently banned. Not sensible if the attacker's goal is to carry out persistent mass surveillance.
Much easier to just obtain the emails directly from few popular email providers instead.
reply