> No, because nobody would do that and the NSA has no legal
> authority with which to force that. Companies wouldn't agree
> to this because they have everything to lose and nothing to
> gain.
You might say the same thing about every social engineering victim ever. Nothing to gain, why do they help? Someone asked for help / seemed like the had the authority / was afraid for no reason.
Additionally, from my experience, monitoring after decryption isn't too hard to pull off. It takes a lot of time, money, and expertise to secure the inside and egress of the network and there is very little pressure on most companies to exert themselves to defend at those layers. Further, most networks aren't properly segmented and the attacks that tend to gain access to one machine (like a windows or mac laptop) on a network can be pivoted to access more restricted places. Given how open companies tend to be (practicing zero opsec), it's even very easy to know who to attack and have reasonable estimations about their machine's worth inside a network.
You might say the same thing about every social engineering victim ever. Nothing to gain, why do they help? Someone asked for help / seemed like the had the authority / was afraid for no reason.
Additionally, from my experience, monitoring after decryption isn't too hard to pull off. It takes a lot of time, money, and expertise to secure the inside and egress of the network and there is very little pressure on most companies to exert themselves to defend at those layers. Further, most networks aren't properly segmented and the attacks that tend to gain access to one machine (like a windows or mac laptop) on a network can be pivoted to access more restricted places. Given how open companies tend to be (practicing zero opsec), it's even very easy to know who to attack and have reasonable estimations about their machine's worth inside a network.