Can't the government just require all ISPs (including VPNs) to perform man-in-the-middle interception on all secure traffic? I suspect that if you work in any largish company this is already done on all your web browsing. Can't use Firefox at work because of all the inception certificate warnings. IE is set to "trust" the new fake certificates...