Sniffing the open Internet. Yes, that's feasible to a point (where there isn't more data sniffed than can be reasonably mined, or more data than can be reasonably sniffed).
Putting backdoors into products is commercial suicide for any crypto company to publicly acknowledge. If this goes through, then the simple way to view it is that any product supported by the US for export cannot be assured against having a backdoor.
In the UK, for the advanced crypto stuff, a government agency gives you key material. They have the keys, that way if anything sensitive goes missing they have the ability to attribute while recovering, but the crypto isn't exposed. For everyone in the commercial world well, you're on your own. There's more than one way to skin a cat.
Putting backdoors into products is commercial suicide for any crypto company to publicly acknowledge. If this goes through, then the simple way to view it is that any product supported by the US for export cannot be assured against having a backdoor.
In the UK, for the advanced crypto stuff, a government agency gives you key material. They have the keys, that way if anything sensitive goes missing they have the ability to attribute while recovering, but the crypto isn't exposed. For everyone in the commercial world well, you're on your own. There's more than one way to skin a cat.