"As I have repeatedly said, we need to decide if we are going to build our future Internet systems for security or surveillance. Either everyone gets to spy, or no one gets to spy. And I believe we must choose security over surveillance, and implement a defense-dominant strategy."
Even if you encrypt all traffic they can still spy you can't prevent physical attacks nor can you prevent government spying trought warrants or by compromising the service and content providers.
It doesn't matter if Facebook is going to be accessible trough TOR only or not if the NSA or any other capable intelligence agency can compromise Facebook.
Even if you do somehow manage to put all physical transport links in the hands of some impenetrable organization the US and China would just send a sub to the ocean and tap the cables.
And just like it's granted that AT&T cables can be accessed by US authorities China can access anything that a Chinese company lays down and likely even with more ease.
A) If the traffic going over the backbone is properly encrypted compromise of the backbone doesn't accomplish anything.
B) Why can't the backbone nodes be encrypted too so that any attempt to splice the fiber would result in a break of the connection?
Some quantom cryptography can work but it's very iffy and expensive, there are ways to detect taps and even when a cable is bent.
Simply cutting the connection because the signal was interupted won't work, not to mention that many taps can be inserted without interruption and it's not like the NSA can't figure out how to work around maintenance windows.
But in this case it's not even a covert unauthorized tap it's a Chinese company ofc they'll cooperate with the Chinese government.
But again encryption doesn't prevent physical attacks of this sort they can still suck all the data out and while it maybe useless unless they can decrypt it this vector has nothing to do with building a secure internet.
The problem is that even if you encrypt everything state actors can simply go one step up the chain at the end of the day someone needs to be able to decrypt your packets besides you.
It does seem odd that traffic between nations is apparently not encrypted by agreement of those nations, with nation-pair crypto keys.
For example, a link from Vatican City to San Marino should be protected from Italy. A link from Bolivia to Switzerland should be protected from all the other countries along the route.
Can't agree more!