But I am still lost on how it would be detectable? From Google's end, some client just disconnected. From the client's end, the internet just got a tiny bit more latency.
If you had Google's certificate private key, you can pretend to be Google. It's undetectable from the user's perspective. I think we should trust Google to keep their private keys safe, although it would help a lot if the published in general terms how they accomplish this.
The signing key for Gmail's certificate is a 1024-bit RSA key. That key size is simply not safe against an attacker like the NSA today, so we may as well assume they have the private key even if Google didn't voluntarily give it to them.
But while the signing key may allow them to impersonate Google in some circumstances, it doesn't really help decrypting passively recorded TLS traffic to the real Google. For that, they would need to break the ECDH key exchange, and if Google uses reasonable elliptic curve parameters, that's presumably much harder than factoring a 1024-bit RSA modulus, at least with known cryptanalytic techniques.
"I think we should trust Google to keep their private keys safe, although it would help a lot if the published in general terms how they accomplish this."
Really, I would think it would be easy for the NSA, etc to get an operative inside Google, FB etc and steal these. Intelligence organizations are very good at this after all..
But I am still lost on how it would be detectable? From Google's end, some client just disconnected. From the client's end, the internet just got a tiny bit more latency.