The NSA was quite aware that many new network systems were being built rapidly during the dotcom boom, and if cryptography wasn’t built in at the start, it should usually be too expensive to retrofit it later. So each year the NSA held the line on crypto controls meant dozens of systems open to surveillance for decades in the future. In these terms, the policy was successful: little of the world’s network traffic is encrypted, the main exceptions being DRM-protected content, Skype, the few web pages that are protected by TSL, opportunistic TLS encryption between mail servers, SSH traffic, corporate VPNs and online computer games. Everything else is pretty much open to interception – including masses of highly sensitive mail between companies.

~R. Anderson. (2008). Security Engineering: Second Edition. Indianapolis: Wiley Publishing Inc. Pp. 795.