I work in the financial industry where there are some strict regulatory requirements about information flow (you know, things like like insider trading and maintaining firewalls between different parts of big banks and stuff like that) and all the large banks that I know of are performing an SSL man-in-the-middle on their gateways and have been for quite a while.
Within a corporate setting it's very easy to do - you issue your own certs which are set to be trusted by internal computers and reencrypt with those at the gateways.
That works when "the corporation" controls your desktop and the certs your browser trusts, doesn't work so well when your (personal) smartphone or iPad is connecting out of the office over the cell network.
The recent Mozilla/Trustwave (and DigiCert before) debacles make it very clear that a nation-state level adversary is almost certainly capable of SSL mitm-ing just about any internet traffic they want. Unless you're getting your data in and out of your country via encrypted packets over ham radio (and into a country you trust), there's just too few businesses a government agency would have to "lean on" to ensure your SSL encrypted packets are reliably secure.
I work in the financial industry where there are some strict regulatory requirements about information flow (you know, things like like insider trading and maintaining firewalls between different parts of big banks and stuff like that) and all the large banks that I know of are performing an SSL man-in-the-middle on their gateways and have been for quite a while.
Within a corporate setting it's very easy to do - you issue your own certs which are set to be trusted by internal computers and reencrypt with those at the gateways.