Which is more evil:
Telling employees "we block all encrypted traffic and snoop on everything else"
or telling them
"We MITM all encrypted traffic we can so we can snoop on it, we snoop on everything we can and block the rest"
or telling them
"we block all traffic except traffic to the few Internet resources we know you need, and oh by the way we snoop on that"
or telling the
"we don't think you need a computer to do your job, if you do need a computer to do your job then talk to your boss and he MAY give you the keys to the one room where there is a computer. Oh, by the way, there are TV cameras all over that room so don't even think about using it for non-business purposes."
Substitute "school," "institution," or "parent" for "employer" and substitute "student," "client/end-user," or "minor child who the parents deem too young/immature to use the Internet unsupervised" for "employee."
Speaking of parents, many parenting experts highly recommend that if a kid under a certain age/maturity level wants to use the Internet, he only be allowed to do so under close supervision, as in mom or dad in the room within eyesight of the screen. What age? Experts disagree, but almost all would put the cutoff age where mom can leave the room for a few minutes at somewhere in the elementary school (age 5-12) age range.