re "Unless some kind of oniony or multi-hop routing is involved, I presume."
What is the first hop from an average home computer, out of an office network, a cafe with wifi?
The everyday, average real time use of a destination or origin is trackable on most national networks.
A public telco, private network or telco? The layers of communications can request oniony or multi-hop but that physical network entry and exit point is a bit more fixed in most nations.

Think of the work that went into detecting the use of virtual encrypted disks over time. All that matters is the detection or wider public understanding that the message cannot be detected over a network.
With detection comes the origin of the message, destination, method used and ability to trap door, back door to get the message before any steganography.

Re "I know someone in the .... who told me that they can access anyone's phone, ... EXCEPT"
Every connected device sold in the US has to be "wiretap" friendly by design over every generation of product.
Thats full logs, voice prints, plain text, images, voice, gps, call details, unique camera details per image, remote mic/camera on, network power on.
A city, state, county might have some well understood new private sector software packages that they show all their "cleared" staff.
The staff having seen that experiment then consider some brands safer and buy it, recommend it, whisper and chat about it.
Word gets around that a few top, easy to find US brands are still safe to communicate fully and freely on over every decade.
A few different branded phones are then used. A normal work phone, a private phone, a phone for ...
Great to keep everyone of interest talking on digital networks that can collect it all.

A person has the freedom to develop, talk about, attract interested people, fix, code, test, compile, run and release any crypto they like on mainstream OS and networks.
The security works as tested by a few or many experts who found each other on the same mainstream networks and sites...
The obscurity part is entering the plain text, tracking the message and decoding.
Do that on a tame OS and tracked network and all that freedom for security jus makes the message stand out.
Decade in decade out, enjoy the "free" crypto community hosted by ...

Strong encryption use just makes a message stand out. All French networks can collect it all thanks to "free" help from the US and UK going back to the early 1970's.
Who is sending any messages and where makes for easy traditional police work at a local level. France has a lot of police and funding so long term undercover work is not a problem. Any regional or local groups can be turned or watched as they form and communicate using any encryption.
The only problem for France is that its vastly improved network tracking let the US and UK deep into its secure French gov networks again.
A collect it all system from the US/UK has helped decode the French gov.
France got to collect it all but so did the US and UK.

The ability of the UK and US to track any networked message removes all anonymity and then allows privacy be worked on.
A person, brand, company, project can create, compile, sell, offer, use all the encryption it wants.
A US or UK telco or network interconnect will always be able to track the message from its origin to the destination.
With a loss of anonymity, privacy is then very easy remove per user or site.
US and UK network ready devices, networks, tame computer systems are all law enforcement friendly so the layer the user encryption was created on will always be obtainable as designed and sold.
Plain text, voice, images, a log of network use are just waiting on most big brand US computer systems as designed and sold.
The ability of law enforcement to collect plain text as entered or when decrypted on a normal user system ensures privacy is never a problem once tasked.
How a user opts to use a network between two computer systems compromised by design is not really an issue.
The other plus for a lot of popularized encryption is that it stands out for a US/UK collect it all system.
Encryption is just the easy way to find a user and then use a waiting trap door or back door in the office, home, network or commercial system or hardware.
The US and UK will not restrict encryption. The more users feeling they need to find and turn on junk encryption just makes the task of finding people of interest on networks more easy.
Thats why number stations and one time pads worked well in the past. Its kind of hard to find who listened to an international broadcast.
But with the direct use of any encryption between two sites that task is now very easy.
With anonymity gone, plain text is just a network request to a law enforcement friendly OS.
Wise Western governments should fund, offer grants to all encryption products, experts they can find. Create front companies and fund tame academics.
It makes finding interesting people so much more easy on all networks when they use known encryption everytime.
Restricted encryption historically was a tool to drive people onto the tame encryption over generations.

Why the interest in all human rights groups?
Irish attempts to reach out to the US with human rights issues in the mid/late 1960's had to be reshaped.
South Africa had a vital site shared with the UK for global network tacking expanded in the 1970's.
Argentina was interesting emerging market for UK naval systems (frigates) sales into the1970's.
The issues of trade unions within the UK national security sector was interesting due to the 1987 the European Commission of Human Rights findings.
The emerging 1990's European Convention on Human Rights was an issue for the UK gov.
Every decade had its press and human rights issues that had to be shaped so UK protesters, academics and lawyers could be guided around, away from complex trade and mil issues.

Re "revelations was the discovery that the NSA doesn't have any secret ways into properly done crypto "
The NSA and GCHQ have enough hold over emerging academics, crypto, open source and crypto history to shape any useful standards.
Before Snowden the idea was that some one or something to do with academics, open source, political scandal, private sector legal leadership, private sector risk, the press or very smart people or antivirus protection teams would notice "something" about weak international crypto standards and the computer press globally would ensure a rapid international exposure and correction.
Nothing was noticed in the banking and telco networks of the 1960's, 70's? into the home computers of the 1980s, the emerging social and security standards, beyond 2000... company and university experts and their endless funding and grants.
The UK enjoyed plain text decryption in pre ww2 Europe and into the 1950's. The US expected the same on any emerging networks.
NATO nations and any country with links to the West got expert help to secure their systems and new networks. Totally secure along the network. Reverting to plain text in realtime for the NSA and GCHQ every upgrade and decade.
Re "This is the cause for the government's alarm: encryption by default would be very inconvenient for them."
The hardware and low level text input will always revert to plain text to be displayed or entered by the user. Law enforcement will always have access to that if the device is to be sold in the US or UK. The user can run any application they want and developer can compile, sell any application they like on top but the voice and text at its most readable level always reverts to a form that is wiretap friendly as sold within the device by design as sold.
Compile, design, encrypt, its the hardware and OS that will always be ready to report back when needed every time a cell or other network connection is made.
re "There's nothing anyone can really do to fix that"
The Soviet Union fixed the issue by using one time pads in the 1950's for a short time but had to give up as it had so much data to move globally. Once upgraded entire networks where again fully open to the NSA and GCHQ at all levels over decades.
France had all its diplomatic traffic intercepted by the US and UK in the 1950's. Hardware fixes in the 1960's helped but then the amazing upgrade offers from the GCHQ in the early 1970's opened most interesting French networks to the US and UK again.
re "The government lost the first with Clipper" The US and UK had hardware, networks and software standards as shipped. A generation was distracted from understanding the lower layers of popular OS or networks standard as shipped by ideas that an extra 'special' chip was needed.
The sale and use of home computer or cell phone at a low cost was all that was needed.
re "There's nothing anyone can really do to fix that" The world is slowly understanding that decades of weak networks and junk crypto standards are not just open to 5 eye nations. Smart people, dual citizens and other trusted nations with other regional goals all now know of the the same methods and ideas and have have been enjoying the same access.
Companies and people with good emerging products and ideas need anonymity and privacy so they can bring a product to market. Having competing nations read deals, grants and support requests is going to result in loss to established competing brands.
The fix is for nations and their own brands to get their internal anonymity and privacy back. More back doors in every computer and networks open as shipped is not going to help with that.
The crypto war was lost in the 1920's with telephone networks and embassy networks. No emerging network was ever out of reach again.

Re "can only plan maybe 8 years ahead (if they are feeling very confident)."
The West could not even hold the one type of database it really, really, really had to hold as a good secret away from random, fast, open public networks.
So some cleared contractor could go to some out of state jobs fair, find some needed translator or skilled expert and get them cleared to start work sooner to bid on some federal task 'sooner'...
Just so the private sector could feel more happy about getting more federal funding quicker in the digital world.
In the past the US understood how to keep all that vital info split. No one walk out event would give any person anything too vital.
Even East Germany understood that simple database reality when putting its new spy networks together after the West got its entire list of agents.
Keep files seperated and make sure any person wanting to connect files has to face a few real humans if they want to connect files and had a very good reason as to why.
East Germany lost its final digital spy database again to the CIA years later when the its new digital archive was fully recovered.
Yet with all the real world historic understanding the US still thought it was a great idea to just network that kind of data...
All the US can do is task the GCHQ, NSA, ASD, GCSB with every bit of related data and hope the data gets reverse searched...on some network at some time
Double secret limited hangout.

Just wondering how good behavioral and heuristic analysis or an out going firewalls would have to be on a new open/closed OS?
How good would a surveillance platform have to be when facing different updated OS's and EU, Russian and US anti-virus technology?
A unique product per individual platform to ensure that "Synchronisation" kept working and was not detected next random software upgrade?

Re "Secondly, unless you're absoutely sure who has the information, you don't confirm it for the world by a quick (over-)reaction.
And thirdly, why do you think YOU would notice what the government was doing with its embassies? If it were doing something abnormal, would you even recognise it as "something abnormal"?"
Most other nations do really try to really count every passport in and out and do have working, fully updated databases, other paper work and tax systems to track every worker.
Most nations do have fully funded and expert border controls, tax systems, passport reconciliation, facial recognition to help with just such issues surrounding all workers from other nations.
If a US backed clandestine "front" NGO, firm, educational, consulting, faith based charity, contractors started moving expert US staff out, positions would have to be filled and most nations could track that slight, unexpected, daily, rapid change to longer term staff.
Gossip within the expert expatriate community is tracked like any other community.

Russia and China dont have to care. They think very long term and have all their real contacts in cleared US gov/mil position going back generations and many decades.
They trust their own contacts within the US system and have fully tested them going back decades.
Russian and China also understand the "Limited hangout" https://en.wikipedia.org/wiki/... of any bulk files.
How many US mil traps and gems are really in that data? Go looking over bulk data and what for?
Russia and China have always understood where and how to find US staff they needed or have been open to US walk ins.
Any digital data like that from the US will be loaded with fake data every day that looks so good until it is "found".
Reverse lookups would be the most simple thing to look for in the USA and plant in any vast amounts in all US databases.
Russia would not use/risk any staff or network to look at bulk data.
Everything interesting would have been quickly changed by the US mil and anything could be a US trap.