(As of writing it still works if you do it on a new browser. However once you have HSTS info it will always attempt to do an HTTPS connection I suppose)
If they continue to support this use case, it may be hard to do without introducing bugs - one exposure to a 'real' service which spits out an HSTS header (or the preload list), and the machine loses the ability to conduct Google searches.
I think they'll either have to use some nasty workarounds, or they'll need to use a different domain - which isn't necessarily something you want to do when you are trying to provide simple rules which allow users to identify phishing.
More likely they'll simply force sites that want to continue to MITM to load their own CA roots.
Although I don't think this is their motivation, it also has the neat side-effect of making Google's Chromebook & device management services more useful.
Those wishing to spy on their users with nossl could just disable HSTS in the browsers they provide.
> Turn on SafeSearch VIP
To force SafeSearch for your network, you’ll need to update your DNS configuration. Set the DNS entry for www.google.com (and any other Google ccTLD country subdomains your users may use) to be a CNAME for forcesafesearch.google.com.
>We will serve SafeSearch Search and Image Search results for requests that we receive on this VIP.
You can enforce safe search over https now https://support.google.com/websearch/answer/186669?hl=en
In the US, they still have a legal obligation to censor the Internet or they lose federal funding.
Edit: a whole lot of money! https://en.wikipedia.org/wiki/E-Rate#Modernization
School boards, no way. I can't think of an easier way to torpedo a school board career (or indeed a "pillar of the community" parent's status in the neighborhood) than by mentioning that they think children should have easier access to pornography at school.
By context I can guess what you mean, but by itself it's a very ambiguous statement :)
But "just" doing either of these things turns out not to be simple for many organizations. It's bad enough needing to update your system image/deployment scripts (if you have any!). You also need to figure out what to do about all the devices you don't own. BYOD is a thing.