It was absolutely the case in the 1990s that much of the government actively retarded crypto deployment. The whole ITAR/export control thing (40 bit as a compromise) was a HUGE factor in keeping crypto out by default. Then there was the clipper thing and proposals for key escrow. And, A5 on GSM being weak.
Outside of payments, where the government and industry have pushed for strong integrity and authentication (although not really confidentiality), government and big corps have hindered the deployment of crypto.
There has been some improvement in the past decade or so, at least in other regulated areas, both in regulation and in industry self-regulation/compliance standards.
I think the majority of the reason cryptography isn't more widely deployed is that it's 1) hard to do well and 2) most people writing applications have a hard enough time getting a non-encrypted form working and 3) few people make it a requirement as a customer. However, government has definitely hindered ubiquitous crypto deployment.
You are absolutely right that the government had an overt, irrational, and hostile reaction to encryption in the '90s. I dealt with it firsthand writing security code for a Canadian company.
But that was the 1990s. The government does not in 2011 believe you are shipping "munitions" when you allow open downoads of software that incidentally encrypts traffic. People do it all the time now. And, to be fair to the government: nobody saw the mainstream Internet coming, and prior to that, crypto basically was a munition.
I agree with your (1) (2) and (3) reasons. I just don't see anything the government is doing today, or in the last 10 years or so, to hold back an encrypted Internet. The people I know in government who think about this stuff would dearly like to see a more secure Internet.
Outside of payments, where the government and industry have pushed for strong integrity and authentication (although not really confidentiality), government and big corps have hindered the deployment of crypto.
There has been some improvement in the past decade or so, at least in other regulated areas, both in regulation and in industry self-regulation/compliance standards.
I think the majority of the reason cryptography isn't more widely deployed is that it's 1) hard to do well and 2) most people writing applications have a hard enough time getting a non-encrypted form working and 3) few people make it a requirement as a customer. However, government has definitely hindered ubiquitous crypto deployment.