It depends though. If you have an encryption key file like with PGP, monitoring the endpoints does nothing. That only works with things like HTTPS, because in order to encrypt data, you have to send the key over the internet. But if they key is never transported over the internet, and only through physical media or some other covert means, all you'll ever get is the encrypted data.
I could easily see some Chinese operative having a small thumb drive or some other storage device on them when they enter the country, that contains an encryption key. It could even be simply sent through physical mail on a regular basis if they want to constantly change encryption keys.
It depends though. If you have an encryption key file like with PGP, monitoring the endpoints does nothing. That only works with things like HTTPS, because in order to encrypt data, you have to send the key over the internet. But if they key is never transported over the internet, and only through physical media or some other covert means, all you'll ever get is the encrypted data.
I could easily see some Chinese operative having a small thumb drive or some other storage device on them when they enter the country, that contains an encryption key. It could even be simply sent through physical mail on a regular basis if they want to constantly change encryption keys.