A bit more complex than that, but yeah, it doesn't really require funds so much as hacker labor.
A few examples of technologies that would help:
- Pervasive use of end-to-end encryption by default, at the host level in addition to any application-level security.
- Virtual Ring Routing: layer-2 mesh networking that scales to Internet-sized networks and never needs to floodfill the network with packets. Use encryption key fingerprints as the host addresses, so that this works well with end-to-end encryption.
- Tor-like onion routing.
- Key-fingerprint-based host naming, making DNS an optional (and selectable) directory service rather than a required core component. Of course, having end-to-end encryption means you can easily select a DNS server which gives you correct results, rather than one with various entries redirected to governmental agencies.
With all of the above, you have a network where you can't prevent or intercept any communication, without pulling the plug on the entire infrastructure at the hardware level. And even then, the pervasive availability of mesh networking means that packets can find and use any available egress, which includes satellites, cell towers, and long-distance wifi.
Sounds a lot like D. J. Bernstein's DNSCurve[1] and CurveCP[2]. CurveCP in particular seems like a good idea and supports some cool stuff like connections transparently moving across different IP addresses.
