Agreed there's nothing in the data to directly suggest government involvement.
It's only "sloppy," though, when conceptualized as a MITM. China does have an extensive history of censoring access to sites, and recently censored access to GitHub entirely IIRC. It could be that they decided to block SSL access, but allow HTTP access, and this is how they implemented that.
Everything in my bones (25 years, 中文研究, China research) tells me the China government is directly involved with this. China is corrupt beyond belief, and any smaller destabilization can lead to further problems.
I agree that this may be a further extending of the "New Years train ticket" block on Github.
It may also be new toying after the recent "experiment". Leaving Github without SSL inside China still makes trouble - China's insidious corruption at the very top is subtle, incremental small steps, all designed for the "long game".
It may also be raw mercantilism ... as with Google, Twitter, and Facebook long before this.
As an sort of old china hand, china is corrupt but not beyond belief, there are plenty of countries that are much more corrupt, even India is worse than china and they even have democracy.
The level of sophistication that the GFW seems to be achieving is disturbing. We've had certificate attacks before, perhaps they are testing something out that will be deployed more broadly to solve there "gmail" problem?
It appears that my contrived scenario is incorrect. The incident seems to have occurred at several locations across the country. Assuming this is correct, it does appear to be a government action.
This seems really sloppy for China. Without further proof, I don't think it was the govt.