As you say, some of the parties engaging in the drags absolutely do have the capability. But not all and stopping them has value. More importantly:
A man in the middle attack is _highly_ detectable and will leave irrefutable evidence when detected. So it can only be used secretly if it's used very sparingly. And highly overt interception, if its even tolerated by the public, at least solves the problem of people having no idea (being in denial) they're being watched.
Moreover, because MITM can be defeated by de-trusting the rogue CA or via key pinning using it for "mere" surveillance would destroy a valuable and potent weapon, so they won't do it. It simply isn't suitable for dragnet use.
Its also practically much more costly to scale. (E.g. instead of passive optical taps and cheap packet sampling for targeting they must fully intercept all the traffic and decrypt/reencrypt before they even know if its "interesting") Simply making the watchers have to spend a lot more money per unit of traffic monitored is a win for civil rights because it should result in more conservative use of the capability. Without the crypto the surveillance is maximally cheap and undetectable... anything is an improvement even if it can still be compromised.
It really isn't. It's only "zero" because you're greatly overestimating the cost of intercepting the traffic at all.
To do dragnet surveillance you need an optical tap, an expensive phy, and a fairly modest number of gates to apply a stateless filter purely from onchip memory to capture 100% of interesting flows and grab some small fraction of all other traffic, and some modest switch fabric to carry captured data to a modest amount of storage and processing to deal with it. Programmed correctly commodity network processors for switches have all the right logic already, we're talking in the <$200 per 10G port parts-cost level. Detailed analysis of the sample data and the known-interesting data gives tells you about new hosts you should be matching for detailed inspection (and you update the can filter with 50ms latencies or so). The cost of maintaining a cheap military aircraft gets your terabits of sampling capacity.
Adding a MITM attack on top of the model used for dragnet surveillance currently, which involves intercepting 100% of the potentially interesting traffic at all times, performing a costly public key operation per every single connection, and then reencrypting the results is insanely expensive by comparison. Before you even get killed by the crypto costs you've long since run out of memory bandwidth.
A man in the middle attack is _highly_ detectable and will leave irrefutable evidence when detected. So it can only be used secretly if it's used very sparingly. And highly overt interception, if its even tolerated by the public, at least solves the problem of people having no idea (being in denial) they're being watched.
Moreover, because MITM can be defeated by de-trusting the rogue CA or via key pinning using it for "mere" surveillance would destroy a valuable and potent weapon, so they won't do it. It simply isn't suitable for dragnet use.
Its also practically much more costly to scale. (E.g. instead of passive optical taps and cheap packet sampling for targeting they must fully intercept all the traffic and decrypt/reencrypt before they even know if its "interesting") Simply making the watchers have to spend a lot more money per unit of traffic monitored is a win for civil rights because it should result in more conservative use of the capability. Without the crypto the surveillance is maximally cheap and undetectable... anything is an improvement even if it can still be compromised.