How to fix email
That's a pretty poor choice of name 'dark'? They should call themselves 'privacy shield alliance', since privacy is a fundamental human right that's been removed illegally.
It's quite straight forward to secure email, Thunderbird supports TLS, TLS is only broken a little.
The NSA leaks show they substitute their own certificates to hack TLS (=HTTPS)
or
They have a lot of private keys in Bullrun which they likely get from court orders like the Lavabit ones, where the judge orders the keys to be handed over for a limited intercept, and actually it's just stuck in the big database and used to decrypt all previous traffic they stored and all future traffic.
So the fix is a certificate authority that issues certs on nothing but an email address, and a modification to Thunderbird to automatically sign users up for a cert when they add any account.
Thunderbird should also have it's certificates stripped of all NSA domain CAs, since they are inherently untrustable, and the final mod should be to warn users whenever the fingerprint of the certificate changes for a given email address. Which would indicate a possible man-in-the-middle attack.
The certificate should be hosted in a location that has strong legal protections and not puppet democracy (i.e. not US/UK/NZ/AUS/CAN).
I'd also like to see 3 or 4 layers of certificate encryption, so we can encrypt with a Russian/Chinese/American/German key and to decrypt you'd have to fake all the certificates.
---
To go the next step is also easy, you don't really need the CA. SSH for example exchanges a public key certificate, you accept it the first time, and it works from then on. To man-in-the-middle these exchanges, you would have to catch 100% of these, every-time, all the time. Even then I can simply put the cert on a USB key and bypass the hack.
These are all really easy things to do and would eliminate the problem the CA offers with its weak link.
The first email would send the public key, all later traffic would be encrypted to any address you have the public key. You don't know 'bob' is 'bob simkins of 123 highstreet', but you don't need to since you don't know that now when you send email. The conversation though is encrypted.
----
I see the latest talking points across the boards is "the NSA is too big to defeat, just accept your new masters the Generals", but that's not really true.
That latest reacharound the FISA court, by tapping Google's internal networks because the FISA court won't issue the order under PRISM. It would be trivial/ultra-fast for Google to encrypt those links with a huge private key even.