It really isn't. It's only "zero" because you're greatly overestimating the cost of intercepting the traffic at all.
To do dragnet surveillance you need an optical tap, an expensive phy, and a fairly modest number of gates to apply a stateless filter purely from onchip memory to capture 100% of interesting flows and grab some small fraction of all other traffic, and some modest switch fabric to carry captured data to a modest amount of storage and processing to deal with it. Programmed correctly commodity network processors for switches have all the right logic already, we're talking in the <$200 per 10G port parts-cost level. Detailed analysis of the sample data and the known-interesting data gives tells you about new hosts you should be matching for detailed inspection (and you update the can filter with 50ms latencies or so). The cost of maintaining a cheap military aircraft gets your terabits of sampling capacity.
Adding a MITM attack on top of the model used for dragnet surveillance currently, which involves intercepting 100% of the potentially interesting traffic at all times, performing a costly public key operation per every single connection, and then reencrypting the results is insanely expensive by comparison. Before you even get killed by the crypto costs you've long since run out of memory bandwidth.
