I came up with a not dissimilar model for IM for phones where for the most part you can trust us 'the system' to help facilitate key exchange but also that the wider world helps detect people trying to game the system (http://talariachatapp.wordpress.com/2013/07/29/being-unpopular/). So not only does the app check for your public key but you ask your friends to help check on your behalf in case someone has managed to manipulate the place you publish the public key to and are trying a man in the middle attack. A key point about the random check is that it can be done anonymously, so that someone doesn't only publish your 'ok' key to you but the futzed one to others, perhaps selectively others. I'm also trying to get some funding but to build the client apps (I've built the protocol and the server bits as that's my forte but I *am* crap at building UI's) but I've explained in some detail how it works. When I built it I came up with a proposal for mail as well but I'm quite interested to see where these guys are going with it (I've dropped them a line too).
Key thing about IM vs email though is key longevity and that's the toughest nut to crack to make it usable. That and as you rightly point out, webmail. Decrypting the mail and putting it back in your inbox is one idea as people keep their email in their email boxes for years. Having a bunch of encrypted mails you can no longer read is a pain because you've lost private key no. 27. The question then is, what're you trying to solve? Message safety in transit (passive snooping)? Message authenticity? Message safety in the inbox (active attack)? If it's the last one you need to make the mailbox safer too and harder to break into. Preventing your paypal account getting hacked by someone who's asked for a password reset email doesn't work if an encrypted email is sent to your mailbox, decrypted by some auto service and put back into it if your password is 'wibble'. I don't have a solution that solves all these problems at once and I don't know which ones are universally more important to people.

They're for different use cases, I'd have thought. I can have an NFC smartcard which has processing capabilty on the chip, take a Mifare Ultralight for instance and I have a hard to get at private key and a bunch of other symmetric keys for different uses *and* the ability to computation operations on the card. I can also stick the card in my wallet. If I just want an NFC tag which is a glorified barcode with more data storage or a way of doing some simple data transfer then I can see the parallels to other uses. NFC is a pretty big umbrella term for *a bunch of dufferent things* one of which is a use case like bytelight. They're not entirely comparable.

But Mccarthysm by it's very nature had to go on, in the public domain. This is quite the opposite and the only way to make sure it's proportionate are the oversight comittees which need not report their inner workings at all.

IANAA (American) but I can't help but think that "70%" is of the people surveryed and however they get to extrapolate to the rest of the country is, well, put it this way, I find it hard to believe 70% of people actually care. If they do, you could ask the same survey pool if they thought the government could be trusted on and you'd likely get the same answer. The same is true in Europe, most people (I don't mean people who shout loudly about it) just don't care. I've been digging into privacy whilst exploring cryptographic protocols and when I talk to people about if they think it's a good idea or not, I have literally been gobsmacked at the number of people who say "I have nothing to hide" and don't care about surveilance and monitoring.
I am in fact convinced that we need to build a better argument around your privacy being a right and it being the default position. The rather apocolyptic stories about dictatorships gone by (the it'll never happen here syndrome) don't help. The extremety of "why not have a camera and mic in every room of your house", doesn't work, as it's too extreme, and people just dismiss it without stopping to think about the fact that privacy is a variable thing but that it should *theirs* to give away, not simpy defaulted to off until they don't like it.