TLS is still legal. So is routing all your traffic through Tor if you think the metadata is relevant.

I can't imagine much useful material comes from wiretapping these days. Maybe once in a while, but the real value largely exists in the application layer, which is obtained in a different way.

When TLS is everywhere, what's the most reasonable way for law enforcement to surveil suspects?

Bottom-up. The FBI sees that you're having a TLS conversation at X time with a server in Facebook's IP range, so they just go ask Facebook for what you were doing at that time.

Foreign-hosted services seem like they'd be hard to crack, but it's extremely likely their data flows though Cloudflare, Amazon, GCE, or a similar US-based company.

Following the requirements of a judge is not necessarily antithetical to Freedom. Even in societies where freedom is values, conspiracy to murder (say) tends to be frowned upon.

But Cisco hasn't conspired to murder anyone.