lavabit had access, they were shut down when they refused to share the encryption keys with law enforcement. the only legal way around this in the US is to host your own email and encrypt everything at rest. as an individual you aren't obligated to reveal passwords the same way a business would be in this case.
it might be an interesting idea to build a system that decrypts a small email server per user using their login credentials they interact with that system only and forward mail to the provider MTA for sending. there are still leaks here, and the provider could be compelled to reveal the user key to law enforcement, but the data would only be visible until after the user is authenticated.
