I totally agree with you. Any solution will have to Open Source by nature, so that multiple eyes can guarantee the absence of any backdoor, given that government guarantees in this domain are totally not credible (hey NSA, remember that little thing called the Constitution ?).
It will also have to be idiot-proof, which is a major stumbling block right there. Finally, all operators will have to agree to use it, which will mean setting aside their own solution - and that will be another major issue.
Since AVG has brought this issue to light after having purchased a company dealing in securing privacy, it seems obvious that this is a ploy to trumpet their own horn and it will be that more difficult for them to abandon the investment and adopt an Open Source solution.
So, right from the start this whole issue seems practically moot already.
Although I do agree that privacy is going to become a more important concern than it is now, but given that it's level of concern is currently nil (otherwise Facebook, Google and the US government would be facing quite stiffer resistence), that doesn't seem to mean much.