SSL relies on a chain of trust, and it's prudent to assume that the NSA has the private keys necessary to produce valid certificates that will be accepted by the certificates that ship with Windows, OS X, Firefox, etc out of the box.
So man-in-the-middle attacks are certainly within their capability and fairly hard to detect. As to whether the NSA can passively intercept and decrypt SSL traffic, I don't know, but they may not need to.
It looks like there's no chance for even the slightest expectation of privacy. Even if the data is encrypted they can ask American companies to decrypt it, after all they store the encryption keys. Even if the encryption keys are stored on the client side, they can push fake updates through major browsers or straight out compel American companies to insert backdoors in their software (e.g. Google Chrome) and get access to those keys. Our reliance on these services is what most likely would need to be avoided in the pursuit of privacy, but could you live without Google Search, Google Maps, GMail, Outlook, and on and on?
You want to use something like TLSpool (http://www.tlspool.org) and DANE. For a browser something like Firefox's Certificate Patrol is a great solution.
Yes, certificate pinning would alert the user to a MITM attack, but it's not commonly used. By "hard to detect", I meant that it's impossible to see simply by examining the certificate if it's genuine, you can only detect when the certificate changes. And since SSL certs expire and are re-issued all the time, it makes it a fairly large headache to continually try and guess whether the other party changed their own cert or if you are experiencing a MITM attack.
So man-in-the-middle attacks are certainly within their capability and fairly hard to detect. As to whether the NSA can passively intercept and decrypt SSL traffic, I don't know, but they may not need to.