This sort of thing is nothing new. I used to work with a company called Bluecoat that straight up cracks SSL by becoming a RCA. If they use something like that with the cooperation of ISPs and the government itself it's grossly easy. Pretty sure that company is on a like UN human rights watch list lol.