Also, it's not clear that this is "run of the mill law enforcement". This is NIS, the S. Korean state intelligence service, which is admitting to having done this.
For your first point, if they own their own root CA that is trusted by browsers, then the capability is definitely in their hands. And that doesn't need any kind of special hacking capabilities, just signing a certificate that is for Google services. The whole SSL certificate trust hierarchy depends on CAs not being that evil, there is no tech keeping them non-evil. Of course Chrome does certificate pinning at least for their own services, but not the others.
But on you second point I agree. If they are prepared to use such capability, it would be really stupid to reveal their will to do such dirty tricks in some ordinary matter - better save it for a real need.
So if they just pwned the guy's PC like a normal investigator would, why wouldn't they just admit to doing that? Why would they admit to having this capability of court-ordered "packet tapping"?
They're not obvious attacker certs, but Ralph Holtz has found some very strange certs in S. Korea with SN:"Government of Korea" and CA:TRUE. http://www.mail-archive.com/cryptography@randombit.net/msg01...
Also, it's not clear that this is "run of the mill law enforcement". This is NIS, the S. Korean state intelligence service, which is admitting to having done this.