[sneak]

The fundamental concept of plaintext archiving (escrow) of messages from e2ee messaging apps is insecure by most definitions.

They could have used user-custody public key cryptography, where the end devices have the pubkey of the customer, and archive only re-encrypted messages to TM that they can’t read.

That is not, of course, what they did. They just archive them in plaintext.

[kevincox]

I don't think it is. I can archive my own messages and E2E security on the messaging layer means I don't have to trust the operator of the messaging service to not read my messages because they can't. The choice of how I archive the messages is completely orthogonal to the choice of messaging platform security. I could choose to use an E2EE approach if I want but in that case it probably wasn't even desired as the point was to have these be archived for audit purposes. (Of course they are more secure options such as archiving to an audit key, but this is still orthogonal to the concern of the messaging protocol)