"From the viewpoint of infosec insiders, spooks should have loved RIM! BlackBerrys were actually kind of insecure! If you wanted to get at the messages that individual BlackBerry customers — including, most visibly, drug dealers, who loved their BlackBerrys– you just had to hit up the (certainly domestic) telephone company they were using and get that shared key. Or you could maybe mandate what key that would be. You didn’t need to put pressure or ban RIM to do this! But as I dug into it, I realized what may have been going on. RIM and the telcos had been helping the authorities, to the best of their abilities. They probably did a fair bit of explaining to the authorities how to tap a BlackBerry, and may even have done some of the heavy-lifting. When it came to consumer BlackBerrys, RIM didn’t have the hard and fast line of a Signal or other truly end-to-end encrypted tool. They could hand over the messages, and (as they would sometimes protest) often did. But, crucially, they could not do this in EVERY case." (emphasis added)

what is the moral of this story? I guess: design with e2e from the start or you get caught in a ratchet

it's not clear to me that WhatsApp/signal (same protocol iiuc) is really fully committed to e2e. Like are group chats like this e2e encrypted? voice/video/photos?

idk.

The ratchet concept is useful anyway.