they use strong enough encryption, TLS, and pen registers are only for traffic analysis not payload interception. The issue is the encryption is only up to the server, it is not encrypted passing through their servers, and that is where the tap will take place.