Re: WhatsApp snooping
They will leave that up to Facebook to figure out, but it seems you could modify the software to ALWAYS produce a BCC key, so you wouldn't be able to tell when they are listening and when they aren't.
The sender and recipient are both running an app that has the messages in plaintext. There's nothing to stop Facebook from modifying that app to relay the plaintext to the SIGINT service of choice. No need to tamper with the Signal protocol itself, or how the app uses it, if you're only required to subvert that one particular app that uses Signal. And, AFAIK, that's what the law1 requires.
Vendors who comply with this law will do it by putting backdoors in applications. Some knowledgeable users will build their own applications, or get untainted ones from safe sources. The spooks are assuming that the vast majority of users won't, and they're very likely right about that.
1Which I like to refer to as Australia Rejects Secure Encryption.