Well the article focuses on backbone cable tapping, but they collect metadata of "who talks to whom" from facebook and microsoft, too.

Lets say someone is using a northern european vpn-server to connect to facebook and that vpn-server is not cooperating. Decloaking is statistical analysis against timing and rough size of packages, so tapping the cables on both ends of the vpn-server and recording metadata for all its connections is key, even if they can't break the encryption.