It's not that simple. A CA can intercept your SSL traffic, but to do so it has to create a fradulent certificate for the end site and proxy your traffic to the site, presenting the fradulent certificate to you.
This means it can't be done without risking that you might notice it. And it can't be done just by passively hoovering up all the traffic and then retrospectively going back and decrypting it.
This means it can't be done without risking that you might notice it. And it can't be done just by passively hoovering up all the traffic and then retrospectively going back and decrypting it.