Apple is able to do this today because instant message services not (yet) covered under CALEA. ( Carrier assistance for Law enforcement agencies.) If CALEA is updated to include instant messaging services, Apple would be legally obligated to have a method of intercepting these messages, possibly with a separate public key as discussed in other comments.
CALEA can't compel you to hand over anything you do not have access to. If cleartext in your chat system can't be accessed because you don't have access to customer private keys, that's not illegal.
