Based on the white paper, all of the message encryption keys are derived from the session key using KDF. According to wiki forward secrecy requires that "...The key used to protect transmission of data must not be used to derive any additional keys, and if the key used to protect transmission of data is derived from some other keying material, then that material must not be used to derive any more keys" Since all of the message keys are derived from the session key, and all of the other keying material is sent in plain text an adversary(aka NSA), with the ability to store large amounts of data can save that keying material in order to decrypt messages once the private key is obtained. Blackberry should instead use ephemeral keys for each chat session. I assume a session stays active until a user clicks end chat. After that occurs the blackberry should erase any stored instance of the ephemeral key.