You can trivially sign messages from each private key that are associated with the public keys that were combined to create the multisig address...
We can not. You have no idea about the setup that is being used, thus you should avoid making unsubstantiated claims.