[...]
Let's make it simpler.
Encryption is two way because you always need the original data to perform the functions you have associated with it.
In a web form password can be encrypted or hashed. Hash is one way. If I am not wrong [from my outdated knowledge], hash contains your password, a component called salt or sult and a key. When a database is compromised the salt or sult is compromised but the 128 [I suppose] bits key is not. Without the key you will never know the original password. Because of that developers prefers to store the hash instead of the password you given.
But for email and any other data, it is always encrypted [if it needs more security] and encryption are two way.
Considering the emails were encrypted, certainly it can be decrypted. I believe the team is still trying to mislead everyone or the person behind the account do not have such knowledge.
By the way, I do not have latest knowledge about the tech but anyone who is trustworthy and have programing knowledge, can confirm if I have mistaken anything to explain hash.
Ahh, well... if I may pull a guess from a hat, they'll probably go with how they're basically stripped to bare minimum staffs, where they don't have access to any system or services. Thus, they don't have the way to extract a decrypted data containing the emails. I guess, in layman terms, the way they propose to verify an email address is by manually typing
thebunnyrabbitofeastersucks@anemail.com into whatever they have right now, and that bare-minimum system will tell them if that email address is indeed was in the cluster or not.