[munk-a]

I think if we as an industry wanted real E2EE in software products - we'd probably want to do what most of the other industries faced with this issue ended up doing and adopt auditing and certification.

The problem is that we, as developers, are working in such a complex and powerful environment that auditing comes with extremely expensive costs - effectively ensuring E2EE would probably mean using a third party component wrapped in a very strict box to drive all that traffic through your system... and that goes against a lot of the flexibility of software development we all love.

You can see similar requirements around HIPAA compatibility - you're forced into using a certified vendor (perhaps one that's inhouse) that is paying high continuous costs to ensure their audit compatibility - these costs produce very long release intervals and slow down innovation.