I’m not sure this is compatible with their oversight goals. Government agencies also have to comply with public records laws and be able to detect insider threats, and switching to E2EE conflicts with that.
Does the DoD allow the USPS to deliver packages directly to their staff? I’m pretty sure if you got letters from China they’d want to inspect them.
I totally get E2EE personally and have been using it since the 90s but from an organizational standpoint I’m not sure how to reconcile this with other needs. It seems like you’d want the ability to decrypt at the edge to make sure that outsiders aren’t sending malware to your people and that nobody is violating your rules. You can try to make that more resistant to abuse by e.g. escrowing keys so there’s never plaintext sitting around and each decrypt operation is logged, but I think relying on the client to log is just a riskier way to achieve the same result - if the user can disable the client logger or it’s not perfectly reliable, now you have a lawsuit (harassment, contract issues, etc.) or are testifying before Congress about how you missed a security threat.
