I think you are underestimating the ability of organizations to keep important private keys private.
Some examples are the code signing keys of most major desktop and mobile operating system vendors, the package signing keys of major Linux distributions, the SSL private keys of most banks and major e-commerce sites, and the certificate signing keys of most SSL certificate issuers.
From the same document. I do not see how this is technically possible.
> Technical solutions for gaining access to encrypted data must comply withthe principles of legality, transparency, necessity and proportionalityincluding protection of personal data by design and by default.
If focusing on e2ee I agree, but how about hardware and software supply chains? How much is your e2ee worth if you are up against Apple or Google? Perhaps nation states are simply looking for similar powers?
The code can be unsafe because it is physically impossible to test for every input in a computer. This is where various engineering designs come in which reduce the area of testing based on some theories.
Also, even in math, there are enough mistakes in publications (not just typos, but reasoning errors) which hopefully do not affect the eventual results in any fundamental way. The equivalent of safe code in computer science would be equivalent of completely formal proofs in mathematics (like in Coq and similar languages), but probably much more difficult due to existence of temporal conditions.
Err there are other ways to prove (memory) safety than exhaustive testing, such as better type systems and static analysis (Rust) or better run time checks (any garbage collected language)
