That's an interesting point, because it leads me to another question of mine, but let me back up for a minute. If law enforcement wants to unlock, say, an iPhone to obtain information that's on it, there's obviously a process in place to do so with obtaining a warrant. Obviously, it might vary in both our countries, but I think the spirit of it is similar enough that we can discuss it. My question then becomes this. If a hacker wants to do good, let's say, as a white hat hacker, the hacker might look to the government thinking that they are doing the right thing by providing that information, but it doesn't necessarily then go back to the company, and people remain vulnerable because that agency might have an interest in keeping that vulnerability. Do you think there should be some kind of law or regulation in place that creates the same kinds of checks and balances on the police when they obtain a warrant to unlock a phone and apply those checks and balances to national security agencies as well? They would say that if you want to use a vulnerability, then you have to go through the same hoops required of law enforcement to protect people's privacy.
On February 4th, 2019. See this statement in context.