Wow... This is very nearly textbook Stockholm Syndrome. You're so used to ISPs gouging you to hell and back that as soon as soon as one of them lets up on the knife just a little suddenly they're your best friend. This particular kidnapper might not be beating you just for fun, but you're still locked in a dark basement waiting for the ransom to be paid, so why are you thanking them?
I can only make this so clear: Data Caps are arbitrary, they serve no network management purpose, they are not necessary. Thanking T-Mobile for Binge-On is thanking them for somewhat ameliorating a problem they created in the first place.
A chilling effect doesn't have to be all or nothing. If a single person is dissuaded from performing a legal action due to fear of legal reprisal, that is a quantifiable chilling effect, even if a minor one. Your policeman with a radar gun analogy doesn't hold water, as travelling above the speed limit is against the law. If, say, there was an increased incidence of ticketing of red cars, and, as a result, fewer people purchased red cars for fear of being unjustly targeted, then that reduction in the purchase of red cars, a wholly legal act, is a chilling effect.
I'm not saying that there might not be other explanations for this particular drop in searches. There may be other reasons for it. (Though the fact that you're initially prejudiced against the accuracy of the data, despite supporting anecdotal evidence, is telling.) However, it is irrelevant to the point at hand, which is that your own words described a scenario which is the exact definition of a chilling effect, yet you claim it is not a chilling effect.
This is called the Parmenides Fallacy, or the cost of inaction.
Assumption 1: This exploit is known to various black hat hackers and is in use. Assumption 2: Active exploitation of this vulnerability puts citizens at risk. Assumption 3: The FBI is aware of this vulnerability. Assumption 4: Given knowledge of this vulnerability, Apple could work to mitigate the damage.
With the given assumptions, there are two options.
Option A: FBI does not releasd information about the exploit, and it continues to be exploited, harming some number of individuals. Call this number X. Option B: FBI releases information about the exploit, reducing the number of harmed individuals. Call this number X - Y.
The choice between these options is made by the FBI. Therefore, they can choose to harm a larger number of individuals, or a fewer number of individuals.
The cost of each option, in harmed individuals:
Option A: Y Option B: 0
By not disclosing the vulnerability their inaction has put some number of individuals at risk of harm.
So that somehow makes it ok to buy up vulnerabilities and hoard them?
Did you even read that link you trotted out? It makes it abundantly clear that the FBI has a very poor track record when it comes to disclosing vulnerabilities. They barely pay lip service to the idea. (And the fact that there's a procedure in place for it would indicate that releasing information about exploits they are aware of is very much part of their job).
There is no scenario where it is acceptable for a law enforcement agency to sit on an exploit like that. That's like a cop going into a shop that's being robbed and saying "Not my problem. I haven't been dispatched here, and the paperwork would be a pain."
I don't know where you're getting the adjective "significant" from. Hell, the word Mike used was "potentially", which is about as far from "significant" as you can get while still being a positive signifier of risk.
The fact of the matter here is that the FBI could help prevent crime by releasing details of this vulnerability. That they are not, purely out of spite, is appalling. Why is the FBI not doing their fucking job?
Sometimes I wonder what the point of all this anti-encryption rhetoric is. Even if we take at face value the claimed motivation of preventing, or at least better investigating, criminal activity, how does this get us there?
To start with, take backdoored encryption. How does this help? Say you could implement a perfect backdoor with a golden key that is physically and inextricably tied to a warrant. We've waved our magic wand and made all the problems and side effects vanish. What would that actually do?
Scenario A., criminals communicate over the backdoored channel, and their communications are available to law-enforcement. At first blush, that sounds great, but then you realize that any criminal who communicates over an effectively open channel knows shit about OpSec, and their communications would likely have been able to be intercepted even without the backdoor. So, what does this really gain for us?
Scenario B., criminals use a different, non-backdoored, encryption scheme to communicate. This will always be a possibility; you can't legislate the math from working. But, say you went a step further and flagged, or even outlawed, non-backdoored encryption. Then the bad guys will have to either communicate in the clear or risk being identified as bad guys, right? Of course not. Let's ignore for the moment simple codes (code phrases, book codes, etc.) which can be used to communicate securely over a compromised channel. You can implement full blown public key cryptography using steganograpgic encoding. The message would look like any other message in the channel, blending in with the noise, but could contain any amount of concealed information. So, what was the point, again?
Weakening encryption will only hurt normal citizens. The "bad guys" either can be caught already without weakening encryption, or weakening encryption won't seriously impact them.
Maybe I'm falling victim to Poe's Law here, but you do realize that's not even close to the same thing, right?
Terrorism related deaths spiked in 2001, but have severely dropped since then. Automobile related deaths have been more or less stable since then.
As such, it is possible that terrorism deaths equaled automobile deaths in September 2001, and that automobile related deaths far outpaced terrorism related deaths since 9/11/2001.
Terrorism has actually been less of an issue in recent years, the IRA just isn't that active these days. Yet it's still the go-to boogeyman, even though it's a minor threat in the grand scheme of things. Not to mention that reacting to terrorism like it was an existential threat is exactly what said terrorists want people to do, it gives them validation.
Yes, yes, gross oversimplification, I know. There are a lot of cases where regulations are in place to try to bring back an external cost (such as health care) back into an actor's cost/benefit analysis. It's a goodly portion of the civil suits. However, privacy isn't one of those things that has a sizable economic impact. I can't really see a purely economic argument for privacy protections.
Sorry for stumbling into your hot-button issue, but if you'll note the parenthetical, I explicitly mentioned that in some cases regulations can provide better economic growth long-term by curbing dangerous behavior. Glass Steagall is an excellent example of such a case, and definitely needs reinstating.
Still, kinda proves my point that this shit is complicated and actions or inactions can have ripple effects that are felt decades down the line. We often legislate reactively, usually when something goes wrong, and we have a tendency to over-legislate in those responses. I'm in favor of incremental regulation, small steady changes until the problem is under control.
All I'm really saying, though, is think before you legislate.
It's not quite that black and white. Regulation, by definition, is a burden on businesses. As such, the optimal amount of regulation is the minimum "required". Unfortunately, there's a world of complications in that one word.
Regulations generally hurt overall economic growth, (though in certain cases, regulations can protect long-term growth by mitigating profitable but dangerous short-term practices, i.e., preventing bubbles) but the reason they exist is that the public values certain things over economic growth. Such as the health and safety of its citizens. No one wants to live in an anarcho-capitalist society.
So, when certain public values, such as the right to privacy, conflict with the bottom line in a market with little reactivity (e.g., monopolies), the public exercises its will through external controls, such as regulatory agencies.
The fact remains, however, that regulation has a cost, often a substantial one. Often that cost is necessary, or worth paying. Sometimes it's not. That's why serious consideration is necessary before implementing any regulation.
And, after serious consideration, the FCC, myself, and just about every consumer in the country have determined that ISPs require additional regulation in order to maintain fair and ethical behavior in their gatekeeper positions.