This is called the Parmenides Fallacy, or the cost of inaction.
Assumption 1: This exploit is known to various black hat hackers and is in use. Assumption 2: Active exploitation of this vulnerability puts citizens at risk. Assumption 3: The FBI is aware of this vulnerability. Assumption 4: Given knowledge of this vulnerability, Apple could work to mitigate the damage.
With the given assumptions, there are two options.
Option A: FBI does not releasd information about the exploit, and it continues to be exploited, harming some number of individuals. Call this number X. Option B: FBI releases information about the exploit, reducing the number of harmed individuals. Call this number X - Y.
The choice between these options is made by the FBI. Therefore, they can choose to harm a larger number of individuals, or a fewer number of individuals.
The cost of each option, in harmed individuals:
Option A: Y Option B: 0
By not disclosing the vulnerability their inaction has put some number of individuals at risk of harm.
So that somehow makes it ok to buy up vulnerabilities and hoard them?
Did you even read that link you trotted out? It makes it abundantly clear that the FBI has a very poor track record when it comes to disclosing vulnerabilities. They barely pay lip service to the idea. (And the fact that there's a procedure in place for it would indicate that releasing information about exploits they are aware of is very much part of their job).
There is no scenario where it is acceptable for a law enforcement agency to sit on an exploit like that. That's like a cop going into a shop that's being robbed and saying "Not my problem. I haven't been dispatched here, and the paperwork would be a pain."
I don't know where you're getting the adjective "significant" from. Hell, the word Mike used was "potentially", which is about as far from "significant" as you can get while still being a positive signifier of risk.
The fact of the matter here is that the FBI could help prevent crime by releasing details of this vulnerability. That they are not, purely out of spite, is appalling. Why is the FBI not doing their fucking job?
Sometimes I wonder what the point of all this anti-encryption rhetoric is. Even if we take at face value the claimed motivation of preventing, or at least better investigating, criminal activity, how does this get us there?
To start with, take backdoored encryption. How does this help? Say you could implement a perfect backdoor with a golden key that is physically and inextricably tied to a warrant. We've waved our magic wand and made all the problems and side effects vanish. What would that actually do?
Scenario A., criminals communicate over the backdoored channel, and their communications are available to law-enforcement. At first blush, that sounds great, but then you realize that any criminal who communicates over an effectively open channel knows shit about OpSec, and their communications would likely have been able to be intercepted even without the backdoor. So, what does this really gain for us?
Scenario B., criminals use a different, non-backdoored, encryption scheme to communicate. This will always be a possibility; you can't legislate the math from working. But, say you went a step further and flagged, or even outlawed, non-backdoored encryption. Then the bad guys will have to either communicate in the clear or risk being identified as bad guys, right? Of course not. Let's ignore for the moment simple codes (code phrases, book codes, etc.) which can be used to communicate securely over a compromised channel. You can implement full blown public key cryptography using steganograpgic encoding. The message would look like any other message in the channel, blending in with the noise, but could contain any amount of concealed information. So, what was the point, again?
Weakening encryption will only hurt normal citizens. The "bad guys" either can be caught already without weakening encryption, or weakening encryption won't seriously impact them.
Maybe I'm falling victim to Poe's Law here, but you do realize that's not even close to the same thing, right?
Terrorism related deaths spiked in 2001, but have severely dropped since then. Automobile related deaths have been more or less stable since then.
As such, it is possible that terrorism deaths equaled automobile deaths in September 2001, and that automobile related deaths far outpaced terrorism related deaths since 9/11/2001.
Terrorism has actually been less of an issue in recent years, the IRA just isn't that active these days. Yet it's still the go-to boogeyman, even though it's a minor threat in the grand scheme of things. Not to mention that reacting to terrorism like it was an existential threat is exactly what said terrorists want people to do, it gives them validation.
Yes, yes, gross oversimplification, I know. There are a lot of cases where regulations are in place to try to bring back an external cost (such as health care) back into an actor's cost/benefit analysis. It's a goodly portion of the civil suits. However, privacy isn't one of those things that has a sizable economic impact. I can't really see a purely economic argument for privacy protections.
Sorry for stumbling into your hot-button issue, but if you'll note the parenthetical, I explicitly mentioned that in some cases regulations can provide better economic growth long-term by curbing dangerous behavior. Glass Steagall is an excellent example of such a case, and definitely needs reinstating.
Still, kinda proves my point that this shit is complicated and actions or inactions can have ripple effects that are felt decades down the line. We often legislate reactively, usually when something goes wrong, and we have a tendency to over-legislate in those responses. I'm in favor of incremental regulation, small steady changes until the problem is under control.
All I'm really saying, though, is think before you legislate.
It's not quite that black and white. Regulation, by definition, is a burden on businesses. As such, the optimal amount of regulation is the minimum "required". Unfortunately, there's a world of complications in that one word.
Regulations generally hurt overall economic growth, (though in certain cases, regulations can protect long-term growth by mitigating profitable but dangerous short-term practices, i.e., preventing bubbles) but the reason they exist is that the public values certain things over economic growth. Such as the health and safety of its citizens. No one wants to live in an anarcho-capitalist society.
So, when certain public values, such as the right to privacy, conflict with the bottom line in a market with little reactivity (e.g., monopolies), the public exercises its will through external controls, such as regulatory agencies.
The fact remains, however, that regulation has a cost, often a substantial one. Often that cost is necessary, or worth paying. Sometimes it's not. That's why serious consideration is necessary before implementing any regulation.
And, after serious consideration, the FCC, myself, and just about every consumer in the country have determined that ISPs require additional regulation in order to maintain fair and ethical behavior in their gatekeeper positions.
The proceeds from Naruto’s photo should be used to help endangered monkeys.
That statement alone shows a huge amount of bias. Just for a second, let's assume that "Naruto" has all the rights and duties of a natural person. So, yes, the copyright would fall to the monkey. Not PETA, the monkey.
Now, first off, what proceeds are you talking about? If the copyright was assigned to the monkey what would happen is simply that nobody could use the photo in question. Or do you really, truly, actually think that Naruto would then go on to personally license the photo to a rights management organization?
Secondly, why the flying frak are you assuming that he would want his earnings going to help endangered monkeys? Maybe he just wants to buy some shit.
Back to reality.
On the one hand, you're trying push this narrative that the monkey is sentient and is capable of independent action. At the same time you're shoving your own biases and wants down its throat, treating it as though it cannot make rational decisions.
I'll concede the monkey has the rights to the photo just as soon as it directly claims those rights. PETA is not trying to get the rights to be assigned to the monkey, they're trying to get the rights assigned to PETA, "on behalf of" the monkey. If that's true, they should have a contract with the monkey's signature, since we're all trying real hard to pretend that the monkey has magically become sentient.
Has PETA even been in contact with the monkey? Are there communication records? Has it expressed interest in this case to the press?
You have no knowledge of recent history, do you? You sit here enjoying the fruits of the Computer Revolution, yet are gleefully trying to clamp down on the rights and abilities that brought those fruits to bear.
Ok, I guess I need to give a quick history lesson.
The Dark Ages
In the '60s and '70s, personal computing was a laughable pipe dream. This is despite the commercialization of the silicon transistor in the '50s. Computers were proprietary mainframe/terminal setups, and cost exorbitant sums of money. This was because each seller had to build their system from the ground up, hardware and software. Now, as we approach the '80s, hardware costs have started to go down, but software costs were going up. Companies still had to write the complete codebase for their proprietary system. Compatibility was unheard of, and costs were still too expensive for personal computing for the general public. Hobbyists could put together relatively cheap kit computers, but the retail desktops cost $5000-$10000, adjusted for inflation.
Enter "Open Architecture"
The early commercially successful computers, the Apple II and the IBM 5150, both utilized a published, card-based, open hardware architecture. This meant that any company could follow the spec and produce hardware components compatible with the machines, and allowed third-party software to enter the mainstream. Now, instead of using whatever proprietary word processor came on the machine, you could run WordStar, or any other software. This meant that the computer manufacturer didn't need to develop all that software in-house, lowering the cost of the machine.
The Clone Wars
It's the early '80s, and home computing is starting to take off. IBM dominates the market, but they're still too expensive for most households. Still, they've built up an ecosystem of third-party software that consumers demand. "Does it run Lotus 1-2-3?" is the death knell of many a new entrant. Things look bleak for everyone but Big Blue.
Then inspiration strikes. IBM's machines ran PC-DOS, provided by a small company called Microsoft. Microsoft also sold the OS, as MS-DOS, to any interested third-party. Some companies try to break into the market by using MS-DOS, but differences in the BIOS mean that programs needed tweaking before they could run on each machine.
Compaq wants to build a fully-compatible IBM Clone, but they can't just copy IBM's BIOS due to Copyright law (See Apple v. Franklin). They could, however, independently create their own BIOS that behaved identically. They proceeded to do a clean-room reverse engineering of the IBM BIOS, and built the first true PC clone. When IBM's lawyers could do nothing to stop Compaq, the floodgates opened. The new competition enabled by these "knockoffs" drastically lowered the price of computing hardware, bringing about the commoditization that we enjoy today.
That's only a brief overview, there's much more to the story, and I encourage you to read up on it. It should make clear the pivotal role that reverse-engineering and third-party compatibles had in bringing about ubiquitous computing, though.