I appreciate that Professor Landau emphasized the "arms race" between companies securing their systems, and adversaries breaking them. Companies push software with bugs, adversaries exploit the bugs (and hopefully responsibly disclose them), then the company patches the bug and pushes a new update.
Any iPhone <5 running iOS <8 is comically exploitable. This should drive home the point that as time progresses, older vulnerabilities become easier to exploit, so that leaving them unpatched becomes irresponsible.
If the FBI asks Apple to create new software to grant the FBI the ability to unlock the phone, they are effectively asking Apple to exploit a vulnerability in their software. By definition, Apple will know that vulnerability exists. In the "arms race," when Apple identifies a vulnerability, they fix it. In this case, when Apple identifies the vulnerability, will the FBI allow them to fix it? Or would the FBI prefer that Apple have a responsibility to "maintain" the vulnerability and ensure it remains exploitable?
Any iPhone <5 running iOS <8 is comically exploitable. This should drive home the point that as time progresses, older vulnerabilities become easier to exploit, so that leaving them unpatched becomes irresponsible.
If the FBI asks Apple to create new software to grant the FBI the ability to unlock the phone, they are effectively asking Apple to exploit a vulnerability in their software. By definition, Apple will know that vulnerability exists. In the "arms race," when Apple identifies a vulnerability, they fix it. In this case, when Apple identifies the vulnerability, will the FBI allow them to fix it? Or would the FBI prefer that Apple have a responsibility to "maintain" the vulnerability and ensure it remains exploitable?