[grandalf]

> Most people I've met who work in security at large companies would rather lose their job than participate in the erasure of security for all.

While I think (and hope) this is correct, I'm not sure it matters.

For example, it would not be necessary for most of the engineers to be aware of a backdoor or other known vulnerability. There have been examples from open source crypto where malicious code has weakened it significantly and still nobody noticed.

There's also the very real possibility of baking the backdoor/vulnerability into a custom ASIC design. Chances are the government has a lot of expertise in this area and could simply tell Apple that it would provide one of the parts for all iPhones and the part would behave to spec (but would contain other undocumented behavior).

I think it's also realistic that other governments do this. Unless a chip is manufactured using the latest microprocessor-level miniaturization, it could contain all sorts of undocumented circuitry. I'm not sure about the economics of this sort of attack, but surely it makes sense once in a while.