They could add that but as things stand right now that second key doesn't exist - or at least it did then Cook would be out and out lying here. Obviously anything can change in the future but based on what Cook is saying either he is lying or Apple can't read your iMessages - I see no wiggle room which creates a middle ground or half truth.
In terms of what the police and other agencies can request, they have been able to ask for stuff in the past because it was information you had. If someone produces a court order they have to comply with that but there is no way of making you produce information you don't have.
As a result some companies are now setting stuff up so they don't have the sort of information which might be requested.
I may be wrong about this but I'm not aware of any law that says that a company can't do this. Certainly if there is then there are plenty of businesses aimed squarely at this sort of privacy and security which are going to have major issues given that it's basically their USP.
And if a company has to do it then the same law will apply to any individual producing open source software to do the same - any such law would be highly unlikely to be dependent on the product being created and distributed by an incorporated company.
Where there will be a problem (and this is the point Cook was making) is for companies where gathering that data is fundamental to their business. Apple can happily survive without being able to read or track iMessages. Facebook or Google have fewer options when it comes to not recording or storing stuff.
In terms of what the police and other agencies can request, they have been able to ask for stuff in the past because it was information you had. If someone produces a court order they have to comply with that but there is no way of making you produce information you don't have.
As a result some companies are now setting stuff up so they don't have the sort of information which might be requested.
I may be wrong about this but I'm not aware of any law that says that a company can't do this. Certainly if there is then there are plenty of businesses aimed squarely at this sort of privacy and security which are going to have major issues given that it's basically their USP.
And if a company has to do it then the same law will apply to any individual producing open source software to do the same - any such law would be highly unlikely to be dependent on the product being created and distributed by an incorporated company.
Where there will be a problem (and this is the point Cook was making) is for companies where gathering that data is fundamental to their business. Apple can happily survive without being able to read or track iMessages. Facebook or Google have fewer options when it comes to not recording or storing stuff.