After high-profile cases of authorities circumventing device security controls, some people have decried them as being “useless”. But is this really the case or is it more a reflection of sufficiently equipped adversaries compromising high-value targets?