How could they possibly prove that you "know" of a bug and didn't report it!? Are they mind readers? Are they just going to assume that anyone who just happens to unwittingly be within close proximity to a bug exploiter that he/she is completely aware that there is an exploit going on? This is just beyond stupid.
Maybe they are trying to hold onto that "Worst Company" title.
“We’ll know our disinformation program is complete when everything the American public believes is false.” William Casey, CIA Director 1981-1987