Whitelisted malware?
One problem here - Computrace Anti-theft bios rootkit is white-listed by AV companies, and has been so for a few years till now. Sony's XCP was white-listed as well until Mark Russinovich made a lot of fuss on his blog. If corporations can get whatever they want to be not detected by AV, then surely a government can do as well. And more effectively.