However, leaving everything to the market is not necessarily good for society.
I prefer leaving things to the market as much as possible.
With those people, I’m very far apart, because I believe that government access to communications and stored records is valuable when done under tightly controlled conditions which protect legitimate privacy interests.
Generally I’m against regulation.
We have never really had absolute privacy with our records or our electronic communications – government agencies have always been able to gain access with appropriate court orders.
I favor strategies that encourage industry to include some sort of key recovery capability in their systems which would also address user requirements for access.
I think most organizations have an interest in key recovery, at least with respect to stored data.
Systems are complex, so controlling an attack and achieving a desired level of damage may be harder than using physical weapons.
The concern is over what will happen as strong encryption becomes commonplace with all digital communications and stored data. Right now the use of encryption isn’t all that widespread, but that state of affairs is expected to change rapidly.
Everyone is a proponent of strong encryption.
I don’t have a particular recommendation other than that we base decisions on as much hard data as possible. We need to carefully look at all the options and all their ramifications in making our decisions.
If we take as given that critical infrastructures are vulnerable to a cyber terrorist attack, then the question becomes whether there are actors with the capability and motivation to carry out such an operation.
Further, the next generation of terrorists will grow up in a digital world, with ever more powerful and easy-to-use hacking tools at their disposal.
While many hackers have the knowledge, skills, and tools to attack computer systems, they generally lack the motivation to cause violence or severe economic or social harm.
While the vast majority of hackers may be disinclined towards violence, it would only take a few to turn cyber terrorism into reality.