The concern is over what will happen as strong encryption becomes commonplace with all digital communications and stored data. Right now the use of encryption isn't all that widespread, but that state of affairs is expected to change rapidly.
The tools used to launch massive denial of service assaults, for example, have advanced command and control capabilities.
I prefer leaving things to the market as much as possible.
Further, the next generation of terrorists will grow up in a digital world, with ever more powerful and easy-to-use hacking tools at their disposal.
Systems are complex, so controlling an attack and achieving a desired level of damage may be harder than using physical weapons.
I favor strategies that encourage industry to include some sort of key recovery capability in their systems which would also address user requirements for access.
I think everybody agrees that we need encryption to protect personal, proprietary and other sensitive information.
New vulnerabilities are continually uncovered, and systems are configured or used in ways that make them open to attack.
Computer worms like Code Red can be used to find potential zombies and automatically install the attack software.
While many hackers have the knowledge, skills, and tools to attack computer systems, they generally lack the motivation to cause violence or severe economic or social harm.
With those people, I'm very far apart, because I believe that government access to communications and stored records is valuable when done under tightly controlled conditions which protect legitimate privacy interests.
We have never really had absolute privacy with our records or our electronic communications - government agencies have always been able to gain access with appropriate court orders.
However, leaving everything to the market is not necessarily good for society.
While the vast majority of hackers may be disinclined towards violence, it would only take a few to turn cyber terrorism into reality.
I think most organizations have an interest in key recovery, at least with respect to stored data.