Where does the legal responsibility of private firms begin and end in cybersecurity?
Should governments be allowed to compel companies to provide customers' encrypted information to aid intelligence efforts against cyber criminals and terrorists?
At what point should security trump privacy, over what business interests, for how long, and under the risk of what legal and business consequences?