What Damage Can Happen If Data Leaks When Quantum Computing Breaks Today’s Encryption
At some point in the not-so-distant future, quantum computers are going to pose a major threat to today’s encryption mechanisms and encrypted data. The ability to leverage quantum physics in order to create immense multi-dimensional representations of data, and to simultaneously analyze many values within those structures, will give these emerging mathematical powerhouses the ability to quickly crack most, if not all, of the standard asymmetric and symmetric encryption utilized to today protect data.
So, what can go wrong if this happens and we are not prepared?
To begin with, all of today’s encrypted communications could potentially be at risk of being leaked and abused.
That’s right, the photos that you just sent your significant other over WhatsApp, the results of your recent bloodwork, and your bank statements that accessed over the weekend could all leak.
So, how could today’s communications leak tomorrow?
People and organizations around the globe rely on encryption as the primary method of keeping data secure when transmitted across the Internet. We bank, shop, chat, and use social media over TLS-encrypted sessions; we utilize the encryption because we know that the Internet is not secure, and that, unless we encrypt, many parties could potentially capture and view our communications as they flow across the Internet as network traffic.
But, with the arrival of powerful quantum computers, any data that is captured now can potentially be decrypted tomorrow. Capturing and storing data in transit is often simple and straightforward; any passwords, medical information, bank information, private images and videos, confidential business communications, “insider information,” or other sensitive materials whose sole protection from prying eyes is the ostensibly powerful encryption used when materials are transferred across the Internet, could easily leak once quantum computing transforms decrypting the stored data by brute force from a nearly-impossible-to-do-within-a-human-lifetime endeavor to a trivial task taking just a few minutes.
How bad a situation could we have if we are unprepared when quantum computing does succeed at undermining current encryption mechanisms?
Consider that, in many cases, data transmitted today will remain as sensitive in a few years as it is today, and, once such materials leak, the resulting damage will never be able to be undone.
Making the matter worse is the fact that, with storage relatively inexpensive, various government agencies around the world are already attempting to capture as much data as possible from many environments – with the hope of obtaining all sorts of sensitive information about the people who will be world leaders in the future, and/or people whose privately-expressed sentiments might make them good candidates to recruit for espionage purposes and/or to blackmail.
But, the problem of quantum supremacy is not just about data leaks; at some point we may see the failure to properly re-encrypt data yielding lawsuits, regulatory fines, businesses failing, and/or, perhaps, even criminal charges.
While it may seem like a simple task to decrypt and encrypt data when algorithms need to be replaced, the reality is quite the opposite. Most organizations – if not ALL organizations – do not have full inventories of all of their data. Do you know, for example, where all of your backups are – even the ones made years ago? And what about data whose last active owners were people who are no longer alive, or were businesses that have since folded?
If the data in any such backups contains information that remains sensitive, the backups need to be located, decrypted, re-encrypted, and the originals properly destroyed (or properly wiped and overwritten).
A single long-forgotten laptop, ZIP disk, CD, or backup tape – or even an old floppy disk! – could potentially lead to tremendous data leaks – and tremendous legal headaches; healthcare organizations could face stiff fines for HIPAA violations, and any business that deals with European citizens could face penalties for violating GDPR. And those are just two of many pertinent laws.
Even worse, however, is the possibility that failing to adequately protect information that a judge has ordered to be protected, or that the law itself mandates as such, could potentially even lead to criminal charges.
Especially when one considers that quantum-safe encryption systems have already arrived on the scene, including some offerings that can provide such encryption on an end-to-end basis, civil lawsuits and regulatory fines could easily even hit before quantum computers actually achieve supremacy over today’s encryption algorithms. It seems quite likely that, at some point, juries, judges, and regulators may be convinced that it is nothing short of gross negligence for an entity to continue relying for security on encryption mechanisms that are expected to rendered impotent in the near term, when better mechanisms of encryption are readily available.
Transitioning from today’s common asymmetric and symmetric encryption to any form of quantum-safe encryption is not going to be a 1-2-3 move; successful efforts are likely going to be more time consuming, expensive, and complicated than most people anticipate. With quantum-safe solutions already available, including some in packages that deliver end-to-end encryption, digital signatures, and many other staples of modern encryption offerings, there is no reason to delay our taking action. Remember, more and more sensitive data being generated every day is being put at risk by our inaction – and, with the clock counting down to the dawn of quantum supremacy, and with the magnitude of the potential problems if we are late to act, we should get to work addressing the issue ASAP.
This post is sponsored by IronCAP™. Please click the link to learn more about IronCAP’s patent protected methods of keeping data safe against not only against today’s cyberattacks, but also against future attacks from quantum computers.