A quantum of context: Cybersecurity law after Q-Day

Quantum is a word you've likely heard in many contexts and with many connotations. What once was confined to the computers of Star Trek is just as likely to show up in guidance from the U.S. National Institute of Standards and Technology these days. Now, policymakers and researchers alike warn of a future Q-Day, the day someone builds a quantum computer that can crack the most widely used forms of encryption.

For most, piercing the veil of theoretical physics that obscures the concept of quantum is a complex undertaking, leaving it firmly planted in the realm of science fiction. Quantum mechanics is a notoriously tricky subject to grasp: as physicist Richard Feynman is often quoted for saying, "If you think you understand quantum mechanics, you don't understand quantum mechanics." 

Even so, quantum computing technology may present legal consequences for organizations in the present: As attackers hoard encrypted data with the expectation of easily decrypting it later, such data may not be considered secure enough to meet certain legal standards. All the while, researchers continue to push the boundaries of quantum technology. 

But what is quantum computing really, why does it matter so much, and why should cyber lawyers and privacy professionals be concerned today?

What is quantum computing? 

Quantum computing relies on three laws of quantum mechanics to perform computing operations. Superposition is a property of quantum particles that allows them to exist in multiple states simultaneously. Quantum particles may also be entangled, allowing a change in one particle to result in a simultaneous change in the other. Finally, decoherence is the collapse of a quantum particle into an ordinary one, which may be measured and used for quantum computing.