A quantum of context: Cybersecurity law after Q-Day

Quantum is a word you've likely heard in many contexts and with many connotations. What once was confined to the computers of Star Trek is just as likely to show up in guidance from the U.S. National Institute of Standards and Technology these days. Now, policymakers and researchers alike warn of a future Q-Day, the day someone builds a quantum computer that can crack the most widely used forms of encryption.

For most, piercing the veil of theoretical physics that obscures the concept of quantum is a complex undertaking, leaving it firmly planted in the realm of science fiction. Quantum mechanics is a notoriously tricky subject to grasp: as physicist Richard Feynman is often quoted for saying, "If you think you understand quantum mechanics, you don't understand quantum mechanics." 

Even so, quantum computing technology may present legal consequences for organizations in the present: As attackers hoard encrypted data with the expectation of easily decrypting it later, such data may not be considered secure enough to meet certain legal standards. All the while, researchers continue to push the boundaries of quantum technology. 

But what is quantum computing really, why does it matter so much, and why should cyber lawyers and privacy professionals be concerned today?

What is quantum computing? 

Quantum computing relies on three laws of quantum mechanics to perform computing operations. Superposition is a property of quantum particles that allows them to exist in multiple states simultaneously. Quantum particles may also be entangled, allowing a change in one particle to result in a simultaneous change in the other. Finally, decoherence is the collapse of a quantum particle into an ordinary one, which may be measured and used for quantum computing.

The qubit or quantum bit — an analogue for the binary "bit" in traditional computing architectures — is the basic building block of a quantum computer. Qubits are particles such as photons, ions, electrons, etc., in superposition, a quantum state wherein they simultaneously represent all possible configurations of the qubit. In classical computing, the possible configurations of a bit are 0 (off) and 1 (on). Qubits exist in neither state, instead representing a measurable probability of representing either "1" or "0" when decoherence occurs and the particle exits its quantum state. Qubits can also be entangled with other qubits; when decoherence occurs in one entangled qubit, the same will happen to the other instantaneously. When qubits are networked together, the probabilities of each quantum particle comingle to create interference, areas of high- or low-density that influence the probability of an outcome.

All of this comes together to form something quite distinct from classical computing. To borrow an analogy from IBM, imagine a maze. A traditional computer would solve the maze in familiar fashion: plotting a line down a corridor, determining if it reaches a dead end and repeating the action until the maze is solved. A quantum computer, on the other hand, simultaneously determines the probability that each path will end in failure and then collates these probabilities into a successful bird’s-eye view of the solution in its entirety. Clear as mud? As Feynman hinted, creating a heuristic for the operation of these systems is incredibly difficult. The key takeaway is that quantum computers leverage cutting edge, experimental physics to perform certain calculations at a rate orders of magnitude faster than traditional computer architectures allow.

While crossing into a time of quantum supremacy has long seemed to be a problem for the far-flung future, steady scientific research has yielded promising results that may shorten this timeline. Microsoft, for instance, has recently developed its new Majorana 1 chip, which promises to change the game by utilizing new technology to create more stable and reliable quantum particles. Microsoft claims that, as a result of this breakthrough, quantum computers will be able to solve industrial-scale problems in "years, not decades."

Encrypted, but no longer secured

Encryption may be the single most important technical feat underpinning modern information technology infrastructure. In broad terms, an encryption process takes ordinary, legible data and uses mathematics to make it illegible. More specifically, the types of algorithms used are easier to calculate in one direction than the other. Unless one has the key required to decrypt the data, it takes a computer vastly more time to reverse the function than to apply it. The math behind these algorithms is widely known and commonly used, but without the key, the data they obfuscate is, in practice, impossible to decrypt using conventional computing architectures. 

Based on the different needs for encryption, two schemes have emerged; each one faces its own risks from quantum-enabled attackers. Data which is stored locally — data "at rest" — can be encrypted so that, when it is not being used by an authorized person, it is practically useless. Data being transmitted between computers can be encrypted too, preventing onlookers from reading it in transit. For the purposes of this article, we focus on data at rest. 

To encrypt data at rest, symmetric encryption systems generate a single key as they encrypt data. Anyone with access to the key can decrypt the data, but those attempting to decrypt data without the key would require advanced hardware and, potentially, hundreds or thousands of years. Developments in quantum computing promise to reverse key generation algorithms on a time scale measured in minutes rather than millennia, signaling the need for advanced encryption algorithms — perhaps quantum-enabled themselves.

Quantum risks are already present today

A more pressing concern for today's business risks is the prospect of a post-hoc decryption or harvest-now-decrypt-later attack where perpetrators use conventional means to harvest vast amounts of encrypted data now and decrypt it when they have the means in the future. This is not unlike a thief stealing the whole safe now, only breaking into it after they've acquired the hardware to crack it open. This makes things simple for hackers, who do not need to steal the encryption key or gain credentialed access to information in an unencrypted state. 

This is critical to understanding the security threats presented by quantum computing. Sensitive information currently classified as low risk because it is encrypted may need to be reclassified because of the risk of future decryption. Encrypted data previously lost in breaches may nevertheless become usable by malicious actors. Quantum computing's capacity to rapidly decrypt information stored with conventional algorithms will require heightened countermeasures. To be sure, quantum computing can be used for encryption — perhaps as easily as for decryption — meaning the next wave of quantum encryption algorithms will prove effective for securing data from quantum-enabled attackers. 

Luckily, conventional computers are not powerless to resist quantum decryption. Quite the contrary. The National Institute of Standards and Technology has already prepared a suite of post-quantum cryptography standards, encryption methods available to conventional computer architectures that sufficiently protect data from decryption by quantum computers and mitigate post-hoc decryption vulnerabilities, and guidance on their implementation. The existence of these algorithms in the marketplace, however, may create legal questions for organizations responsible for the stewardship of sensitive personal data. 

Cybersecurity law depends on encryption

The rise of quantum computing carries significant legal implications that are already affecting expectations for reasonable compliance efforts. Historically, when stratifying data based on risk, many legal schemes have accounted for encryption as a key factor. Adequately encrypted data is simply less risky.

The U.S. Federal Trade Commission, often responsible for enforcing consumer privacy law, generally enters and enforces consent decrees for data breaches based on a reasonableness standard for the employed security measures. In these cases, the FTC typically evaluates reasonableness based on the foreseeability of harm, the availability and cost of mitigation, and effective notice based on prior enforcement actions by the FTC.

Foreseeability

In matters related to encryption, the FTC's foreseeability analysis seems to rest largely on whether a company implemented encryption mechanisms at all, given the obvious risks of storing personal data in plaintext form. In the FTC's complaint against Guidance Software, for example, the company's alleged failure to use any available method to secure data at rest was dispositive. Certainly, companies should not advertise the security of their products while storing data in an unencrypted form or failing to use modern encryption techniques. Beyond this, the FTC has offered only a little guidance on which encryption standards are appropriate. 

Considering the panoply of warnings from official sources like the U.S. Government Accountability Office, NIST and the Cybersecurity and Infrastructure Security Agency as well as private actors, the FTC is likely to be persuaded that a post-hoc decryption attack was foreseeable. However, just because a threat is foreseeable does not mean it can be achievably guarded against by the average business.

Cost and availability

One factor apparent in FTC cases is the weight the agency places on the wide availability of encryption measures for at least two years prior to a breach, especially if they are inexpensive to implement. In its 2013 TRENDnet complaint, for example, the FTC highlighted the "existence of free software, publicly available since at least 2008, that would have enabled respondent to secure such stored credentials." 

Prior cases have also demonstrated that encryption alone may not be enough, if a company's practices make it easy to circumvent. In its settlement with GoDaddy, the agency alleged an unsecured programming interface allowed attackers to gain access to private encryption keys in addition to user credentials and other personal data. In that instance, failure to adequately protect private keys using commonly available and well-known methods permitted other attacks and was considered an unfair security practice.

For quantum-secure encryption, discussion of costs remains largely speculative. The National Institute of Standards and Technology has adopted updated Federal Information Processing Standards and recommended their implementation across government and critical infrastructures by 2035, noting that some entities may need to comply sooner. It is clear, then, that post-quantum encryption algorithms are available, but whether they are cost effective — let alone free and publicly available — remains to be seen. 

Foreseeability, cost and availability are all factors used by the FTC to evaluate the reasonableness of security measures; no doubt the same will be true for post-quantum security measures. Market research performed by the Ponemon Institute showed that 61% of surveyed organizations plan to include some form of post-quantum cryptography within the next five years. 

According to the same report, a major barrier for organizations in adopting quantum-safe measures was existing infrastructure. Only half of the survey's respondents claimed to have the right tech to support longer key lengths and heightened computing power required to implement PQC. As these measures become more accessible and available, organizations will face ever greater pressure to implement them. 

Legal implications beyond the FTC

Other enforcement agencies also rely on reasonable security measures, although references to specific encryption standards in enforcement actions are similarly uncommon across the board. For instance, one of the addressable obligations for covered entities under the Health Information Portability and Accountability Act is to have mechanisms in place for the encryption of electronic protected health information. This load-bearing element of the HIPAA security rule was tested by the Department of Health and Human Services in 2021 when it brought an enforcement action against the University of Texas M.D. Anderson Cancer Center. 

M.D. Anderson provided its employees with a mechanism to encrypt their mobile devices and email and utilized "various other mechanisms for file-level encryption" of its files. When a laptop and two USB thumb drives were stolen and apparently unencrypted, HHS argued this was a violation of the encryption rule, as the encryption procedure was not "implemented," notwithstanding the fact that it was provided to employees.

On review, the U.S. Court of Appeals for the Fifth Circuit held otherwise: Although the data on these devices was not encrypted, HIPAA merely requires a mechanism for encryption to be in place. A contrary ruling, the Fifth Circuit said, would indicate a "covered entity violated the Encryption Rule because the decrypted or unencrypted devices prove res ipsa it could've done more."

In other words, the M.D. Anderson case indicates that efficacy or usage of the encryption mechanism was of lesser significance so long as the deployed mechanism itself was reasonable. There is some indication that other courts might hold differently; for instance, placing more emphasis on the rule's requirement for implementation of measures to protect the integrity of PHI.

Companies may also face risk of litigation from consumers for failure to adequately encrypt information. State data breach notification laws often contain carveouts and exceptions when reasonable security practices are taken, such as Iowa's data breach law. Others, such as Indiana's data breach law, even specify encryption alone is sufficient to avoid triggering notification requirements. But if certain encryption mechanisms no longer prove effective, will these legislative presumptions hold?

The importance of encryption requirements was tested in the Northern District of California following a data breach at a company known as Sequoia Benefits and Insurance. There, the District Court entertained the argument that Sequoia "could have prevented the data breach by implementing adequate security measures, such as properly securing and encrypting Plaintiffs' PII that was no longer being used," among other measures, when allowing the case to survive a motion to dismiss. While a settlement was reached before the court could assign weight to this factor, the incident further illustrates the relevance of adequate encryption measures to protect sensitive personal data.

In light of FTC enforcement, investigation by other agencies and consumer data breach litigation, the growing threat of quantum computing only becomes one part of a complex assessment of legal risk. Government agencies and industry actors regularly warn against post-hoc decryption attacks, suggesting there is a strong likelihood that these attacks are occurring now. Moreover, NIST has identified a suite of algorithms that protect against quantum decryption. In this light, it is difficult to argue that the threat is not foreseeable. The costs of adoption remain a critical issue. However, for organizations with the resources to adopt PQC, there is an appreciable risk that failing to adopt quantum-safe security will result in regulatory intervention. 

A modicum of solace

These days, quantum computing is a popular topic of conversation, often raised with an element of fear. Given the effect it will have on conventional encryption, this fear is not unwarranted. The seismic impacts quantum computing will have on the tech environment cannot be disputed. 

However, Microsoft's developments in the Majorana project are not quite a death knell for privacy, cybersecurity and the internet as we know it. Google claimed to have achieved quantum supremacy in 2019, provoking a dubious response from its competitors. Microsoft's prediction that quantum computing will be solving problems in a matter of years may naturally produce some skepticism — fueled in part by the need for Microsoft to scale up the number of qubits on its Majorana Chip 1 by several orders of magnitude.

Indeed, estimates for the number of qubits required to form a cryptographically-relevant quantum computer vary from thousands to millions, depending on the type of qubit used. Microsoft's Majorana 1 chip boasts eight so-called topological qubits with the promise of eventually holding 1 million. Other recent breakthroughs have allowed for 98 connected physical qubits.

This seems unlikely to change much about the mechanisms that enforce legal encryption requirements. Although the FTC's historical encryption matters are focused on organizations with serious encryption failures, it does not mean the agency will refrain from taking action against entities with deficient encryption practices in the future — especially if harms are great enough. There is a plausible argument to show that quantum-safe encryption practices are now relevant given the present threat of post-hoc decryption attacks. 

Moreover, the FTC, NIST and other entities apply risk-informed standards. Smaller organizations and less sensitive data present fewer risks from a compliance perspective, making protection from quantum-enabled hackers less of an imperative. By that same token, however, sophisticated organizations and those handling sensitive information receive less leeway and would be well-advised to be proactive when assessing and addressing security risks from emerging technologies. 

As part of a holistic risk-based approach to privacy and cybersecurity risk, it is important for organizations to consider how the technologies of tomorrow create risk today. For those with highly sensitive data, especially those subject to the more onerous obligations of HIPAA, the Gramm–Leach–Bliley Act or even state laws, this should be a major factor. Given recent developments from NIST and the growing awareness of these types of threats among industry actors, the quantum clock is ticking. 

Ian Scanlon, CIPP/US, attends the University of Maine School of Law and is expected to graduate in the spring of 2026. He serves as a legal extern with the IAPP.

Cobun Zweifel-Keegan, CIPP/US, CIPM, is the managing director, Washington, D.C., for the IAPP.