Quantum Computing Is Coming for Your Data
Quantum Computing Is Coming for Your Data
The news that disturbed my digital life came two years ago in a snail mail letter splashed with phrases like “malicious cyber intrusion” and “identity theft.” A relative’s company had been part of a massive hack, the note said, leaving my information exposed. Before the letter came, I was a cyber security neophyte: I didn’t use a VPN and encrypted websites were just for banking. I often shopped online, depositing my credit card number over coffee shop wifi.
Meredith Rutland Bauer is a freelance journalist focusing on science, the environment, and technology.
Sign up to get Backchannel's weekly newsletter.
Since then, I’ve gotten better. My Android is packed with WhatsApp and Signal—which use end-to-end encryption—and my finance apps encrypt my data with both hardware and software. With things outside of my control, like my now-compromised social security number, I reassure myself that big organizations use encryption to house sensitive data, so my social must be unreadable to hackers.
But it turns out that all this encryption might not matter. Internet users like me have long relied on encryption for security and peace of mind, but cryptography experts are becoming aware of its faults—namely, that encryption can only protect against the devices we have now, and better, smarter contraptions are on the horizon. Quantum computers, which are fundamentally different from traditional computers because they leverage quantum mechanics to do calculations, could lightly decrypt the advanced encryption we use widely. So even if encrypted data is safe from today’s hackers, it’s potentially vulnerable to hackers of the future.
Experts are worried that cybercriminals might exploit this vulnerability with a scheme called harvest and decrypt. It’s a long-game attack where hackers scrape encrypted data and hold it, sometimes for decades, while they wait for quantum computers to become widespread enough for them to buy one. As soon as they have access to the device, they’ll use it to decrypt the stored data, which could contain anything from social security numbers to health information to a slew of nuclear missile codes.
More From This Edition
Google Glass Two.0 Is a Startling 2nd Act
How a Corporate Ethnographer Became a Lifestyle Guru
What Indeed Happens Inwards a PR Crisis War Room
Silicon Valley’s Very first Founder Was Its Worst
And sure, nuclear missile codes will likely have switched over time—but according to John Schanck, a Ph.D student at the University of Waterloo’s Institute for Quantum Computing, slew of information still needs to be secure. He imagines a 20-year-old’s health data getting leaked — a childhood illness or a teenage abortion all of a sudden becomes a target for blackmail. Social security numbers are sensitive for a person’s entire lifetime. Names of CIA spies need to be kept secret, along with lots of classified military information.
Schanck even suspects that the NSA is using the mechanism. When Edward Snowden leaked secret information in 2013, it came to light that the NSA’s protocols permitted for storing encrypted communication because “they can’t judge at the time of interception if it’s going to be useful for law enforcement,” Schanck says.
Quantum computers have been on cryptographers’ radars as a security threat for years. In theory, they can already shred through public key cryptography, a system that exchanges passwords inbetween a sender and receiver to decrypt. RSA and elliptic curve cryptography—algorithms that are widely used for all types of data encryption online, including making that “s” in “https” possible—have been cracked in tests using Shor’s algorithm. That algorithm is run on a quantum computer, says Mike Brown, CTO of ISARA, a Canada-based post-quantum cryptography company.
Fortunately, the quantum computers available today sell for millions of dollars, keeping them mostly in the palms of large companies, research labs, and government offices. You can’t exactly buy a quantum computer at Best Buy. The only way to even get access to one, outside of a major tech company or research lab, is to buy time on IBM’s quantum computing cloud-based services or buy a quantum annealer from D-Wave to the tune of about $15 million.
But that doesn’t mean quantum computers won’t ever be a household item. “It is possible it takes another twenty or thirty years from today for someone to have a quantum computer and be able to decrypt messages in real time,” Schanck says. And getting your arms on encrypted data isn’t almost as hard. Anyone with a wifi connection and some technical skill about the process can do it, as long as they’re able to be proximate to their target. It’s not just nation states who could get their mitts on encrypted data: Someone could copy your data over the Starbucks wifi network.
Quantum computers will open a entire fresh world of scientific advancement. But the “dark side” of that device is quantum computers’ capability to take an unlikely problem and make it “trivial,” Brown says. Defending against quantum computers will require technics that don’t exist yet. Securing data will require protection against quantum algorithms, or a system of public and private keys that erase themselves over time. This means that hackers would scrape data that would become worthless in the future—because the keys necessary to access that information would have already self-destructed.
Still, some experts believe that multi-decade encryption is overkill. While information is being stored, waiting to be decrypted, the information contained within it will become obsolete. “There are actually very few long-term secrets in our society,” says computer security accomplished and cryptographer Bruce Schneier. “We don’t have 30-year secrets. There are no military secrets from the 1970s that are secret today.” Others suggest that quantum computers are a far-off wish. No one is sure when they will become common fixtures in homes and businesses, let alone devices for blackhat hackers—so why funk? Especially considering the patience required for a perpetrator to pull off a decades-long con.
Maybe that’s comforting to some. While my social security number is very likely being bought and sold somewhere on the dark web, I’m crossing my fingers that my encrypted hospital records and ID cards aren’t also being scraped.
I don’t know want to find out how my data could be leveraged against me in the age of the quantum internet—but something tells me that the culprits will have their eyes on a self-driving spacecraft, rather than a fancy car. For all I know, those hackers are most likely infants right now, swiping mashed peas on their very first iPhones.
Backchannel is a digital magazine that produces readers the most exposing technology stories in a single weekly dispatch: no fluff. Learn more here .