Now that everyone else has had a turn, quantum hackers are coming for your data.
Well, not quite yet. But they’re working on it.
Quantum computers, which are still in development by players such as Google, IBM, and Microsoft, hold enormous promise to do good as well as harm. The U.S. and Chinese governments are pouring billions into them.
For a primer on this new breed, I turned to Martin Lee, technical lead of security research and EMEA lead at Cisco Talos, the networking giant’s threat intelligence and response group.
Traditional computers operate on binary digits, or bits, that are either one or zero. In a quantum machine, “the bits are one, zero, or everything in between, all at the same time,” Lee says. So it “has the possibility of being able to calculate and consider many different solutions to a problem all at the same time to find the correct answer.”
That’s ideal for calculating the shapes of proteins to discover new drugs, Lee notes, or the thermodynamics of an engine.
It’s also perfect for stealing data.
Because a quantum computer makes calculating the factors of prime numbers much easier, it could swiftly crack many existing encryption algorithms, Lee says.
How soon? Maybe next year, maybe in five years, or maybe never, Lee reckons. But it’s time to start considering the problem so it doesn’t become an emergency, he warns. “Certainly, CIOs and CTOs need to think about ‘How do we prepare for a post-quantum world?’”
In response, companies are already developing and deploying quantum security. One is QuSecure, a California startup whose clients include Cisco, Dell, and the U.S. military.
Hackers are harvesting data now for quantum decryption later, says cofounder, chief product officer, and CTO Rebecca Krauthamer. Prime targets include electronic health and financial records, as well as national security data, Krauthamer adds. “All those kinds of things, they have a shelf life, and that’s why for some sectors, it’s a very urgent problem.”
To ward off quantum attacks, you fight fire with fire, right? Actually, no.
QuSecure’s software sits atop a client’s existing encryption, explains Skip Sanzeri, cofounder, chair, and COO. Besides some optional quantum random number generation, it uses classical algorithms. “That’s why we can deploy now,” Sanzeri says. “We’re not dependent upon quantum computers to be able to add this cryptography.”
When it comes to quantum security, there’s a wide range of awareness and preparation among businesses, Lee says. In the U.S., the National Institute of Standards and Technology is deciding which encryption algorithms get its post-quantum seal of approval.
“We already know that some of the algorithms that we currently use in cryptography are going to be quantum-secure,” Lee says. “So there are organizations that are taking this very, very seriously and clearly showing the way.”
Then there are the others.
Some companies still use obsolete cryptography that even today’s computers can crack, Lee says. He sees a chance for businesses to take stock of whether their defenses meet current standards—and to switch out dodgy algorithms for quantum-secure ones.
Lee also offers a prediction about quantum: “It’s almost certainly going to be a nation-state that develops one of these computers first.” Don’t expect it to advertise the fact that it can crack current cryptography.
“So we need to be aware of what this means for the privacy of our data,” Lee says of that code-breaker in the wings. “And we need to take the steps now because no doubt it will be used when it becomes available.”
That’s a simple enough calculation.
Nick Rockel
[email protected]
IN OTHER NEWS
Name your price
Has the youngest working generation drawn a line in the sand? More than half of Gen Zers would turn down a job if the organization didn’t square with their social and political values, a survey of 1,000 Americans reveals. The catch: Gen Z’s top motivator for taking a job is salary and benefits, suggesting that employers could make them an offer they can’t refuse.
Details man
To hear Elon Musk tell it, he trusts his best employees to manage themselves. The billionaire recently pushed back against his micromanager image, saying he only wants attention to detail in pursuit of a perfect product. Musk also struck a conciliatory tone about taking charge when needed: “Once in a while, you have to say, ‘Guys, you have to trust me on this one.’” Doesn’t sound like the Elon we’ve all gotten to know on X.
Staying power
Trust checks out for the Hilton hotel chain, which tops Fortune’s new 100 Best Companies to Work For list, compiled by research partner Great Place to Work. “Without trust, you don’t have the shield to get you through difficult times,” said Hilton president and CEO Christopher J. Nassetta during a virtual conversation with several other execs whose companies made the list. “We communicate in the right way, we treat [employees] respectfully, people trust us, and ultimately, it builds in huge resiliency into the business.”
Private bill
For Americans sick of watching companies play fast and loose with their personal data, relief could be on the way. Washington just saw the unveiling of the American Privacy Rights Act (APRA), which bears more than a passing resemblance to Europe’s General Data Protection Regulation (GDPR), Fortune's David Meyer writes. Among its proposed rules, APRA would let people opt out of targeted advertising and gain access to their data to move it to another service provider.
TRUST EXERCISE
“Over the course of history, from the 20th century’s feminist movement to 21st-century movements such as Occupy Wall Street and Black Lives Matter, social movements have gained traction when allies joined the fight. In fact, allyship can be essential to the success of social movements.
Allies are people with a majority identity (across any social identity, like gender, race, culture, and socioeconomic status) who stand up for those with minority identities and seek to address discrimination. For example, allyship could be a man who advocates for the advancement of his female colleagues in the workplace, or it could be an American citizen who attends an immigrants’ rights protest. By virtue of their majority identity, allies often have greater access to political power, financial resources, and social capital than activists.
Despite the positive potential of allyship, allies are often not accepted by a social movement’s key actors. In fact, activists are frequently skeptical about allies who seek to join forces.”
Preeti Vani, a doctoral candidate at Stanford University, explored why activists are skeptical of allies and how those allies can improve their odds of gaining acceptance. Vani was part of a team of Stanford and Yale researchers who surveyed activists on their opinions of allies working in identity-oriented movements. Its key finding: The perfect ally is highly trustworthy but has little influence over the movement.
For allies, supporting a movement’s goals without overstepping their bounds is easier said than done. Among a group of feminist activists the researchers studied, 90% of their allies fell below ideal levels of trustworthiness and 33% wielded more influence than ideal. (I can’t be the only person who thinks there must also be some mansplaining involved.)
Vani wants to see allies align their impact with their good intentions. With no shortage of social movements to support, that’s a step worth taking.
