Encryptogeddon Is Coming For Us All

By
Security Features
December 1, 2024
-
Min Read
DataStealth PCI TDP Solution to comply with PCI DSS v4.0 requirement including 6.4.3 and 11.6.1

In recent years, digital encryption has been subject to what anthropologists sometimes call “social silence”. It may be a fundamental part of our lives (we depend on it whenever we bank online, send confidential messages or use telehealth) but most of us don’t have any idea how it actually works. Encryption is taken for granted and widely ignored, hence the silence.

But last week, during a debate at the World Economic Forum with experts in quantum computing, I realized that we need to urgently listen to what the scientists are saying on this topic. The technology, based on harnessing the curious properties of quantum states, promises computers capable of solving vastly complex problems much faster than traditional machines.

Quantum computing is still nascent to be sure. But one message from the WEF discussion was crystal clear: when quantum computing takes off, it will be able to break current encryption systems.

Yes, you read that right. Our bank accounts, emails and other transactions will be vulnerable to hackers. So will digital assets, such as bitcoin, since most blockchains rely on similar encryption techniques. “Unfortunately, quantum computing breaks the RSA and ECC standards [widely used for secure data transmission] that are in use today for blockchain,” says Jack Hidary, a neuroscientist turned quantum computing entrepreneur. Geeks in control of this technology, in other words, may be able to get the keys to our bank vaults.

Should we panic? Not exactly. It could take a decade before workable, large-scale quantum computers exist, Jeremy O’Brien, a former physics professor turned entrepreneur, told me. That means we have time to prepare. Hidary says, for example, that some 40 governments have been meeting to create new quantum-proof technology agreements and will unveil a plan to enable us to upgrade our systems in the future and create new defences. “RSA has had a good run for 40 years but now we need to transition to the post-RSA world,” he says. “We have to move now urgently.”

The fact that there may be years to prepare for the advent of quantum computing leaves regulators such as Freeke Heijman, a Dutch policymaker, time to learn lessons from the past about what not to do. For example, Heijman laments the fact that technologies such as artificial intelligence were unleashed before there was a wider debate about how to use them in an ethical way. But, she believes, quantum computing is at such an embryonic stage that “we have a shot at doing it better. It is important to discuss with the public what the technology can do but it is also important to think about ethics.”

And if there is sufficient public debate early enough, Heijman is convinced that we will be able to enjoy the benefits of this amazing computing power, while also collectively upgrading our systems to reduce the threat to encryption in a post-RSA world. “We have done [tech upgrades] before and can do it again,” she says.

I would love to believe that Heijman is correct. But it is easy to imagine why this optimistic scenario might not play out. Even if liberal governments, such as the Dutch, want to take a “people-centred” approach to develop quantum computing, there’s no guarantee other nations will do the same. The Chinese, for example, already leads the world in a closely related technology called quantum communication, and nobody knows what they plan next or whether they would agree to ethical standards with the west.

Even like-minded governments may struggle to take a joined-up approach since so much innovation is now being driven by the private sector rather than the public sector groups that drove previous tech breakthroughs, including the world wide web. And that raises the key issue of access. Right now, only specialists have any idea what quantum computing is or could become. That means when the technology comes to fruition, there could be an enormous power concentrated in the hands of a few geeks, or specific companies or nation-states.

This is not at all unusual with scientific innovations, but we have seen the dangers of it play out in Silicon Valley, prompting Alex Karp, head of Palantir, to lament in 2020 that society had effectively “outsourced” big ethical decisions about AI to a tiny coterie of technocrats who neither wanted nor deserved that power.

This is why it’s important to recognize social silence. The world needs not only new encryption systems for a post-RSA world but also cultural translators who can communicate what is looming next. In that sense, more alarm about encryption might not be a bad thing. Fear is an effective way of persuading the public to pay attention to what is happening in the silence.

The article "Encryptogeddon Is Coming For Us All" was written by Gillian Tett

Related articles