Quantum Computing_A Security Threat, a Privacy Solution and a Privacy Right_Newest_Update.pdf

ABOUT THE PRESENTERS
Ryan Amos, PhD
CIPT, BA & PhD,
Computer Science
(Dartmouth College;
Princeton University)
Lead Software Engineer
Panorama
Education, Inc.
Boston, MA
& Highland Park, NJ
Dr. Ryan Amos earned his PhD in
Computer Science from Princeton
University after completing his Bachelor
of Arts in Computer Science at
Dartmouth College. While at Princeton,
he worked with an elite group of
engineers to publish a paper on
quantum one-shot signatures which was
accepted to the Symposium on the
Theory of Computing.
His career has focused on data security
and analytics, and more recently,
privacy engineering at an education
technology company, Panorama
Education, Inc..
At Panorama Education, Inc., he balances data
protection for students and families with
educational innovation based on the
organization’s mission to improve education
for every student.
Ryan’s experience spans security, data
analytics and governance, privacy, technology,
and innovation. He worked with Lisa during
her time at Panorama on enhancing the
privacy program, obtaining SOC2 certification
and on initiatives to implement AI-based
features where he advocated technical
protections for the privacy rights of students.
Lisa Nee. Esq.
FIP, CIPT, CIPM,
CIPP/E, CIPP/U,
ISC2 Cybersecurity
Director, Legal
Fingerpaint
Group
Saratoga Springs, NY
& Sarasota, FL
Lisa Nee is the Director of the Legal
Department and serves as the general
counsel and Data Protection Officer for
The Fingerpaint Group, an award-winning,
global, healthcare industry client focused,
full-service advertising, branding and
marketing services group of five entities
specializing in the pharma, wellness and
health product’s lifecycle and awareness
journey. She leads the Legal Department
with a focus on balancing compliance and
enabling business growth based on
Fingerpaint’s Venture BeyondTM
philosophy to support healthcare clients
and inform
patients of treatments and access to them.
Lisa’s 20+ year career has focused around
her passion for the computer sciences and
data analytics. She published on Privacy
Engineering with the Institute of Electrical and
Electronics Engineers (IEEE), the world’s largest
technical, professional organization advancing
technology for the benefit of humanity. Lisa has
worked at companies like Google, Genentech,
Optiv, Oracle, Accenture, ResMed and
Panorama. Her experience at Boston University’s
AdLabs, the challenges facing marketing
technology and her life-long support of oncology
research since losing a friend to Leukemia during
high schooldrew her to the FingerpaintGroup.
2024. Lisa Nee, Ryan Amos. All Rights Reserved.
©

PROGRAM OUTLINE
10:00 – 10:15
PRIVACY
Background of Privacy
that is relevant to Quantum Computing
10:15 – 10:30
10:30 – 10:45
10:45 – 11:00
SECURITY
Background of Security
that is relevant to Quantum Computing
QUANTUM COMPUTING
An Introduction to Quantum Computing, uses
today and roadblocks being overcome
STRATEGIC QUANTUM
Discussion of oncoming addressing quantum as a
threat to security and a privacy solution for
individuals and organizations.
Quantum’s Threat to Security
Quantum Solutions for Privacy
Quantum Computing 101
Quantum & Artificial Intelligence
Encryption 101
Encryption & Incident Response
Encryption’s Evolution
The Story of Surveillance and Adequacy
Comparing the Data Sharing (EU-US)
Technical, Supplementary Measures
Next Steps
Quantum Today
©

The Story of Surveillance
and Adequacy
Comparing the Data Sharing
(EU-US)
Supplemental Measures
& Encryption
PRIVACY
PRIMER
©

“Fab Five”
Katherine Gunn
Translator
United Kingdom
Government
Communications
Headquarters
Chris Connelly
Director
Galexia Consulting
Zack Whittaker
Security Editor
ZDNet
Edward Snowden
Former
Intelligence
Contractor
National Security
Agency
Max Schrems
Semester Abroad
Privacy Law Student
Founder of Activist
Group , None of Your
Business (NOYB)
2003 2008 2011 2013 2013
©

The Story of Surveillance & Adequacy
1984:
UK Data Protection Act
1995:
EU Data Protection Directive
1998:
UK new Data Protection Act
1980s -1990s
“Safe Harbor Scheme” US companies register
for a certification to meet EU requirements
(“Safe Harbor Decision”
European Commission allows transfer of data
from EU to US
2000
Enacts PIPEDA
British Columbia Privacy
Commissioner examines the
Patriot Act & US cloud
vendors
Canadian Imperial Bank of
Commerce Visa holders
complain
2004 - 2005
Early 2003
Jan. 31 to Feb.
Katherine Gunn prints out and shares email
requesting UK bugged UN offices of six (6)
nations deciding on approving invasion of Iraq
March 2
Observer publishes email she sourced and she
confesses to GCHQ line manager; she is arrested
for treason
Late 2003
Sept. 11:Terrorist attack at World Trade Towers
Oct. 26: US Patriot Act enables US government to
obtain stored data from ANY Company withOUT a
court order
Animated
©

April - June:
Zack Whittaker reports on Google and its contracts with UK Universities, and
Microsoft UK’s and notices as part of its launch of O365
Oct:
Dutch Minister of Safety and Justice bans US cloud providers
BUT the EU struggles about ban due to concerns about its impact on commerce
2011
July 2008:
US Foreign Intelligence Surveillance Act updated to allow
warrantless surveillance
Feb. 2010
European Commission enacts Standard Contractual Clauses v.1
2008 - 2010
Dec. 2008:
Chris Connelly reports U.S. Safe Harbor issues
Edward Snowden reveals surveillance
including Project Tempora where UK’s GCHQ
gathers and shares intel via fiber optics with US
German Member of European Parliament calls
for infringement proceedings against the UK
for violating Article 16 of the Treaties of the EU
June 2013
Animated
©

• UK holds referendum with 52% of
voters vote to leave the EU (“Brexit”)
• UK Prime Minster and rep to EU
announce intent to resign
June 2016
CJEU
invalidates
US-EU Safe Harbor
Oct. 6, 2015 July 2016
• European Commission deems
EU-US Privacy Shield as
NOT adequate
• European Data Protection Bureau
adopts recommendations on
supplementary measures
• Austrian attorney, Max Schrems, attends Santa Clara School of
Law to complete his Viennese PhD in law including a class with
invited guest speaker, then Facebook privacy lawyer Ed Palmieri
• Begins work on a term paper and correspondingly files 23
claims against Facebook with the Irish Data Protection Authority
• Court of Justice for the European Union (“CJEU”) takes up
claim 23
June 2013
Animated
©

IAPP
2024 PSR
US President Biden
issues an Executive
Order calling for
stronger safeguards
for signals
intelligence
Oct. 2022
European Commission begins to draft
an adequacy decision about the
Trans-Atlantic Data Privacy Framework
(“DPF”) which kicks-off the formal
adoption process in the EU
Dec. 2022
• European Data Protection Bureau issues an
opinion welcoming EU-US DPF improvements
BUT calling on the European Commission
to address several areas
• European Parliament adopts a resolution
stating that the EU-US DPF “is an improvement
“BUT NOT ENOUGH TO JUSTIFY
AN ADEQUECY DECISION”
Feb. 2023
July 10, 2023
• European Commission announces adopting adequacy of
EU-US Data Privacy Framework and introduces:
(1) access limits on US surveillance agencies; and
(2) redress mechanisms
• Max Schrem’s None Of Your Business organization (NOYB)
provides feedback challenging the EU-US DPF
July 11, 2023
• European Commissioner
for Justice, Didier Reynders,
responds with a sort of
“let’s wait-and-see-before-
going-to court” perspective
• EU-US Privacy Framework
enters into full force
Animated
©

Comparing the Data Sharing
EU-US
Safe Harbor
EU-US
Privacy Shield
EU-US / Trans-Atlantic
Data Privacy Framework
US STATE LAWS
REGISTRATION Dept. of Commerce Dept. of Commerce Dept. of Commerce None (yet)
CERTIFICATION At Certification Annually Annually None (yet)
MONITORING None; only privately Yes Yes None; only privately
ENFORCEMENT
Federal Trade
Commission
Federal Trade
Commission
Federal Trade
Commission
State Agency or
State Attorney General
THIRD PARTIES Yes Yes Yes Depends on State
THIRD PARTY
SUBPROCESSORS
No Yes Yes Depends on State
DATA PROTECTION
ADDENDUM
No Yes Yes Depends on State
LIABLE FOR THIRD
PARTIES
No
Yes, unless proven no
responsibility
Yes, unless proven no
responsibility
Depends on State
REDRESS FOR EU DATA
SUBJECT
No Omnibus Person EU Data Protection Review Court Depends on State
LIMITS SURVEILLANCE No No Somewhat limits No
PROHIBITS [UNKNOWN]
FEDERAL DATA SEIZURE
No No (only after the fact) No (only after the fact) No
Animated
©

ntary Measures
Supplementary Measures
July 2016
• European Commission deems
EU-US Privacy Shield as
NOT adequate
• European Data Protection Bureau
adopts recommendations on
supplementary measures
The full text of the Recommendations is available
here: https://edpb.europa.eu/our-work-tools/ourdocuments/
recommendations/recommendations-012020-measures-
supplement-transfer_en
1. Storage of data with no clear text
2. Transfer of pseudonymized data
3. Encryption against eavesdropping
4. “Protected Recipient”
5. Split or multi-party computation
…the keys are reliably managed
…by the exporter
or by an entity trusted
of the exporter
Examples from the EDPB
Animated
©

https://privacyprovided.eu/ed-snowden-and-max-schrems-
discuss-data-protection-and-privacy-shield
36:10, with emphasis at 42:03
Link to Watch Video is Below:
You shouldn’t have to expose
yourself not only to a company in
their interactions with governments
which comes looking for them,
which they might face court orders
for, but even bad employees.
Can a company hold information
for you on your behalf without the
ability to read it themselves? In most
cases today, yes.
Now a lot of companies are moving
in that direction and that’s a
positive step forward.
Edward Snowden
Supplementary Measures, Insider Threats
Animated
©

ENCRYPTION
A Privacy Supplementary Measure
Max
Schrems
One thing that
was always
debated was to
hold debate about
encryption.
©

Encryption 101
Encryption’s Evolution
Encryption in the News
SECURITY
SECONDMENT
©

Encoding
Plaintext
Transmitting
Ciphertext
Decryption
with a Key
ENCRYPTION 101
Agreed Upon
Cryptographic Key
The sender and recipient
agree on a
cryptographic key
(a set of mathematical values)
Encoding Plaintext
Into Ciphertext
The sender
uses the key
and an algorithm
to encode plaintext
into ciphertext
Ciphertext
Transmitted
The ciphertext
is transmitted
to the recipient
Key to Decrypt
Ciphertext to
Plaintext
The recipient
uses a key to
decode the ciphertext
back into plaintext
Cryptographic
Key
HOW IT WORKS
Involves using a
cryptographic
algorithm and a “key”
to convert readable
data, called plaintext,
into text that is
incomprehensible,
called ciphertext.
©

Encryption technologies
have to be adjusted to meet
evolving technologies
Malicious actors are storing encrypted
data in anticipation of emerging
technology that is developing quickly
Deprecated Encryption Standards
New, more sophisticated attacks require
constant vigilance and occasional changes in
preferred algorithms
Key Size Standards
Faster computers have required changes to
key size
QUANTUM COMPUTING
Store Now, Decrypt Later
(“SNDL”)
© 2024. Lisa Nee, Ryan Amos. All Rights Reserved.

SYMMETRIC
ENCRYPTION
SAME KEY for encryption and
decryption.
Sender and Recipient of an
encrypted message need to
share a copy of a secret key
via a secure channel before
starting to send encrypted
data.
Because it uses the same
key, symmetric encryption
can be more COST
EFFECTIVE for the security
it provides
Encryption Deprecation
Example
Data Encryption Standard
1976 - IBM develops DES (data encryption standard, to protect
sensitive, unclassified electronic government data
DES USES A LOW ENCRYPTION KEY LENGTH, WHICH MADE BRUTE-
FORCING EASY AGAINST IT..
Triple Data Encryption Standard
1998 - 3DES (Triple DES), is developed to overcome the drawbacks of
the DES algorithm
The National Institute of Standards and Technology (NIST)
BEGAN DEVELOPING THE ADVANCEDENCRYPTION STANDARD (AES ) to
make government data more resistant to brute force attacks of DES
Rijdael Cipher,
Advanced Data Encryption Standard
1999 - Belgian cryptographers, Prof. Joan Daemen and Vincent Rijmen
develop the Rijdael Cipher, a family of ciphers with different key and
block sizes
2001 - Three members of the Rijdael Cipher are selected during the AES
selection process managed by NIST to REPLACE DES.

Deprecated Encryption Standards
MD5 is a cryptographic
hash function that creates
a unique identifier
("digital fingerprint“),
for a file by passing it through
a mathematical algorithm
SHA-1 is a hash function which
takes an input and
produces a 160-bit hash value
(“message digest”)
rendered as
40 hexadecimal
digits
DES converts 64-bata into
ciphertext by dividing the
block into two separate
32-bit blocks and applying
the encryption process
to each
RC4 is a stream cipher with
no fixed key size that
generates a pseudo-random
keystream, compares two
input Bits to generate one
output Bit with the plaintext
to deliver a ciphertext
DES MD5
RC4 SHA-1
A “stream cipher” is a type of encryption algorithm that encrypts data one bit or byte at a time, making it faster and simpler than block ciphers
(block cipher are a cryptographic algorithm that encrypts data in fixed-size blocks using a cryptographic key).
*
*

RSA Key Size Recommendations
1990s
768 Bits
1974
512 Bit
Today
2,048 Bits
BRUTE FORCE
ATTACKS
& KEY LENGTH
Brute-force attacks of a
particular key requires
running through every
combination to identify
whether it can be
determined what the
original key might have
been. The longer the key,
then the longer amount
of time to perform the
brute force
Animated

“Broken” Encryption Has Not Gone Unnoticed
ENCRYPTION IN THE NEWS
2013 - 2014
2017
Yahoo Data Breach
• 3 billion (!) accounts
had their hashed passwords
breached
• Some passwords were
hashed with MD5, which
made them easy to crack
SHA1 Collision
• Researchers at CWI and Google
created the first known SHA1 collision
• At the time SHA1 was still in
widespread use
©

ENCRYPTION IN THE NEWS
AUGUST 2024
• NIST has released standards covering PQC for the first time
• These standards will help build interoperability and push towards
quantum-adversary secure cryptography as soon as possible
2025 The Year of Quantum Computing
JUNE 2024
• The United Nation declared
2025 the International Year of
Quantum Science and Technology
(IYQ)
Animated
©

MATH
Why many chose law & policy…
BEFORE WE GO ANY FURTHER…
Let’s talk about why we are grateful to have Ryan Amos, PhD with us today
Animated
©

Quantum Computing
& Artificial Intelligence
QUANTUM
COMPUTING
©

Bloch Sphere
• Computing that uses the principles of
quantum mechanics
• Unlike traditional computers, which use
bits that are either 0 or 1, quantum
computers use qubits
• A qubit can be both 0 and 1
at the same time due to a property
called superposition
As a result…
quantum computing processing
simultaneously means SPEED
(compared to traditional computers)
Animated
©

• Unlike traditional computers, particles
exist in a state of entanglement
where particles remain identical
regardless of distance, and are not
individual;,
• Particles exist in fragile state so any
interference results in decoherence,
the loss of quantum properties
As a result…
Animated
quantum based communications
can DETECT surveillance attempts
©

…until quantum decoherence is resolved so that and the photon-ized
electron maintains its quantum properties, quantum computing at scale
remains mostly theoretical (but we’re getting closer….)
COHERENT
QUANTUM
DECOHERENT
QUANTUM
CLASSICAL
COMPUTING
The process by which a complex
object's quantum properties
rapidly disappear when it
interacts with its environment
This interaction causes the
object to lose quantum
“coherence,” which is the ability
of a quantum system to maintain
its quantum states
QUANTUM DECOHERENCE
Animated
As a result…
©

Quantum sensing and computing elements need
to communicate with each other over distances
ranging from 10 micrometers—about the size of a
human hair—to hundreds of kilometers, all while
maintaining quantum coherence
Challenges for Quantum Computing to be Available At-Scale
China has set records on
the longest distance of
successful quantum
communication at 4,600
km (2,858 miles) using
across the
Beijing-Shanghai
Trunk Line using the
Micius satellite
DISTANCE
T
EMPERATUR
E
Quantum network models
are more stable at low
temperatures, which limits
their real-world
applications of quantum.
However, a study achieved
a stable connection at
room temperature, which
puts it within reach of real-
world use
For quantum computers to be more widely
accessible, the equipment themselves need designs
that are practical, using room temperature
superconductors
SOURCES:
https:// https://computing.mit.edu/news/a-new-way-for-quantum-computing-
systems-to-keep-their-cool/; see also https://scitechdaily.com/finally-revealed-
the-surprising-cause-of-qubit-decay-in-quantum-computers
See Slide 39 for additional advances by China as it relates to the
“distance problem”
*
*
Animated
©

DETECT
SOURCE
https://journals.aps.org/prresearch/pdf/10.1103/PhysRevResearch.6.L032004
AI neural network
syndrome decoders can
detect and correct errors
in quantum processors
to address issues related
to decoherence
AI can process complex
qubit noise from
quantum device and
suggest corrections
as-needed
AI could enable full
fault-tolerance in
quantum computers as
physical error rates
decrease in the coming
years
CORRECT ENABLE
Artificial Intelligence For Error Correction
©

SOURCE
https://www.quantonation.com/2024/07/09/the-ai-boom-is-good-for-quantum-
tech/?
utm_source=substack&utm_medium=email
The demand for AI increases the
amount of computing power needed
to manage training models
➢ AI needs 1,000 times more
computing power than
traditional computing offers
➢ The average cost over the last
four (4) years has increased by
approximately 100x per year
The AI boom is expected to drive
investments in quantum technologies
Quantum computing can address
this need for increased computing
power, especially with its ability to
generate new algorithms and its
problem-solving approaches
Quantum to Address Artificial Intelligence Training Model Needs
©

Quantum & Security
Quantum & Privacy
Next Steps
QUANTUM
READINESS
Quantum Today
©

Quantum & Security
MATH, Algorithms Are the Rules or Instructions for the Encryption Process.
With the right
key length
With enough
randomness,
It would take
atleast
1,000 years
for a classical
computer
or human
to decrypt
AES, a symmetric
encryption, leverages
mathematical
operations, particularly:
• substitution,
• permutation, and
• modular arithmetic,
In order to transform
plaintext into ciphertext
AES
RSA, an asymmetric
encryption, leverages
“prime factorization"
where two huge,
random prime
numbers are multiplied
to create another giant
number. In order to
decrypt, an actor must
determine the original
prime numbers
RSA
ECC, an asymmetric
encryption, does not
use integers for its
calculations; instead, it
uses points on an
elliptic curve which
makes it more difficult
to identify the original
numbers and more
challenge at equivalent
key lengths as RSA
ECC
That is, until….
Animated
©

Quantum & Security
Lattice-Based
Cryptography
Neils Bohr
theorized on the
stability of atoms
and identified that
electrons cannot
lose more energy
than it has in the
smallest orbit; the
one with:
n = 1
Cynthia Dwork
showed that a
certain average-
case lattice problem
(short integer
solutions) is the
hardest to solve
Miklos Ajtai
introduces
lattice-based
cryptographic
construction where
security is based on
hardness of well-
studied lattice
problems
Bohr’s
Model
Lattice
Cryptography &
Shortest Vector
Problem
Numbers
on the
X, Y Vector
MATH, Addressing “Superposition” By Making Encryption “Harder”
Animated
©

Quantum & Security (and Privacy)
4 TYPES GENERALLY
Law exempts if subject to different
Breach notification law applies (avoid
double jeopardy)
Laws that exempts encrypted data
from Breach notification
Laws that requires notification for
Breach of encrypted data only if key
is known to have been stolen
Laws that requires notification for
Breach encrypted data only if key is
suspected to have been stolen
Laws that exempts data that is
redacted from Breach notification
US State Breach Notification Laws & Encrypted Data
(See Handout 1 for More Details)
©

DEFINITIONS
UPDATE
RETROACTIVE
REQUIREMENTS
NEW LAWS
AND SPECIALTIES
• “Encrypted” aligned to
science
• “Breach” to include old
encryption
• “Reasonable security”
• Others (“Risk of Harm,”
“Good Faith Exceptions,” etc.)
• For victims of an
encrypted data Breach
o Notice
o Credit Monitoring
• Lawsuits by victims
• New laws focused on
encrypted data
• New commissions and
agencies focused on
encryption/risk
• Impact on cyber insurance
(claims made, occurrence)
• Federal law preemption
Quantum & Security (and Privacy)
Some Potential Changes to State Breach Notification Laws & Encrypted Data
BUT, don’t forget the recent “death” of Chevron Deference that now limits agencies, available at:
https://www.supremecourt.gov/opinions/23pdf/22-451_7m58.pdf
*
*
©

Quantum & Privacy
Quantum Communications
Quantum communications uses the principle
that particles of light can transmit
data along optical cables in a fragile state
This means that the particles collapse if
interfered with by someone trying to
manipulate or steal data
The problem remains that over a long
distance this data can decay, break down
and leak, leading to data corruption at the
end of the line
©

Quantum & Privacy
Data Privacy’s Superpower: Surveillance Awareness
1 0
–
0 1 1 0 0
1 0 1 0
1 1 0
1
0 1
0
– –
Ann’s
Bit Sequence
Ann’s
Filter Sequence
Max’s
Bit Sequence
Max’s
Filter Sequence
Retained
Bit Sequence
Ann’s
Bit Sequence
Ann’s
Filter Sequence
Max’s
Bit Sequence
Max’s
Filter Sequence
Retained
Bit Sequence
1 0 1
0 1 1 0
1 0
1 0 1 1 0
AFTER MAX RECEIVES ALL PHOTONS
Max tells Ann sequence filters he used on photons
(but not bit value of photons)
Ann tells Max which filters were correct
which are the bits they will use to form a key
Unlike tradition encryption, if an eavesdropper tries to intercept
the message using the same tools as the recipient, the intended
recipient has the advantage to confirm with the sender which
polarizer type was used for each proton as describe above while the
intruder does not. Also, any observation of the flow of photons would
then change the photon positions the sender and receive expect to see.
4
When a sender initiates a message, photons travel through a
polarizer which is a filter that enables certain photons to pass
through it with the same vibrations and lets others pass through
in a changed state of vibration. The polarized states could be horizontal
(0 bit), vertical (1 bit), 45 degrees left (0 bit) or 45 degrees right (1 bit). The
transmission has one of two polarizations representing a single bit (0 or
1), in either scheme the sender uses.
1
The intended recipient then confirms if the correct polarizer
photons read with the wrong splitter are then discarded and the
remaining sequence is considered the key.
3
Photons then travel across optical fiber from the polarizer to the
intended recipient. This process uses a beam splitter that reads
the polarization of each photon and when receiving the photon
key, but the intended recipient will not know the correct polarization of
the photons. Instead, one polarization is chosen at random, and the
sender compares what the receiver used to polarize the key and let’s
the intended recipient know which polarizer was used to send each
photon.
2
If Edward tries to eavesdrop,
LASER
Photon
Not Yet
Polarized
Until
Ann’s
Laser
1
4
Polarization
Filter
Detection
Filter
3
2
Animated
©
Max’s DetectionFilter
his mere attempts
to detect the
orientation of
a single photon
then causes
decoherence and decays
the messaging and…
THIS “notifies” Anne and Max

Quantum Today
Canada has issued export controls on quantum
computing and advance semiconductors
SOURCE
• https://www.worldecr.com/news/canada-new-export-controls-on-quantum-
computing-and-advanced-semiconductors/
• https://www.mining-technology.com/news/canada-first-quantum-to-invest-3-5bn-in-
taca-taca-project-in-argentina/
Canada has invested 3.5B in “Project Taca Tacca”
copper mines in Argentina, a natural resource
for quantum hardware
EXPORT CONTROLS
RESOURCE INVESTMENTS
Europe, South America
©

Quantum Today
SOURCES
• https://www.whitehouse.gov/wp-content/uploads/2024/07/REF_PQC-Report_FINAL_Send.pdf
• https:// https://www.nist.gov/news-events/news/2024/08/nist-releases-first-3-finalized-post-quantum-encryption-standards;
• https://www.bis.gov/press-release/department-commerce-implements-controls-quantum-computing-and-other-
advanced#:~:text=In%20today's%20IFR%2C%20BIS%20is,and%20maintenance%20of%20quantum%20computers.
• https://www.bis.gov/press-release/department-commerce-implements-controls
-quantum-computing-and-other-advanced
July 1, 2024
White House issues the
“Report on Post-Quantum
Cryptography“ outlines
government-wide cost of
$7.1BN for transitioning to
Post-Quantum Cryptography
Aug. 13, 2024
NIST releases
• Three (3) finalized
Post-Quantum Encryption
Standards
• Three (3) New FIPS
Sept. 5, 2024
U.S. Department of Energy
announces $65M in
funding in quantum
computing for ten (10)
projects, comprising a total
of thirty-eight (38) separate
awards
Sept. 6, 2024
U.S. Department of
Commerce's Bureau of
Industry and Security (“BIS”)
publishes an interim
final rule (“IFR”) restricting
export of quantum related
technologies (mostly chips)
CA CO IL
NJ
MA
US States with Highest Number of
Quantum Companies
United States
(See Handout 2 for More Details)
©

Quantum Today
Europe
Researchers at the University of York (U.K.)
are attempting to use fiber optic cable
(Rockabill) that runs under the Irish Sea to
overcome long-standing data leakage issues
(e.g., the unintentional exposure of sensitive
information to unauthorized parties) with
the help of sensitive detectors
at cable endpoint
SOURCES
• https://www.techmonitor.ai/hardware/quantum/first-quantum-communications-link-tested-between-uk-and-ireland
• https://www.thalesgroup.com/en/worldwide/space/press_release/eu-launches-nostradamus-and-prepares-europe-quantum-world
Nostradamus, a Deutsche Telekom led
consortium, Is building the EU's quantum
communications testing infrastructure
to secure data centers, networks
and critical infrastructure
Members of the
Quantum Internet Alliance
©

Quantum & Privacy
2017 2020 2021 2022
June
June 2017 almost a
year after launching
Micius (Aug. 2016), the
world’s first quantum
satellite, China
successfully
distributed a pair of
entangled photons to
two ground stations.
January
The Micius satellite
successfully
distributes a pair of
entangled photons
to two ground
stations.
January
China builds the
world’s first integrated
space-to-ground
quantum communications
network of 4,600 km
(2,858 miles) using Micius
and thirty-two (32) nodes
across the Beijing-
Shanghai Trunk Line.
July
China launches its
second quantum
satellite, Jinan 1
which is only one-
sixth of Micius’s
weight but can
generate quantum
keys at speeds two
or three times faster.
Asia Pacific
Russian and Chinese
scientific teams established
a secure quantum link of
3,800 km and managed to
transmit two images using
quantum keys showcasing a
secure network for Chinese
& Russian allies.
December 2023
SOURCES
• https://www.scientificamerican.com/article/china-reaches-new-milestone-in-space-based-quantumcommunications/#:~:text=In%202017%20the%20team%2C%20al
ong,was%20not%20bulletproof%20against%20hacking.
• https://theconversation.com/chinas-quantum-satellite-enables-first-totally-secure-long-range-messages-140803
• https://news.satnews.com/2022/07/31/china-launches-new-satellite-in-important-step-towards-global-quantum-communications-network/
• https://spaceimpulse.com/2024/01/02/russian-and-chinese-scientists-successfully-test-quantum-satellite-
link-according-to-reports/
©

Next Steps
Of the 5,465 active satellites orbiting the
Earth as of April 30, 2022:
3,433 belong to the United States
The nearest competitor is China with 541.
As of July 2024, there are 6,281 Starlink
satellites in orbit (“owned” by Elon Musk),
of which 6,206 are working.
SOURCES:
• https://www.statista.com/statistics/264472/number-of-satellites-in-orbit-
by-operating-country/#:~:text=Of%20the%205%2C465%20
active%20artificial,China%2C%20accounting%20for%20only%20541
• https://planet4589.org/space/con/star/stats.html
Should Access to Quantum Communications be a Privacy Right?
Animated
©

Quantum Today
1971
The first email
1985
Launch of America On-Line
1983 - 1985
ARPANET switches to TCP/IP
1989
First commercial Dial-Up ISP
1969 – ARPANET
Advanced Research Projects Agency
Network is developed, a computer network
developed by the U.S. Department of Defense
1988
Direct Messaging
is developed
EMAIL
TCP/IP
AOL
DIRECT MESSAGING
DIAL-UP
“NO MORE INTERNET
HAVE’s and HAVE NOT’s”
1996
NetDay96
Will History to Repeat Itself ?
27 Years
For Internet to Be
Available to All
Animated
©

• Right to be forgotten/deletion
Can’t stop
• Terrorism / Anti-terrorism
• Simple eavesdropping
Can exercise privacy rights
• Right for a copy
• Right to amend
Next Steps
Should Access to Quantum Communications be a Privacy Right?
But will data subjects ever know
That they are being monitored even
when the technology is available
Animated
©

NEXT STEPS
❑ Gather alternative
cryptographic
algorithms and move
away from existing,
vulnerable standard
❑ Be ready to revisit
previous incidents of
encrypted data
potentially be subject
to breach notification
requirements in light
of SNDL
❑ Identify alternative
data and information
to replace data that
needs to be encrypted
❑ Monitor the “Space
Race”
INVENTORY
What data is encrypted and
using which encryption
technology
GROUP & RANK
Which data sets should
leverage which
“new” encryption standard
MONITOR
Track applicable data
protection laws that have
exemptions for
encrypted data
2025
International Year of Quantum
Science & Technology
Animated
©

How Did Things Go?
(We Really Want To Know)
Did you enjoy this session? Is there any way we could make it better? Let us
know by filling out a speaker evaluation.
1. Open the Cvent Events app.
2. Enter IAPP PSR24 (case and space sensitive) in search bar.
3. Tap “Schedule” on the bottom navigation bar.
4. Find this session. Click “Rate this Session” within the description.
5. Once you’ve answered all three questions, tap “Done”.
©

APPENDIX
©

Quantum Comparison
Classical Computing Quantum Computing
Theory of
Physics
• Executes operations based on classical physics
principles
• Utilizes quantum phenomena, such as superposition and
entanglement
Point of View • Macroscopic, can be seen with naked eye
• Measurable properties of particles
• Microscopic, such as atoms, electrons
• Calculations based on relation of particles to one another
Principles • Deterministic and predictable states • Probabilistic
Units of
Digital
Information
• Bits • Qubits
States of
Existence
• Binary
• 1 OR 0
• Superposition
• 1 AND 0
Role of
Electrons
carrying info.
• Electrons are essentially used to represent
these binary states within transistors, moving
to create the electrical signals representing 0s
and 1s.
• Electrons are used as the basis for qubits, leveraging
their quantum properties like spin to achieve
superposition and entanglement.
Transmission • Singularly in succession • Entanglement, where two particles link together in a
certain way no matter how far apart they are in space,
and constantly identical
©

RESOURCE LIST
• NIST Center of Excellence for Quantum Computing
https://www.nccoe.nist.gov/crypto-agility-considerations-migrating-post-quantum-cryptographic-
algorithms
• MIT Newsletter (focus: quantum computing)
https://news.mit.edu/topic/quantum-computing
• Quantum Insider Newsletter
https://thequantuminsider.com/
• Institute of Electrical and Electronics Engineers (IEEE), Quantum Technical Society
https://quantum.ieee.org/
• National Conference of State Legislatures
• Security Breach Notification Laws: http://www.ncsl.org/research/telecommunications-and-information-
technology/security-breach-notification-laws.aspx
• 50 State Searchable Bill Tracking: https://www.ncsl.org/technology-and-communication/ncsl-50-state-
searchable-bill-tracking-databases
• Data Disposal Laws: http://www.ncsl.org/research/telecommunications-and-information-technology/data-
disposal-laws.aspx
©

Quantum & Security
NIST, Federal Information Processing Standards (FIPS)
FIPS 203, intended as the primary standard for general encryption. Among its advantages are
comparatively small encryption keys that two parties can exchange easily, as well as its speed of
operation. The standard is based on the CRYSTALS-Kyber algorithm, which has been renamed ML-KEM,
short for Module-Lattice-Based Key-Encapsulation Mechanism.
https://substack.com/redirect/f0bbb79c-afda-4451-b634-676a978f8673?j=eyJ1IjoiMWtiMDRoIn0.BHvGAdpJu0ec61BB_fm4TbUDIXA3
eN5F8cF_GUEHUro
FIPS 204, intended as the primary standard for protecting digital signatures. The standard uses
the CRYSTALS-Dilithium algorithm, which has been renamed ML-DSA, short for Module-Lattice-Based
Digital Signature Algorithm.
https://substack.com/redirect/16d80770-cbe4-498f-81c3 4b05f7aab874?j=eyJ1IjoiMWtiMDRoIn0.BHvGAdpJu0ec61BB_fm4TbUDIXA3
eN5F8cF_GUEHUro
FIPS 205, also designed for digital signatures. The standard employs the Sphincs+ algorithm, which has
been renamed SLH-DSA, short for Stateless Hash-Based Digital Signature Algorithm. The standard is
based on a different math approach than ML-DSA, and it is intended as a backup method in case ML-
DSA proves vulnerable.
https://substack.com/redirect/7de3a98f-a853-45c7-8fd8-ab654ed5148a?j=eyJ1IjoiMWtiMDRoIn0.BHvGAdpJu0ec61BB_fm4TbUDIXA3e
N5F8cF_GUEHUro

Quantum Computing_A Security Threat, a Privacy Solution and a Privacy Right_Newest_Update.pdf

Quantum Computing_A Security Threat, a Privacy Solution and a Privacy Right_Newest_Update.pdf

More Related Content

Similar to Quantum Computing_A Security Threat, a Privacy Solution and a Privacy Right_Newest_Update.pdf

Recently uploaded

Quantum Computing_A Security Threat, a Privacy Solution and a Privacy Right_Newest_Update.pdf