The Digital Security Digest, by Freedom of the Press Foundation (FPF), is a weekly newsletter with security tips that keep you, your sources, and your devices safe. If someone shared this newsletter with you, please subscribe here.

Quantum computing may soon put everyone’s data at risk

There’s a strong chance that most, if not all, of the connections you’ve made to websites today are secured with encryption. The “s” in the “https” you see in web addresses just means that you have a secure connection. Google is now warning of a world where this type of security cannot be assured, as quantum computers could potentially be used to decrypt, or read, data that is transmitted using traditional encryption standards.

In a recent post, Google suggested that industry actors should prepare for post-quantum cryptography as soon as 2029. However, the risk exists for data we transmit now due to “store-now-decrypt-later” attacks, whereby an attacker copies encrypted traffic in the hope that one day they will be able to decrypt it with help from more powerful computers. Read more.

What you can do

  • As always, conduct the risk assessment. Who is going to have the resources to create and maintain powerful quantum computers capable of decrypting your traffic? And of those entities, who has access to your web traffic from the outset? This likely applies to a small handful of companies like Google and to state actors, such as intelligence agencies, that have the technical capability. Even then, decryption would take meaningful computing time. Attackers need to prioritize their limited resources, so while post-quantum cryptography represents a problem for everyone, this may or may not be a major issue for you in particular. Read our guide to risk assessment. If this is a concern for you, there are some small, but effective things you can do.
  • And, as always, download those updates. The good news is that industry actors like Google and Apple are attempting to get ahead of the problem with quantum-resistant encryption in a variety of features in new versions of their operating systems. All you have to do is download your updates. Read about the story inside your software updates.
  • Signal’s on top of it. Signal rolled out quantum-resistant encryption a few years ago, so you can have end-to-end encryption on all major platforms. Read our guide to get started, and if you’re already on Signal, check out our guide to learn how to lock it down.

Our team is always ready to assist journalists with digital security concerns. Reach out here, and stay safe and secure out there.

Best,
Martin

Martin Shelton
Deputy Director of Digital Security
Freedom of the Press Foundation