Anat Lior (Drexel; Yale ISP) has posted “A Quantum of Privacy” (Nevada Law Journal, Vol. 25, 2024) on SSRN. Here is the abstract:
Quantum technologies are on the brink of becoming the leading technologies in the upcoming years, with forecasts suggesting their imminent commercial availability. In August 2023, Google unveiled a quantum-resistant security key, while NIST is progressing a post-quantum cryptography protocol. This Article sheds light on these highly anticipated advancements, particularly in quantum computing, and explores the potential privacy implications that could arise alongside their development and integration into the commercial market. It proposes a comprehensive, long-term approach to addressing these privacy challenges early on, given the technology’s nascent stage and current lack of readiness for widespread commercial use. This timeframe allows regulators ample opportunities to thoroughly deliberate on an appropriate legislative framework—one that is viable, effective, enforceable, and impactful.
The conversation surrounding the potential privacy risks posed by quantum technologies is in its initial stages. This Article seeks to expand and deepen this discourse, with a particular emphasis on quantum computing. It aims to achieve this by offering an overview of various quantum technologies, outlining the potential harms—focusing on privacy concerns—that these technologies might introduce, and highlighting the deficiencies in the current US framework to counteract these risks. Furthermore, it will delineate three phases of a policy framework that the US could presently adopt to address the potential privacy risks associated with quantum technologies.
The proposed framework consists of three interconnected stages that form a continuous feedback loop. This loop facilitates the implementation of the framework and enhances our understanding of these emerging technologies. The first stage focuses on quantum education to ensure widespread understanding within society and equip present and future policymakers with the essential expertise needed to develop meaningful legislation. Subsequently, as the first stage endeavors to cultivate a diverse cohort of experts in this domain, the second stage concentrates on promoting robust industry standards through standardization, promoting compatibility and transparency among the few companies operating in this sector. This phase also fosters the emergence of optimal privacy practices and norms in the quantum sphere. Building upon the insights gained from the preceding phases, the third stage advocates for the formulation of nuanced regulations, supplemented by soft regulatory tools such as cloud-based quantum computing and insurance policies. This phase of ‘hard and soft regulation’ does not necessarily entail a comprehensive ‘Quantum Act’ but rather involves refining existing regulations or crafting specific legislation that addresses particular aspects of quantum technologies. Unlike comprehensive AI bills currently under discussion, an all-encompassing quantum act seems impractical in the intricate and unpredictable landscape of quantum technologies.