The Q-Day Edition
On digital espionage, quantum computing, and biding your time.
Colin here. There’s a peculiar form of theft happening right now that requires no lock-picking, no social engineering, and has no immediate payoff. Nation-states are running what amounts to the world’s longest con: vacuuming up encrypted data they cannot currently read, storing it in vast digital warehouses, and letting it marinate.
The bet is simple, but staggering in its implications. Every encrypted communication—bank transfers, diplomatic cables, corporate IP, health records—is being collected and archived by US adversaries who know they can’t crack it today. But they’re betting that within 5, 10, maybe 15 years, quantum computers will render current encryption methods obsolete.
That unspecified future date is currently referred by cybersecurity analysts as Q-Day: The day that quantum computers become powerful enough to break RSA and ECC encryption.
Why is this interesting?
China’s 2015 OPM breach compromised 21.5 million personnel records—security clearances, and background checks, part of the intelligence apparatus (or importantly, who wasn’t in there) mapped out. At the time, that data was valuable but static. Post-Q-Day, every encrypted communication referenced in those files becomes retroactively accessible. The recent Salt Typhoon compromise of U.S. telecom infrastructure follows the same playbook: collect a bunch of potentially useful stuff now, and decrypt later. It is perhaps the most patient criminal enterprise in history.
This fundamentally inverts how we think about data security and time. Normally, if data is secure today, each passing day makes it less valuable. Context ages out and strategic relevance decays.
But Q-Day creates a new world, where encrypted data becomes more valuable over time.
It’s a long game, and China has always excelled at multi-decade strategic planning. They’ve dedicated massive infrastructure and resources to stealing millions of terabytes of completely unreadable gibberish on the faith that future technology will make it worthwhile. The idea is digital espionage meets venture capital: high upfront costs, uncertain timeline, potentially enormous payoff.
And they are right to do it. Any sensitive data encrypted today using standard methods—the plans for next-generation fighter jets, pharmaceutical R&D, insider board communications—will eventually become readable. That deep historical context will perhaps help unfurl future plans. Or help the holders of it understand where their previous counterintelligence failed.
Put simply, every secure communication happening right now exists in an odd state: simultaneously secret and already compromised, private and already stolen, safe and already sold. We will only know how it is actioned when someone, somewhere hits the decrypt button. (CJN)
I don't know many informed people who think that anyone will build a quantum computer capable of breaking RSA encryption in the next 10 or even 15 years. Other uses --- e.g. very efficient simulation of chemical systems --- will come first.
Fascinating. When quantum arrives, what then for not only encryption but blockchain, crypto, 2factor, passwords, account numbers. etc....