The Quantum Debate on Privacy
- 10 min read - Text OnlyI attended a debate at Quantum Village. It focused on whether the privacy of individuals will be enhanced or destroyed by quantum technologies. Both sides had no direct substance for or against the argument. The position for increased privacy was ungrounded and dreamlike. The position for diminished privacy focused on how the actors researching quantum technology the most are systemically against privacy. And, by extension, the application of quantum technology would be privacy eroding.
This talk summary is part of my DEF CON 31 series. The talks this year have sufficient depth to be shared independently and are separated for easier consumption.
At the Quantum Village, David Joseph and Troy Mills have an Oxford Union-style debate about whether individual citizen privacy will be enhanced with new quantum technologies. This took place at the LINQ at 4 PM on Friday, August 11th.
I invited Soatok — who was in fursuit — to join me for the quantum debates. I expected some bullsh*t and I was painfully right.
The debate
This was Quantum Village's second year. I remember Soatok mentioning he stumped them last year on something. I wanted to see it happen again. We arrive and sit down in one of the few chairs and the debate starts between a CEO of a security company and a researcher for quantum technology.
The debate centered around one question: What effects will quantum technology have on privacy?
It started with David. He made as much sense as some of the crypto currency visionaries. Every sentence and declaration he enunciated was a fabricated dreamscape with no grounding in reality.
It went like this:
Close your eyes for a moment and think of the future.
Everything about you will become a quantum state.
Identity theft will be an archaic concept.
Your browser history will be a quantum state so ISPs can't see inside without collapsing it.
Money fraud will be a thing of the past
Around that point I stopped taking serious notes from this guy.
Troy comes up next and makes his argument.
He argued that human nature consistently takes creative and neat things and uses it for war. He claims a lot of research is going towards specifically breaking RSA and Diffie-Hellman cryptography. Then he points to the People's Republic of China and how they are investing more than any other nation into quantum technology and that China demonstrates it is against the privacy of individuals.
He backtracks from the future to replay Tesla's history. He describes how Tesla was the first successful electric vehicle company by being a "first mover," they have captivated the market. He chills the audience by suggesting that China will be the first mover in quantum and dominate the technology thereafter.
The quantum researcher comes back to reply in the debate. Big names like Copenhagen and more word salad comes out of his mouth like your best friend's belch after too much hamburger and milkshakes in the drive-thru. The same crypto-currency startup vocabulary gets tossed in and it's all a bunch of meaningless drivel. Honestly, ChatGPT forms sentences with more meaning than his articulation.
He refused to name China in his reply, but at least mentioned that engineering efforts are under way for the post quantum future, such as the NIST competitions and Google testing Kyber on Chrome. At the end he dismisses the entirety of the Troy's argument by saying weaponization of quantum is out of scope for the debate.
Troy returns and asserts that using quantum technology against people is in line with the debate about how it affects privacy. I do agree with that, at least.
He relates quantum technology to a brick, it can be used to build something neat, or be used for violence.
Don't ignore reality. Privacy is shaped by how we use it.
As a last minute reply, David then continues with:
No more search history being pried upon.
No more identity theft or fraud, because quantum state is uncloneable.
The mediator then opens up for audience questions. Soatok is up first.
"Yes to the person in the... wolf costume"
David: Fine question. "Don't know, the engineers have to figure it out."
Troy: Reality and humans operate at a different scale than quantum. Think not just the grand future but also the hard questions like the nature of warfare online.
Unsurprisingly, at least to me, Soatok's question was the most succinct of the debate. The rest usually grandstanded or spouted a bunch of word salad to fit in.
A fair question was:
"Do you think that quantum will evolve without government influence"
David relates to how crypto-currency has evolved in the free market.
Troy parrots himself in that government influence in quantum is already happening and there's no way to change that.
While I wrote other questions and responses down, they are not interesting enough to include or publish.
What in the world was that
This so called debate was very manufactured. I don't know if both sides were doing this for the first time or if they prepared their position on the spot.
David Joseph has a competent talk from the prior year. The contrast from what I experienced there (a sh*t show) and this talk about a pay-walled paper Transitioning organizations to post-quantum cryptography made me doubt it was the same person.
David Joseph appeared to discard his position as a researcher to wear the cape of a crypto-currency junkie — even through the questions. When asked by Soatok about one of his promises of the future, he responded with "the engineers have to figure it out." Aren't you a researcher? Aren't you qualified to have a grounded opinion on this? Or is the research in this field on using quantum technology just as ungrounded and without fruit?
I cannot find much about Troy Mills except for being the CEO of Multispective Solutions.
Soatok's addendum
Even with a Herculean effort by NIST to standardize robust post-quantum cryptography (KEMs and signatures), and a commitment by tech industry leaders (Mozilla, Google, etc.) to deploy it as soon as possible, there is a Last Mile problem that will ultimately make quantum computers a net-negative for privacy on the web.
There are still websites today that do not support TLS. Of the websites that do, there are still many more that do not support TLS 1.3. (Only 62.1% do, according to Essential SSL Stats for an Industry Overview.)
One reason for this delayed TLS 1.3 deployment is likely OpenSSL's versioning and FIPS story: You need OpenSSL 1.1.1 or newer for TLS 1.3, but there was never a FIPS version of OpenSSL 1.1.1; only 1.0.2 and 3.0.x were FIPS validated. This means that operating systems (which need FIPS validation to meet Common Criteria requirements) were less likely to ship 1.1, and there was a few years of lag between 1.1.1 and 3.0.0.
I anticipate that, even with the ongoing work on post-quantum cryptography today, it will be several years before mainstream deployments are complete (i.e. to get where TLS 1.3 is today), and at least a decade before it's ubiquitous.
The only saving grace here is, ironically, how glacially the advancements in quantum computing are. We haven't broken a factoring record in 11 years. So it's likely that post-quantum will win in the end. But if quantum won today, it would be an unmitigated privacy disaster long before we saw any benefits.
Soatok also published DEFCON Quantum Village 2: Electric Boogaloo - Dhole Moments, where he has several constructive recommendations for Quantum Village. His stumping question sparked an interesting conversation afterwards in the Quantum Village discord. See quote by QuantumNerd#0000 in his article.