What has Edward Snowden taught us about Quantum Cryptology?
The NSA may want quantum computing, but is it any nearer to cracking the problem or cryptology?


In my best Sheldon Cooper voice this uses the Heisenberg Uncertainty Principle that, in layman's term, says you cannot observe something without changing that which you are observing. Note that 'very' isn't the same as '100 per cent' though, and regular readers of IT Pro will be well aware that we have gone to great pains to point out that there is no such thing as 100 per cent secure data. For good reason: there are always weak points that offer the potential for exploitation.
A quantum of practicality
Some five years ago the theory went practical as research scientists strung together a quantum cryptographically secure network across 200km of standard commercial fibre optic cabling, and in the process securely connected six locations around Vienna. Single photons (the basic unit of light with quantum properties as discovered by Einstein) fired a million times per second along the fibre optic cables between the network nodes, while light detectors at the nodes spotted these photons and determined a secret key from them in order to encode the data across that communications channel.
However, as has been noted by some researchers working in the quantum field, the lasers that fire out the single photons get it wrong and fire out multiple photons occasionally then snooping not noticed by entanglement can happen.
Getting around such problems with a device-independent protocol has proved harder than might have been thought. Not least that such protocols have to treat the quantum cryptography process as a one-off; whereas in the real world not even the NSA can afford to use the kit once and then replace it all every single time. Quantum computers and quantum cryptography development is expensive enough an area as it is without throwing the practical spanner of disposable quantum devices into the theoretical works.
Not all its cracked up to be
OK, so that's the explanation bit, but where does that leave the NSA today and the enterprise looking over its shoulder at the possibility of a super-decryptor computer snooping on all their data? I've had conversations with respected IT security researchers who pretty much rule serious quantum crypto, or quantum key distribution, out of the enterprise picture for the foreseeable future.
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
They say that the combination of distance limitations, hardware implementation costs and the small matter of it not being as secure as it promises to be will see to that. The truth is that real-world quantum computers show no convincing signs of making the jump from research lab to real world enterprise, despite some recent advances such as a team of Oxford and Simon Fraser University boffins managing to 'sustain a quantum state for 39 minutes'. This is a giant leap for the science, maintaining the superposition state of qubits at room temperature rather than -269C, but only a tiny inching towards anything actually practical.
The truth is, as evidenced by the science and the Snowden documents, that it seems very unlikely indeed that the NSA is no closer to building a working quantum computer with any practical implications on data privacy than anyone else.
Yes, such a working code-breaking quantum computer would open the doors to making existing encryption standards useless, those doors remain firmly closed for now and are likely to do so for quite some years to come. Given just how fragile quantum computing prototypes are, being hugely susceptible to environmental changes, the chances of building one with enough qubits (at least in the hundreds, and possibly thousands according to some) to perform the kind of encryption breaking calculations that some folk are worried about seem pretty low right now.
After all, if all it took was a few million pounds then why wouldn't the cash-rich giants of the technology business have beaten the secret squirrels to it already? What Edward Snowden has taught us about quantum cryptology, as with so many other things, is that just because the NSA wants something that doesn't mean it's going to get it all it's own way...
Davey is a three-decade veteran technology journalist specialising in cybersecurity and privacy matters and has been a Contributing Editor at PC Pro magazine since the first issue was published in 1994. He's also a Senior Contributor at Forbes, and co-founder of the Forbes Straight Talking Cyber video project that won the ‘Most Educational Content’ category at the 2021 European Cybersecurity Blogger Awards.
Davey has also picked up many other awards over the years, including the Security Serious ‘Cyber Writer of the Year’ title in 2020. As well as being the only three-time winner of the BT Security Journalist of the Year award (2006, 2008, 2010) Davey was also named BT Technology Journalist of the Year in 1996 for a forward-looking feature in PC Pro Magazine called ‘Threats to the Internet.’ In 2011 he was honoured with the Enigma Award for a lifetime contribution to IT security journalism which, thankfully, didn’t end his ongoing contributions - or his life for that matter.
You can follow Davey on Twitter @happygeek, or email him at davey@happygeek.com.
-
Criminals target APIs as web attacks skyrocket globally
News More than a third of web attacks target APIs as AI expands attack surfaces and brings new security challenges
By Emma Woollacott
-
What to look out for at RSAC Conference 2025
Analysis Convincing attendees that AI can revolutionize security will be the first point of order at next week’s RSA Conference – but traditional threats will be a constant undercurrent
By Rory Bathgate
-
ThreatLabz Report: The state of encrypted attacks
Whitepaper What's hiding in your web traffic?
By ITPro
-
Capita tells pension provider to 'assume' nearly 500,000 customers' data stolen
Capita told the pension provider to “work on the assumption” that data had been stolen
By Ross Kelly
-
Gumtree site code made personal data of users and sellers publicly accessible
News Anyone could scan the website's HTML code to reveal personal information belonging to users of the popular second-hand classified adverts website
By Connor Jones
-
Pizza chain exposed 100,000 employees' Social Security numbers
News Former and current staff at California Pizza Kitchen potentially burned by hackers
By Danny Bradbury
-
83% of critical infrastructure companies have experienced breaches in the last three years
News Survey finds security practices are weak if not non-existent in critical firms
By Rene Millman
-
Identity Automation launches credential breach monitoring service
News New monitoring solution adds to the firm’s flagship RapidIdentity platform
By Praharsha Anand
-
Neiman Marcus data breach hits 4.6 million customers
News The breach took place last year, but details have only now come to light
By Rene Millman
-
Indiana notifies 750,000 after COVID-19 tracing data accessed
News The state is following up to ensure no information was transferred to bad actors
By Rene Millman