Impacts
IMPACT 1: Prevention of Mass Retroactive Surveillance (Primary Goal)
Before Regulation:
Threat:
- Government: Stores exabytes of encrypted data (emails, messages, and web traffic)
- Waits: 10-20 years for quantum
- Decrypts: Retroactively (everyone's communications, decade of history)
Who's At Risk:
- Activists, Journalists, and Dissidents: Identified and targeted (based on past communications)
- Everyone: Loss of privacy (every embarrassing, sensitive conversation, or rage filled post is exposed)
After Regulation:
Year 1-5:
- Data Retention Limits: Enforced (5 years MAX)
- Government: Must delete oldest encrypted data (starting immediately)
- By 2030: Only 5 years of encrypted data is stored (not 10-20 years)
Year 5-10:
- Post-Quantum Crypto: Widely adopted (most new communications use PQ)
- Quantum Ban: Enforced (government can't use quantum for cryptanalysis)
Year 10+:
- When Quantum: Arrives (cryptanalytically relevant)
- Government: Cannot decrypt (ban enforced + most data is PQ-encrypted)
- Retroactive Surveillance: Prevented (data is deleted, and PQ crypto protects the rest)
Quantified Protection:
Current Risk:
- 50 Exabytes: Of encrypted data stored (estimate by NSA + allies)
- Contains: Billions of communications (emails, messages, and calls)
- All Vulnerable: To future quantum decryption
After Regulation:
- Year 5: 40 exabytes deleted (5-year retention limit)
- Remaining: 10 exabytes (most recent or 5 years)
- 80% Is Protected: Via PQ migration (8 exabytes PQ-encrypted)
- Vulnerable: Only 2 exabytes (older, non-PQ data)
Lives Are Protected:
- Millions: Of activists, journalists, and dissidents (not identified via retroactive decryption)
- Everyone: Retains privacy (embarrassing conversations not exposed)
IMPACT 2: Acceleration of Post-Quantum Migration
Without the Mandate:
Market Failure:
- Companies: No incentive to migrate (PQ crypto is slower and costs money)
- Adoption: Would be slow (10-20% by 2030, estimate)
- Most Systems: Still using RSA (will be vulnerable when quantum arrives)
With the Mandate:
Year 1-3 (2025-2027):
- Companies: Scramble to comply (mandatory 2030 deadline)
- Investment: $20-50 billion (private + public)
- R&D: Accelerates (better PQ algorithms and faster implementations)
Year 5 (2030):
- Critical Infrastructure: 95%+ have migrated (mandate enforced)
- Consumer Apps: 60-80% have migrated (driven by mandate + awareness)
Year 10 (2035):
- Nearly Universal: PQ crypto adoption (>95% of all communications)
- Quantum Threat: Mitigated (even if quantum arrives, can't break PQ)
Quantified Impact:
Prevented Decryption:
- If Quantum: Arrives in 2035
- Without the Mandate: 80% of communications still use RSA (vulnerable)
- With the Mandate: <5% use RSA (rest PQ-protected)
- Billions: Of communications protected (that would have been decrypted)
IMPACT 3: Transparency & Accountability
Before:
Black Box:
- NSA Quantum: Research is classified (public knows nothing)
- No Oversight: Meaningful (FISA court gives rubber stamps, and Congress is briefed but can't disclose)
After:
PCLOB Oversight:
- Annual Reports: Public (unclassified summary of quantum programs)
- Example: "NSA has X quantum computers, used for Y purposes, and 0 instances of cryptanalysis"
Transparency Reports:
- Companies: Disclose government quantum requests (if any)
- FISA Court: Publishes statistics (quantum decryption approvals)
Public Awareness:
- Citizens: Know what the government is doing (can pressure representatives)
- Media: Can investigate (FOI requests and whistleblowers are protected)
Impact:
- Trust: Increases (when people know if the government is following the rules)
- Deterrent: Government is less likely to violate (knows they will be caught and publicized)
IMPACT 4: Civil Liberties Protection
Specific Groups Are Protected:
Activists:
- Climate, Labor, and Racial Justice: Can organize without fear
- Communications: Encrypted (cannot be decrypted retroactively)
- First Amendment: Effectively protected (encryption enables free speech)
Journalists:
- Sources: Protected (encrypted communications cannot be decrypted to identify)
- Investigations: Can proceed (without government surveillance)
Marginalized Communities:
- LGBTQ+, Immigrants, and Religious Minorities: Communications protected
- Cannot: Be targeted via decrypted messages
Quantified:
- Millions: Of people can exercise their rights (without surveillance's chilling effect)
IMPACT 5: Economic/National Security
Corporate Secrets Are Protected:
Before:
- China: Steals encrypted corporate data (waiting for quantum)
- When Quantum: Arrives and decrypts 10+ years of stolen IP
- Estimated Loss: $1-5 trillion (U.S. economic damage)
After:
- PQ Migration: Protects new data (China cannot decrypt)
- Data Deletion: Limits retroactive exposure (only 5 years are vulnerable)
- Estimated Loss: Reduced to $100B-500B (80-90% reduction)
Government Secrets:
Classified Information:
- Without PQ: All encrypted classified communications are vulnerable (if intercepted)
- With PQ: Protected (China/Russia cannot decrypt)
National Security:
- Prevents: Exposure of spies, military plans, and diplomatic cables
- Maintains: U.S. intelligence advantage
IMPACT 6: Technological Leadership
U.S. Leads in Post-Quantum Crypto:
NIST Standards:
- U.S.: Created first PQ standards (global adoption)
- Industry: U.S. companies lead (Google, Microsoft, and IBM implement first)
Quantum-Resistant Hardware:
- $20B Investment: Boosts U.S. the semiconductor industry
- Jobs: 50,000+ (engineers, researchers, and manufacturers)
Exports:
- U.S. Companies: Sell PQ crypto products globally
- Revenue: $50-100 billion/year (by 2040, estimate)
IMPACT 7: Democratic Norms Are Strengthened
Rule of Law:
Government In Constrained:
- Cannot: Use quantum for mass surveillance (law prohibits)
- Oversight: Enforced (PCLOB, IGs, Congress, and the courts)
Separation of Powers:
- Executive: Cannot violate (Congress would defund, courts would strike down)
- Balance: Restored (vs. post-9/11 executive overreach)
Public Trust:
- Surveys: Show increased trust in government (when oversight exists)
- Legitimacy: Strengthened (government follows rules)
IMPACT 8: International Ripple Effects
Other Nations Follows:
GDPR-Style PQ Mandate:
- The EU: Likely adopts a similar PQ migration mandate
- Timeline: 2030 (matching the U.S.)
Coordinated Standards:
- The U.S. + EU: Align on PQ algorithms (interoperability)
- Global Adoption: Accelerates (two largest markets are aligned)
China:
- May: Accelerate quantum for surveillance (domestic control)
- But: Faces PQ crypto (cannot spy on U.S./EU as easily)
Russia:
- Similar: Uses quantum domestically, but are limited abroad
Impact:
- Authoritarian: Surveillance more localized (cannot easily spy globally)
- Democratic: Countries are protected (encryption works)
IMPACT 9: Privacy Culture Shift
Encryption Normalized:
Before:
- Encryption: Seen as suspicious ("What are you hiding?")
- Used By: Criminals, spies, and the tech-savvy (small minority)
After:
- Encryption: Normal ("It's your right")
- Used by: Everyone (default in all apps)
Cultural Change:
- Media: Covers encryption positively (not just as a criminal tool)
- Schools: Teach encryption (digital literacy)
- Surveys: Show majority support for encryption rights
Political Impact:
- Politicians: Cannot attack encryption (voters support it)
- NSA: Cannot demand backdoors (public opposes)
IMPACT 10: Employment & Economic
Jobs Created:
Government:
- PCLOB: +480 jobs (staff expansion)
- DOE Quantum Office: +200 jobs
- IGs: +500 jobs (across agencies)
- Total Government: +1,200 jobs
Private Sector:
- PQ Crypto: Engineers and researchers (+20,000 jobs)
- Compliance: Officers and auditors (+5,000 jobs)
- Security: Consultants (+10,000 jobs)
- Total Private: +35,000 jobs
Net:
- +36,000 jobs (mostly high-skilled, high-paying)
Jobs Lost:
- Surveillance Companies: -2,000 jobs (Palantir, etc. lose government contracts)
- NSA Contractors: -1,000 jobs (reduced surveillance = less need)
- Net Loss: -3,000 jobs
Overall:
- +33,000 net jobs
Economic Impact:
- PQ Crypto Industry: $50-100B/year (by 2040)
- U.S. Exports: Boost (global demand for PQ products)