Susannah Lai & Alex Vipond
This panel was moderated by Colin Wight and featured Peter Coroneos (Cybersecurity Advisors Network), Jon Lindsay (University of Toronto) and Vikram Sharma (Quintessence Labs).
Dr Sharma began by describing the establishment of Quintessence Labs. He warned the audience that we needed to ‘come up with a Plan B’ for our security, adding that state actors have collected vast amounts of data and stored it in anticipation of encryption being broken, and subsequently being able to read this data.
He described how his company had changed tack in their product innovation due to the unexpected directions of market interest, moving into areas such as key management and true random number generators rather than strict quantum key distribution. Currently, many random number generators are ‘pseudo random number generators’, meaning that if a hacker managed to get a copy of that random number generator, they could conceivably run it long enough to discern a pattern or repeated numbers and undermine the encryption of that random number generator. Quintessence Labs have managed to leverage quantum technology to build a true random number generator approximately the size of a large cell phone that essentially eliminates that risk.
Sharma cautioned that developing this technology carries both major threats and major benefits. Security could be weakened to the point that global electronic trade comes to a halt, especially if a quantum computer that could break all encryption is abruptly announced with no policy preparation. Conversely the extra security provided by quantum technology could usher in a new era of trust in these systems. When asked for an estimate as to when these changes might take place, Sharma said that as soon as five years from now is possible.
Lindsay framed the current view of cybersecurity as a ‘modern Alexander’, a general sitting back and sending out his orders over the battlefield via telephone. This conception, and the underlying implications of how control of the ‘networked battlefield’ functions, means that security of information and communication becomes critical, and people worry about the security of their network. In this environment, the offence/defence balance shifts heavily towards offence, with massive advantages going to the first achiever of anything that can compromise network security.
Specifically referencing cybersecurity, the ‘battlefield’ on which quantum is the new technology, he pointed out that the fatal flaw in delivering any kind of threat to your opposition was that cyber-operations largely rely on operational security and the opponent not knowing your vector of attack. Spying, Lindsay said, is difficult because you want to be able to listen without alerting the other parties that you are listening. If suspicions are raised, the other party will change channel, secure their communications and could even poison your intelligence by feeding false information through the compromised channel.
Lindsay dismissed the idea of a ‘Cryptocalypse’ and pointed out that conventional cyber advantages had already been demonstrated or shown in Stuxnet and the release of information by Snowden. In general, we have strong cryptography and our weaknesses in cybersecurity are from other angles.
Peter Coroneos took a markedly different approach to the other two speakers, focusing instead on the human element. He discussed how despite its entrenchment in almost every aspect of our lives, we are not actually well-adapted to living with technology. For example, moving the vast majority of our interactions online has meant that signals we have evolved to read such as tone, posture, etc are no longer present in interactions, leaving us uncertain as to how to distinguish trustworthy interactions from malicious ones.
Coroneos framed the push for technology as ‘making a new Prometheus’, saying that if we improve internet security, we could alleviate a huge amount of human suffering via the elimination of scams and other crimes perpetrated over the internet. Ultimately, he said, we are using technology to ‘become divine’, that is, omnipotent, omnipresent and omniscient. It is undeniable that as much suffering as the internet has wrought, it has certainly brought us closer to that goal with the ease of sharing information across vast distances.
In the end, perhaps this panel could be best summed up by a quotation that Sharma used from Amara: “We tend to overestimate the effect of a technology in the short run and underestimate the effect in the long run.”