A Quantum Leap?: The potential legal implications of the quantum computing revolution
Although perhaps not as quickly and obviously as some headlines might shout, the ‘Fourth Industrial Revolution’ is taking place all around us. There is a… Read more
Although perhaps not as quickly and obviously as some headlines might shout, the ‘Fourth Industrial Revolution’ is taking place all around us. There is a fusing of the physical, digital and biological – all made possible via the transformational effects of newer technologies. Discussions as to the impact of this upheaval have produced a variety of theoretical conclusions, which can be wildly varying and best categorised as ‘guesstimates’, on the likely impact on the global economy over the coming years. Within discussion of this revolution, the focus to date is often on technologies such as AI and robotics. For many lawyers, progress in the field of AI has been of interest due to both the potentially disruptive implications on the profession itself and the interesting theoretical discussions about how machines may need to be regulated in the future.
A technology that has received fewer column inches is the recent and rapid progress that has been made in the field of quantum computing, which has the potential to bring significant improvements to the processing capabilities of the computers of the future. Such improvements potentially provide a platform to expedite the pace of any revolution and widen the opportunity for technology to impact all parts of our physical, digital and biological lives. For those of us of a certain age, or with easy access to classic 80/90s TV shows, thoughts about quantum leaps will forever be linked to the concern for Sam Beckett and his continual time and body shifting to help improve lives – with the aid of his holographic friend Al. However, it is time to update our thinking.
With the rapid improvements in the quantum field in the last 2 years, we are no longer thinking that quantum computing as something only linked to 20th century science fiction. This potentially world-changing technology is a near-present reality and so a question we are starting to ask is: ‘what are the potential legal implications of quantum computing technologies and how might existing fields of law may be affected?’.
What is quantum computing?
Classical computers of the sort we commonly use today are dependent upon hundreds of millions of microscopic transistors. Each transistor is capable of having a single binary state of ‘0’ or ‘1’ and acts independently of every other transistor. These transistors are the foundation upon which computer processor units (CPUs) function and the lynchpin of modern computing; yet they have their drawbacks.
For instance, transistor-built CPUs are generally only capable of performing functions in a sequential manner. This can be particularly prohibitive for scientists and mathematicians, who may be attempting to solve complex problems which may have millions of different potential answers.
Quantum computing promises to solve this problem by allowing for a large number of processing tasks to be undertaken concurrently. It can achieve this due to it having two key advantages over conventional computers. The first being the exploitation of a phenomenon identified through quantum physics, in which a sub-atomic particle can be in more than one state at the same time. Quantum bits (referred to as ‘qubits’) are capable of being in either the ‘0’ or ‘1’ binary states or a superposition in which the bit is in both states at the same time. Secondly, whereas binary computing is reliant upon each ‘bit’ being held in isolation to every other, qubits are capable of entanglement. This means they can be connected to each other allowing for much more complex computations to be undertaken.
These advantages have led many scientists to believe that the quantum computers of the future should be superior to the best supercomputers of today. This has led to great excitement from technologists who see the potential that such enhanced processing power may have in fields such as encryption, the internet of things, artificial intelligence and scientific discovery.
From a legal perspective these advances may not in themselves have a direct impact on the creation of new laws and regulations. However, it seems likely that a variety of practice areas are likely to be affected by quantum computing and therefore we need to start considering its implications.
One of the most discussed benefits of this new technology is encryption; with quantum cryptography offering the promise of un-hackable communications in the future. Yet the implications for existing cybersecurity is also one of the greatest fears arising from quantum computing progress. As is widely understood, encryption technologies typically rely on sets of large number calculations and codes to ensure security.
It has been widely predicted that a sophisticated quantum computer of the future will be capable of cracking existing encryption standards in incredibly short time-periods. This could have huge implications for all organisations, where current conventional forms of encryption are no longer secure. This means information security departments may soon need to be considering investing in quantum-resistant cryptography.
The potential legal implications of encrypted networks becoming openly hackable are significant. The EU’s General Data Protection Regulation (GDPR) which came into effect earlier this year requires controllers and processors of personal data to maintain appropriate technical and organisational security measures to protect that data from unauthorised access. These security standards have been enacted so that adequacy is determined by reference to the current ‘state of the art’. This means that an encryption standard which is appropriate in 2018 may not be in the quantum powered world of 5-10 years from now.
For operators of essential services, such as companies that operate in the banking, energy, transport and healthcare sectors, there is the potential for double jeopardy, with the EU’s Network and Information Security Directive (NIS) recently being implemented into UK law. For those organisations that fall within the scope of NIS, they are subject to security standards that apply to the wider protection of systems and communication networks beyond merely personal data, and which are arguably higher than the standards required under the GDPR.
Under both pieces of legislation, the potential consequences of failing to properly protect IT systems from attack are significant. Companies who suffer data breaches may face fines of up to £17m under NIS and €20m or 4% of global turnover under the GDPR.
Beyond the immediate risk of data breaches, there are wider privacy concerns which arise from the development of quantum technologies.
According to an article published in 2016 by the Northeastern University of Boston, Massachusetts, there are 2.5 exabytes of data produced globally each day. With the expected improvements in processing power, quantum computers are likely to be much more capable than conventional computers of analysing such volumes of data. This may be particularly useful in the field of artificial intelligence, with machine learning and deep learning algorithms being highly dependent on both the quality and volume of data that is available in order to enhance their capabilities.
From a privacy perspective, these improvements are likely to lead to more personal data being processed and in more sophisticated ways. Algorithms that make automated decisions about individuals are already widely deployed. With the power of quantum computing they’ll likely become increasingly prevalent. For instance, an employer’s IT system may be able to monitor an employee’s productivity and automatically deduct pay if it detects that the employee is not working as hard as expected. A retailer may charge one customer more than another for the same item because they have deduced from automatically analysing that customer’s social media posts that they are likely to be more affluent.
The complexity of existing algorithms and AI are already challenging law makers with regards to how IT can be transparent i.e. shown to be operating in accordance with the law. An easy example of the impact to existing legislation of current technologies is the genuine challenge for data controllers, who under the GDPR are required to meaningfully explain the logic involved and the envisaged consequences of automated decision-making processes.
The likely added complexity of quantum algorithms – fuelled by greater processing power – will challenge further that requirement for transparency and ‘explainability’ regarding the decisions they have made. Most humans would already struggle to understand in a meaningful way how many current algorithms make decisions about them – this is not likely to become any easier for humans with quantum powered decisions.
Given the potential significance of this field to the future of technology, it is perhaps unsurprising that multinational tech companies are investing heavily in making a quantum world the reality.
Although there are also various start-ups also at the forefront of progression in the field, past experience in other emerging areas such as virtual reality and AI suggest that major tech companies will seek to acquire many of these smaller players as quickly as possible. For the organisation or organisations that manage to develop the most sophisticated quantum technology the rewards could be prodigious. This appears to be recognised by the industry, with The Economist reporting that by 2015 over 600 quantum focused patents had already been filed in the US and 500 in China.
The potential for ascendancy by one or two companies in this field is a significant possibility and gives rise to anti-trust concerns. For instance, over recent years the European Union has increasingly focused on the alleged dominance of certain tech companies in the use of and access to big data. An organisation that manages to develop a quantum computer superior to its competitors could potentially dominate the fields of cryptography, AI and scientific research (amongst others) in the future.
For IT lawyers, the mainstream adoption of cloud computing services has seen a significant change to contracting practices. It is increasingly uncommon for businesses to licence on-premise software, with them instead often relying on ‘cloud’ computing i.e. software-as-a-service (SaaS), platform-as-a-service (PaaS) and infrastructure-as-a-service (IaaS) solutions.
This trend seems likely to continue with quantum computing. Instead of purchasing these machines at huge expense, it seems more likely that industry will seek to replicate the cloud computing model and pay a subscription fee in return for being granted access to the technology.
Assuming this happens, thought will need to be given to how the contracts for quantum powered technologies of the future will work.
Likely areas where modern ‘cloud’ contracts will require a change of emphasis might be:
- Remoteness and Quantum: Where we are unable to understand the potential computational process or outcome of a quantum powered calculation it raises the question as to how someone would be capable of understanding / foreseeing the types of losses which might be suffered where a problems/errors occurs in the quantum computer. This may well impact how we consider exclusion of loss clauses in contracts. Currently these focus on excluding from recovery certain categories of losses based on tests relating to both events naturally flowing from a breach or those which are in the contemplation of the parties – concepts challenged by quantum computing.
- Performance: Taking into account the major benefit of quantum computers is meant to be their superior performance, how will this be measured through service levels and how will inferior performance be proven and recompensed. The cloud model focuses on ‘same for all’ and the ubiquity of the cloud to give customers performance comfort – but will these mitigations be the same for quantum computing?
- Expertise/Maintenance: Will customers have sufficient in-house expertise to utilise quantum computing or will they need to hire outside expertise, such as from the IT supplier
Although much progress still needs to be made before quantum computing has transformational effects on our society, it is important that technology lawyers understand and keep abreast of the potential implications that it may have on various practice areas. And if nothing else, it is also a good reminder to look up old ‘Quantum Leap’ episodes on your streaming content provider to remember just how good an actor Scott Bakula is…