With migration timelines to post-quantum cryptography now firmly on the calendar, federal agencies and their vendors are in the unglamorous phase of the work: discovering where, exactly, vulnerable public-key cryptography is embedded across their systems.
Lawfare contributors have framed the "harvest now, decrypt later" problem as a governance challenge as much as a technical one. Adversaries can collect encrypted traffic today and decrypt it once a cryptographically relevant quantum computer exists — which means data with a long confidentiality horizon is arguably already at risk. The legal wrinkle is accountability: standards bodies can publish algorithms, but statutes and contracts determine who must actually migrate, and by when.
JLCW readers will recognize the pattern from earlier debates over biometric and health data protection, where the Journal has repeatedly argued that data with a long life demands anticipatory, not reactive, safeguards. "The Standard for Biometric Data Protection" (Volume 7, Issue 1) develops that principle in a context that translates cleanly to the post-quantum transition.
For the broader discussion of durable-data protection, see the Journal of Law and Cyber Warfare, Volume 7, Issue 1. – JLCW Staff Writers