James Ellis Arden edits, writes and researches for other lawyers. Rated AV-Preeminent by Martindale-Hubbell since the twentieth century, his background is in legal malpractice litigation, computing, and psychology. He is a member of the LACBA’s Professional Responsibility and Ethics Committee, and of the Association of Professional Responsibility Lawyers; and he is a volunteer Special Master for Los Angeles County. The views expressed here are his own. persuade@ardenLaw.com. Ethics articles are provided regularly by LACBA’s longstanding Professional Responsibility and Ethics Committee.

Many or most lawyers use electronic devices, smart phones, tablets and other computers without thinking too much (at all) about ethics. But lawyers are supposed to do a risk/benefit analysis, to assess the dangers of keeping confidential client information on their electronic devices, and to take reasonable steps to secure their devices to minimize the risk of unauthorized access. (See COPRAC Form. Op. 2020-203.)

We use electronic devices because they’re convenient. Get email anywhere. Make phone calls and send text messages through car steering wheels. Talk to Siri and Alexa to control operations and functions of other remote computers.

But remember that security and convenience are at opposite ends of a spectrum. Encrypting client communications, for example, makes them really secure but maximally inconvenient. Because an encryption requirement would be so cumbersome for most lawyers, and because to some degree encryption technologies already protect Internet communications, lawyers have never been compelled to encrypt client communications – and they most likely never will.[1]

But encryption probably doesn’t matter any more. Q-Day is coming:

“One day soon, it will begin: the sudden unlocking of the world’s secrets. Your secrets. Cybersecurity analysts call this Q-Day- the day someone builds a quantum computer that can crack the most widely used forms of encryption. These math problems have kept humanity’s intimate data safe for decades, but on Q-Day, everything could become vulnerable, for everyone: emails, text messages, anonymous posts, location histories, bitcoin wallets, police reports, hospital records, power stations, the entire global financial system.”[2]

“Q-Day” is the day when quantum computing advances to the point it can break the encryption methods safeguarding most of the Internet, including the cryptography that secures our Client Trust and other bank accounts, as well as the applications we use to conduct financial transactions, Internet chat rooms, and all sorts of sensitive data.[3]

The way quantum computers process information is very different from the way the computers we are using now do it. What we are using now are called “classical” computers. (Note: “classic” cars are defined as being older than twenty-five years.)

Classical computers process everything using long, long, long strings of zeroes and ones, called bits. However, quantum computers use qubits, quantum bits, which process so much more, and faster, than regular bits in classical computers.

“The classical machine is doomed to a life of stepwise calculation: Try one set of ingredients, fail, scrap everything, try again. But quantum computers can explore many potential recipes simultaneously.”[4]

A regular bit has only two possibilities, zero or one. It takes a string of eight bits, eight zeros and ones, just to represent a single letter of the alphabet. But a qubit can represent an infinite combination of zeroes and ones simultaneously, when it is in what’s called a state of superposition. That allows quantum computers, using qubits instead of regular bits, to perform calculations on multiple states simultaneously.

One way to conceptualize the difference between bits and qubits is to imagine a sphere. A regular bit, which can only be a zero or a one, would be represented on a sphere as one of the two points at the very top or very bottom, the north or south pole if you will. A qubit, on the other hand, with infinite possibilities, could represent any point anywhere on the sphere.

If you ask a classical computer to break the number 15 into its smallest prime factors, it would try every option one by one and give you a nearly instantaneous answer: 3 and 5. If you then ask the computer to factor a number with 1,000 digits, it would tackle the problem in exactly the same way, one by one. The calculation would take millennia. That simple trial-and-error method is the basis to a lot of modern cryptography systems. That approach won’t work against quantum computers though, because they can explore all potential solutions simultaneously.[5]

Quantum computers exist now, but it has not yet been possible to build very powerful ones. (They have extreme cooling needs and environmental requirements.) When more powerful quantum computers are built, they will perform calculations impossible for classical computers. Encryption algorithms protecting financial transactions, personal data, and government communications will all be broken.

Remember “Y2K”? Everyone had some anxiety leading up to the turn of the century because we didn’t know how our computers would understand the date numbered “1/1/00” inordinately followed the date numbered “12/31/99.” Y2K turned out to be nothing. This won’t.

“As of right now, every piece of information we have is already lost.”[6]

At risk, among other things, is the elliptic-curve cryptography used to secure cryptocurrencies like Bitcoin and Ethereum, the VPNs that let political activists and porn aficionados browse the web in secrecy, the random number generators that power online casinos, the smartcards that let you tap through locked doors at work, the security on your home Wi-Fi network, and the two-factor authentication you use to log in to your email account.[7]

“Of course, it’s unlikely that everyone’s messages will actually be targeted, but the perception that you could be spied on at any time will change the way we live.”[8]

Bitcoin is “exquisitely vulnerable” to Q-Day. Each block in the Bitcoin blockchain captures the data from the previous block, so Bitcoin cannot be upgraded to post-quantum cryptography, according to Kapil Dhiman, CEO of Quranium. “The only solution to that seems to be a hard fork–give birth to a new chain and the old chain dies.” But that would require 51 percent of Bitcoin node operators to agree, and then “everyone who holds Bitcoin would have to manually move their funds from the old chain to the new one (including the elusive Satoshi Nakamoto, the Bitcoin developer who controls wallets containing around $100 billion of the cryptocurrency.)”[9]

Congress has enacted the Quantum Computing Cybersecurity Preparedness Act,[10] mandating that federal agencies take stock of their current encryption schemes, identify their systems that are vulnerable to quantum attacks, and transition to quantum-resistant algorithms.[11]

When will Q-day arrive? Expert estimates vary, but generally range from five to twenty-five years.[12] But maybe we won’t know when Q-day arrives at all. We may not recognize it when it happens.[13]

Or, suppose some group develops this key – to cracking any safe or computer in the world. Would they tell us? Would they use it first?

All confidentiality won’t suddenly be lost when Q-Day arrives, and lawyers can hardly be held responsible for keeping client confidences when everybody’s secret sauce is being exposed. But our ethical “duty to keep abreast of the changes in the law and its practice”[14] reminds us that as technologies change, so do our standards of care. When Q-Day arrives and we learn our systems are no longer secure, we’re going to have to innovate.

“Enjoy the moment. We don’t have forever.” –John Joseph Adams, The End is Nigh.