Quantum cybersecurity

Post-quantum cybersecurity in law firms

NOTE: This article was first published in Law360 Canada on October 7, 2024

Law360 Canada (October 7, 2024, 3:04 PM EDT) -- Computer science has attracted excessive discussions over the past few years, especially within the legal sector. Technological evolution in artificial intelligence (AI) and other similar technologies continue to impact the legal industry in countless ways, including, but not restricted to, automation of administrative tasks, enabling AI-driven case evaluations and enhancing research and review capabilities. As the law continues to evolve, more sophisticated methodologies are expected to emerge, furthering the transformation of legal practice. Confidentiality is fundamental to the practice of law and is a core ethical obligation that all lawyers and law firms are bound to uphold. Confidential information, once securely stored in physical formats, has been transferred to digital environments. Although lawyers are not traditionally well-versed in digital storage technologies, the legal profession increasingly relies on digital infrastructure to manage and protect sensitive information, raising critical considerations with respect to data security and privacy in the era of pervasive digitalization. In the next few years, lawyers and law firms will experience significant impacts due to the advancements in cybersecurity technology. As cyber threats continue to grow in sophistication, the ability of the legal industry to effectively mitigate these risks remain a pressing concern. The rapid advancement in the methodology of cybercriminals often outpaces the development of cyber defense mechanisms, highlighting an urgent requirement of enhanced cybersecurity measures in law firms.

Law firms’ strategic response to cybersecurity threats

Law firms have seen an alarming rise in sophisticated cyberattacks targeting, in particular, large   law firms. According to a recent survey by Artic Wolf and Above the Law, 39 per cent of respondents reported their firm experienced a security breach in the past year and 56 per cent of those respondents confirmed losing confidential client data — a devastating outcome for any legal practice(Yamri Taddese, “Law Firms Targeted in Top 10 Worst Cyber Attacks.” Canadian Lawyer, April 19,2013). The heightened threat of cybercrime is attributable to cybercriminals leveraging sophisticated computational models, such as quantum computing. Quantum computing allows the possibility of “compromising encryption and public key infrastructure encryption, in particular.” (Haitham Al Jowhari, “Fighting cybercrime in the age of quantum computing.” AGBI, Jan. 25, 2024). Given the many recent cybersecurity breach scandals, law firm sought to significantly enhance their attention and investment in advanced technological solutions to safeguard confidential data. This strategic shift will require law firms to adopt methodologies that mimic the sophisticated models utilized by cybercriminals, given deploying less intelligent systems would be counterproductive.

New Defence against cybersecurity threats: Quantum computing

To effectively counteract the intelligent systems employed by cybercriminals, law firms must evolve beyond conventional defence mechanisms and explore new technologies such as quantum computing. Classical computers use bits, or binary digits, which are the smallest units of data that a computer can store and process. “A bit is always in one of two physical states, similar to an on/off light switch.”(Robert Sheldon, “What is a Bit? (Binary Digit) in Computing?”) Similar to on/off, a bit can be yes/no, true/false and any single binary value such as 0 or 1.Quantum computing though, uses quantum bits, also referred to as qubits. Unlike bits, qubits are confined by single binary values, meaning a qubit can be 0 and 1 or values between those two simultaneously. To illustrate, imagine a coin spinning in the air: when it lands, it is not just heads or tails, it is in a state of being both. This allows qubits to represent multiple possibilities at once, facilitating complex calculations that are impossible for classical computers to process. Additionally, qubits can become entangled, meaning the state of one qubit is able to directly manipulate and influence the state of another qubit, regardless of their proximity. “Entanglement even baffled Einstein, who famously described it as ‘spooky action at a distance.’” (Martin Giles,“ Explainer: What Is a Quantum Computer?” MIT Technology Review). Entanglement allows quantum computers to perform at unprecedented speeds, thereby revolutionizing areas such as cryptography, blockchain, cloud storage and cybersecurity defence mechanisms. “Traditional encryption methods, such as RSA and ECC, rely on the complexity of factoring large numbers” or solving discrete logarithms (Edward Kiledjian, “Introducing Quantum Secure Encryption; Safeguarding the Future of Cybersecurity.” Insights For Success, May 14, 2024) — tasks that quantum computers can perform exponentially faster, thus making these methods vulnerable to interception. In countering this, law firms must adopt quantum-resistant algorithms, also known as post-quantum cryptography. “National Institute of Standards and Technology (NIST) has chosen the first group of encryption tools that are designed to withstand the assault of a future quantum computer, which could potentially crack the security used to protect privacy in the digital systems we rely on everyday — such as online banking and email software. The four selected encryption algorithms will become part of NIST’s post-quantum cryptographic standard, expected to be finalized in about two years.” (“NIST Announces First Four Quantum-Resistant Cryptographic Algorithms,” National Institute of Standards and Technology.) These encryption tools will be able to withstand attacks from both classical and quantum computers, providing a layer of security for confidential data.

Cybersecurity arms race: The catch-22 between law firms and hackers

The integration of quantum algorithms into the practice of law is a change that, while promising, introduces substantial challenges in addition to its potential benefits. While the progress of quantum computing holds the promise of transforming legal analytics, it also escalates the sophistication of cybersecurity threats. Continuously adapting and enhancing security measures to offset the evolving strategies of cybercriminals becomes a requirement. These dynamics present an unavoidable reality: the legal profession shall proactively engage with these emerging technologies. This engagement is not merely an option but a requisite, driven by the fundamental ethical obligation to maintain client confidentiality and safeguard sensitive data.

Conclusion

The integration of quantum computing into law firms’ cybersecurity strategies is crucial in the face of increasingly sophisticated cyber threats. The inevitability of adopting quantum-resistant algorithms within the legal industry is a matter that demands immediate and serious consideration. As quantum computing rapidly advances, its potential to break conventional cryptographic systems, which are foundational to data security, becomes increasingly likely. This looming threat is not a distant hypothetical but a near-future reality, likely to materialize within the next few years. Consequently, law firms — guards of highly sensitive client information — will have to proactively transition to quantum-resistant cryptographic methods to safeguard their data.

Fatima Manzoor

Fatima Manzoor graduated from of the University of Ottawa, Faculty of Law, and is currently completing her articles with us at Green Germann Sakran, where she focuses primarily on corporate law. During her time in law school, Fatima developed a keen interest in the intersection of law and technology, particularly in the areas of artificial intelligence and cybersecurity. She continues to delve into pressing issues surrounding cybersecurity, post-quantum algorithms, and the integration of advanced computing technologies within the legal landscape.