Most stolen data loses value in months. Legal data does the opposite: privilege and trade secrets never expire. That inversion is why law firms are the prime target for harvest-now, decrypt-later collection — and why the cryptography protecting long-lived records has to be chosen now, not after a quantum computer arrives.
Why is legal data the prime harvest-now target?
Harvest now, decrypt later is an attack on data with long confidentiality lifetimes: an adversary captures encrypted files today, stores them cheaply, and decrypts them once a capable quantum computer exists. Most stolen data loses value in months. Legal data does the opposite — privilege and trade secrets never expire, sealed settlements and M&A files must stay confidential for decades. If a record must outlive the cryptographic transition, today’s RSA and ECDSA are not protecting it for its full lifetime.
What are the real deadlines?
- August 13, 2024 — NIST finalized FIPS 203 (ML-KEM), FIPS 204 (ML-DSA), and FIPS 205 (SLH-DSA): the standardized post-quantum algorithms.
- After 2030 — RSA and ECDSA at common strengths are slated for deprecation under NIST’s draft transition guidance (IR 8547).
- After 2035 — the same classical algorithms are slated to be disallowed entirely.
What quantum-safe honestly means
Quantum-safe cryptography is designed to resist attack by a future quantum computer based on the attacks we can foresee — it is an engineering standard, not an oath, which is why we never say “quantum-proof.” Also worth naming plainly: quantum random-number generation and quantum key distribution are separate technologies and are not post-quantum cryptography. What matters for your records is whether the signatures protecting them use the NIST-standardized post-quantum algorithms. Ours do.