UPDATE: Michigan law banning VPNs and Post-Quantum VPN Encryption
Lots has been happening in VPN-land over the past couple of weeks. If your time is short, here are the key updates:
Did Michigan just propose a ban on VPNs?
Incredibly, yes. A lawmaker, whose professional background is in teaching kindergarten, wrote Michigan House Bill 4938. If passed, the bill would ban VPN use—and ironically, it would harm privacy and increase the very kinds of crime the authors claim to be preventing.
This is the kind of problem that arises when those creating rules and regulations lack understanding of the technology they are trying to govern. Lawmakers can’t be experts in every field, but it is their duty to consult those who are. That clearly did not happen here.
The bill would effectively shut down not only personal VPNs but also VPN technology used for processing credit cards, security updates, industrial systems, remote work, and more—potentially even violating the Fourth Amendment.
If you live in Wisconsin, reach out to your Senator and urge them to kill A.B. 105/S.B. 130. Our privacy matters. VPNs matter. And politicians who can't tell the difference between a security tool and a "loophole" shouldn't be writing laws about the internet.
Read more here: EFF Article
Did big changes just happen in the world of Post-Quantum VPN Encryption?
Yes and no. If you have been following my articles, you know this is not a simple issue.
- Yes, there have been a number of product announcements claiming quantum products scalable to over a hundred qubits, and many industry experts have moved closer the predictions of Q-Day*.
- Also, yes, there have been several headlines about quantum computers gaining “quantum supremacy” by outperforming the most powerful classical supercomputers.
- Also, also, yes, Cisco did just announce a working product that uses quantum entanglement communications across a network (See my article on how quantum communications are more important than quantum encryption).
That all sounds quite shocking, but let’s go beyond the headlines:
-
While many products claim large numbers of functioning qubits, none have yet solved the high error rates that make quantum computers unreliable. A quantum computer with a high error rate is no more useful than classical computers for breaking VPN encryption. These advances, however, have moved the estimated Q-Day closer—to about 3–5 years.
-
Quantum computers have outperformed classical computers for very specific tasks, but no quantum computer has surpassed classical supercomputers for general processing. And the biggest threats to VPNs are still non-quantum: misconfigurations and weak protocols, like SSL/TLS VPNs. (See my article: The Truth About VPNs and the Rise of Quantum Decryption)
-
Cisco’s quantum entanglement product does not transmit data. Instead, entangled particles can detect if someone is observing your connection and send an alert. It’s very cool—but it’s not full quantum communication, and the product is not yet for sale.
I hope this quick update is useful! Bookmark the Cadre Blogs or follow me on LinkedIn to stay informed.
*"Q-Day" refers to the hypothetical day when a powerful enough quantum computer can break the encryption that protects current digital data, making it vulnerable to widespread decryption
