As part of its efforts to deploy quantum resistant cryptography, Google has now announced the release of the first quantum resilient security key to withstand quantum attacks.
In a nutshell, quantum attacks refer to a category of cryptographic attacks that leverage the principles of quantum mechanics to compromise the security of classical cryptographic systems. In other words, classical cryptographic systems, which rely on mathematical problems that are difficult to solve, could be potentially broken by powerful enough quantum computers. Once a sufficiently powerful quantum computer becomes available, it could potentially render existing cryptographic systems vulnerable to attacks that were previously considered impractical due to the computational effort required. This phenomenon is often referred to as the “quantum threat” to cybersecurity.
According to the Google’s press-release, “while quantum attacks are still in the distant future, deploying cryptography at Internet scale is a massive undertaking which is why doing it as early as possible is vital. In particular, for security keys this process is expected to be gradual as users will have to acquire new ones once FIDO has standardized post quantum cryptography resilient cryptography and this new standard is supported by major browser vendors”.
The UK’s data protection watchdog, ICO, has published draft biometric data guidance for public consultations that will last until 20 October. According to ICO, “The draft biometric data guidance explains how data protection law applies when you use biometric data in biometric recognition systems”. The guidance is then “for organisations that use or are considering using biometric recognition systems. It is also for vendors of these systems. It is for both controllers and processors”.
The guidance covers such issues like “what biometric data is; when it is considered special category data; its use in biometric recognition systems; and the data protection requirements you need to comply with”. The guidance does not, however, cover “requirements of the data protection regimes for law enforcement purposes or the security services”.