by: Aaron W. Brooks

This week, the National Institute of Standards and Technology (NIST) will hold its First Post-Quantum Cryptography Standardization Conference. The core purpose of the Conference will be to analyze the results of last fall’s Round 1 Submissions process, in which candidates submitted proposals to standardize one or more quantum-resistant public-key cryptographic algorithms. This is significant, and requires the attention of any legal professional who is engaged in documenting compliance procedures associated with highly sensitive data, as well as those who draft and negotiate transactions involving cryptographic functions.

Technology Standards as Performance Standards

When drafting compliance and transaction documents relating to technology, one must reference specific standards of performance. Relating specifically to cryptographic functions, one should not simply require that data be “encrypted,” because that term is not precise. For example, applying file-level encryption to a document using only a four character passcode and no brute force attack protection mechanism might technically qualify as use of encryption; however, the underlying data will remain readily accessible and insecure. By contrast, requiring data to be encrypted in accordance with a specific technical standard cuts through the nuanced variations among encryption mechanisms, and creates a well-defined and measurable compliance and contract performance standard.

Consider the HIPAA Breach Notification Rule as an example. It requires that patients be notified in the event of an unauthorized acquisition, access, use or disclosure of their protected health information. However, the notification obligation applies only to “unsecured” protected health information. The term “unsecured” is defined in a document that was first issued by the U.S. Department of Health and Human Services in April, 2009, entitled “Guidance to Render Unsecured Protected Health Information Unusable, Unreadable, or Indecipherable to Unauthorized Individuals” (the “HIPAA Encryption Guidance”). The HIPAA Encryption Guidance addresses two basic encryption scenarios (data-at-rest and data-in-motion), and then links to applicable NIST Special Publications which provide the specific encryption performance standard for each scenario. Accordingly, when drafting compliance and transaction documents which require “encryption” for protected health information, one should consider mandating compliance with the HIPAA Encryption Guidance (or the NIST Special Publications referenced therein) to create a defined and measurable performance standard.

Planning for the Future

But what happens when a contractual encryption standard becomes inadequate or obsolete while the contract is still in effect? For example, the HIPAA Encryption Guidance references NIST Special Publication 800-52 as a valid encryption process for data in motion. However, in March of 2013, NIST withdrew that standard because it did not adequately address known TLS vulnerabilities. NIST reissued the standard the following year. But, for a period of time, the HIPAA Encryption Guidance referenced a withdrawn encryption standard, and should now be understood to reference the most current version of that standard as it may be amended or superseded from time to time.

This example illustrates how information security standards are always a moving target. The standards must constantly evolve to adequately address the underlying and ever-changing threats to data security. So too, our compliance and transaction documents must contemplate changes to information security standards and widely-recognized best practices.

The Quantum Standard

This is why studying post-quantum cryptography standards is important for legal professionals who practice in this area. As stated by NIST in its Post-Quantum Cryptography Project Overview:

In recent years, there has been a substantial amount of research on quantum computers – machines that exploit quantum mechanical phenomena to solve mathematical problems that are difficult or intractable for conventional computers. If large-scale quantum computers are ever built, they will be able to break many of the public-key cryptosystems currently in use. This would seriously compromise the confidentiality and integrity of digital communications on the Internet and elsewhere. The goal of post-quantum cryptography (also called quantum-resistant cryptography) is to develop cryptographic systems that are secure against both quantum and classical computers, and can interoperate with existing communications protocols and networks. 

In other words, one might view the emerging post-quantum cryptography standards as those which are least likely to be rendered obsolete or inadequate over time. Accordingly, and with respect to long-term data storage systems and transmission mechanisms involving highly sensitive data, they might be viewed as an emerging contract performance and compliance standard that sufficiently addresses all known and reasonably anticipated threats to the data. To illustrate this, consider a transaction involving a cloud-based system used to store administrative credentials for highly sensitive data. In the course of that transaction, we should specify how those credentials will be stored and transmitted, and we should do so with reference to a specific and measurable performance standard. We might, for example, require that the credentials be encrypted using a salted password hash mechanism that is not only compliant with an appropriate current cryptography standard, but that will also remain complaint with quantum resistant cryptography standards which may be issued by NIST and other standards-setting organizations from time to time. Should the emerging standard not be met at some point in the course of contract performance, a remedy or termination right would arise – thus allowing the client to migrate to a system that meets its current compliance needs which were unknown when the contract was executed.

What’s Next?

Perhaps it is premature to begin using these principles in our current compliance and contract drafting work. But, it’s not too soon to participate in the process of defining these emerging cryptography standards, and it is certainly time to carefully consider how this process will affect our future compliance and transaction planning efforts. For more information about this issue and the post-quantum cryptography conferences being held this week, please see the following resources:

NIST Post-Quantum Cryptography Project

NIST First PQC Standardization Conference

PQCrypto 2018