Post-Quantum Negligence: When Inaction Becomes Legal Exposure

Episode notes

Post-quantum cryptography is often framed as a future technical upgrade. Darren Bender challenges that framing and treats it as a legal exposure that already exists. In this episode of Shielded: The Last Line of Cyber Defense, Darren introduces post-quantum negligence and explains how US courts may assess quantum risk using established legal doctrines. The discussion centers on a timing problem. Adversaries can harvest encrypted data today and decrypt it years later once quantum capability arrives. That gap breaks the traditional negligence model, where duty, breach, harm, and causation appear close together. With Harvest Now, Decrypt Later, harm may surface long after the decision to delay action. Darren explains why foreseeability becomes central, shaped by expert forecasts, Mosca’s theorem, and the Learned Hand reasonableness test. When migration cost drops below expected harm, inaction starts to look unreasonable. He outlines why financial services may be at that tipping point now, why healthcare may already be past it, and how delay compounds exposure. The episode also addresses performative quantum readiness.