Two technologies whose full promises and perils are largely to be determined are nevertheless dominating headlines on a daily basis, Quantum Computing and Artificial Intelligence (AI). Few can predict their full potential; fewer understand how they work. They are the subject of speculation, debate, and prediction. Despite uncertainties, it appears organisations are taking immediate action regarding artificial intelligence but are not moving as quickly on quantum computing.
Any analysis of the technologies requires speculation, but for those who are keen to forecast, these variables should be among their considerations:
1) Are professionals taking immediate action regarding AI better served by a wait-and-see posture?
2) Are professionals taking a wait-and-see posture regarding quantum computing better served by taking immediate action?
AI’s capabilities are becoming familiar to most through ChatGPT. While the tool is useful for personal and professional purposes, its work needs to be checked. When one calculates numbers using a traditional computer or presses print on a document, one can usually rely on a predictable result (even if the printing is unsuccessful!). With ChatGPT, one cannot necessarily rely on a result without independent verification, perhaps mostly vividly illustrated by a now-sanctioned U.S. lawyer who submitted a brief to a court using platform-generated cites to cases that did not exist. The effort needed to verify AI’s work often defeats the purpose of using AI to begin with.
This issue may be compounded with time as the content generated by AI permeates other platforms and sources of information. Incomplete, poorly described, and entirely false information created by AI will make its way into databases, websites, and people’s minds. These information sources potentially will deliver faulty information to each other and return it to AI platforms.
As a business model, AI faces separate challenges. It learns by taking in vast amounts of information and uses it to improve its own processes. Much of the information available to the public, and to AI databases, is protected intellectual property or regulated as sensitive information, such as personally identifiable or health-related information. Sometimes this information is available mistakenly.
When AI gathers information, whether through automated searches or user input, it often cannot distinguish information that is freely available for its use from information it should not use. Multiple copyright holders have filed suit against ChatGPT already (it has even come after the comedians!), with more almost certain to follow. Likewise, a class action lawsuit has been filed by individuals who believe ChatGPT has used their information without appropriate authorisation or compensation.
Beyond the scope of this article are the supposed threats that AI may pose to jobs, democracy, and all humanity, each of which have drawn significant speculation and fear. Though certainly worthy of exploration, and potentially far more disruptive than the issues described above, these considerations are not as immediate nor as tangible as current and anticipated litigation, flaws in AI’s current outputs, and the time and effort required to check AI’s work products. While there is risk in delaying the employment of new technologies, any organisation considering making use of AI should keep in mind its known and immediate perils, and anticipate unknown perils emerging in the years ahead.
Unlike AI, quantum computing is in development and unavailable to all but a few technical pioneers. Its eventual realisation is assumed but the arrival date of the first efficient and fully capable quantum computer is a matter of speculation. What quantum computing can achieve, and when it will be as ubiquitous as today’s personal computer, is even harder to estimate.
What is known is that quantum computing will likely be able to decrypt many current forms of encrypted information. While this may seem like a threat that sits behind a distant horizon, in actuality it is already too late to protect many data sources. If encrypted information is stolen today and cannot be decrypted immediately, thieves can look forward to a day when quantum computing will be able to reveal it. This may still seem too far off for those making resource decisions regarding how to defend networks and their data, but thinking through the possibilities it is easy to see that investments must be made today to defend against future quantum capabilities.
Taking an arbitrary estimate of 20 years to achieve perfected quantum computing, a timeline significantly longer than many experts predict, information stolen today may not seem like it will be important or useful to a thief two decades from now. However, an individual’s health data will certainly remain relevant, as will embarrassing information through which one can be extorted, as well as social security numbers, banking information for loyal customers, and transactions with government offices.
Regarding business organisations, if there is any doubt regarding the relevance today’s data will have to malicious actors two decades from now, try this thought experiment: if a business’ 2003 database were opened and made publicly available today, what information would it hold that could undermine the value of that business or negatively impact its reputation? It is likely that some 20-year-old emails attributable to current private sector leaders might prove embarrassing, and that an organisation’s trade secrets and proprietary information of that era would still be valuable and worth concealing today, and old network configurations might reveal vulnerabilities that could be exploited now. Organisations holding valuable data, whether intellectual property, customer’s personally identifiable information, or any other information worth stealing, should seek out quantum-resistant methods to protect that information now.
While the thrill factor of AI and its accompanying dangers have drawn the most attention, quantum computing and its potential to decrypt protected information on an unknown but impending date should be the priority risk that network defenders prioritise. AI’s drawbacks are being realised daily while its ability to deliver useful outputs has been challenged. For those making resource decisions regarding their information technology budgets, quantum computing deserves as much if not more attention.
