Should Telcos Research Quantum Safe Cryptography?

A recent article by industry analyst Patrick Donegan observes that Dutch telco KPN is doing research into quantum-safe encryption. Donegan asks why KPN would want to be a leader in quantum safe algorithms, and then offers three possible answers:

  • There is differentiation to be had – and money to be made – from developing Intellectual Property (IP) around new quantum safe algorithms themselves.
  • There is latent, near-term, demand for quantum services that will start customers on a journey towards lowest cost migration to quantum security over time.
  • Implementing quantum safe algorithms will be challenging and potentially very expensive. Those companies that try multiple iterations over a period of time – those who try and ‘fail fast’ – will be in a better position to implement them early, effectively, and at lowest cost once viable solutions are available.

Donegan makes an interesting argument for why telcos should seek to generate revenue by providing cybersecurity services. His recent report about KPN observes that the Dutch telco “is now able to position itself as the largest provider of cyber security services in the Dutch market.” With telcos needing to look for new revenue streams, the expansion of ICT services, and of cybersecurity services in particular, could work well for bigger telcos who already sell themselves as trusted providers with a reputation for reliability.

Nevertheless, I still think it peculiar that KPN and Donegan would focus on quantum safe cryptography. What Donegan fails to state is that existing encryption techniques cannot be cracked by quantum computing (QC) because nobody has actually built the kind of quantum computer which could theoretically crack them. As Paul Teich writes in his article for Forbes:

QC will not break encryption keys this decade. Without massive research and development breakthroughs, the QC researchers I have talked with do not believe that QC will break encryption keys during the next decade, either.

Put in that context, it seems the near-term demand for quantum safe cryptography might be exaggerated, and that KPN investors will not see any return for the investment in this R&D for a long while. Even the best quantum computers commercially available today, such as the D-Wave Two (pictured above) are not ready to break the secure encryption that lies at the heart of modern business. And anyone wanting to use a D-Wave Two for hacking would first need to spend several million dollars on purchasing one.

I cannot comment on the Dutch market, but I have learned a few lessons from the UK market. In the UK we still have some telecoms dinosaurs who spend a lot of time gassing that everything would be fine if only a lot more investment was put into developing such-and-such tech. What they mean is that everything would be great if they were given a lot of money to spend on developing new tech. What they fail to mention is that they previously worked for BT, back when the incumbent spent a lot of money on developing tech which BT was never able to commercially exploit.

Both investors and customers have reasonable expectations for what they want from a telco. Just because somebody thinks they know how to make a revolutionary new kind of deep fat fryer does not mean BT or another telco should spend money on developing it. If an innovation is good enough then its development should be financed through an appropriately transparent framework in an appropriate business environment, so investors understand where their money is going, and the enterprise is correctly positioned to exploit their intellectual assets when the market is ready. That principle applies equally well to innovations in deep fat fryers, personal computers and quantum safe cryptography.

It may well be that KPN’s management have done the right thing by placing their telco at the fore of cybersecurity. Perhaps they will be able to exploit their investment when there is demand for the services they are creating. Businesses sometimes change what they do, and so perhaps KPN is a business that will successfully transition from being a telco to becoming a supplier of ICT services, just as IBM switched from being makers of hardware to suppliers of software and consulting, and just as Apple was a pioneer of home computers but now makes most of its money from mobile phones. But it does not follow that every telco should make the same kind of transition.

Good luck to KPN; I hope they succeed in gaining a clear commercial advantage by becoming pioneers in the field of cybersecurity. However, most telcos should seek to expand their revenue opportunities elsewhere.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Director of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.