Threat Intelligence
Most discussions about Q-Day focus on a future threat — a moment when quantum computers finally become powerful enough to crack modern encryption. But one of the most dangerous consequences of Q-Day is already unfolding, right now, in silence. It's called "harvest now, decrypt later" — and it doesn't require a quantum computer to begin.
The premise is straightforward. An adversary — typically a nation-state intelligence agency — intercepts and stores encrypted network traffic today. The data is unreadable now, protected by RSA or elliptic curve cryptography. But the attacker is patient. They archive the ciphertext, waiting for the day a capable quantum computer exists. On that day, they retroactively decrypt everything they've collected.
"Harvest now, decrypt later is a today problem. The data being collected right now will be decrypted the moment quantum capability arrives."
— Security researchers, machine.news, 2025
The attack is particularly effective against data with long-term sensitivity. A diplomatic cable encrypted today and decrypted in 2030 is still a serious breach. The same applies to medical records, financial transactions, intellectual property, and private communications stored by governments or large corporations.
Intelligence agencies from major powers are widely believed to be conducting harvest now, decrypt later operations at scale. The NSA's bulk data collection programs, revealed by Edward Snowden in 2013, demonstrated the infrastructure already exists to intercept and store enormous volumes of internet traffic. China's state-sponsored hacking groups — APT41, Volt Typhoon — have been specifically linked to long-term data accumulation strategies by US government cybersecurity agencies.
No government officially confirms these programs. But the logical case is compelling: if you know a decryption capability is coming within a decade, the cost of storing intercepted traffic today is trivial compared to its future intelligence value.
Not all data is equally threatened. The most at-risk categories are those where sensitivity persists over time: government communications and classified intelligence, personal health records and genetic data, long-term financial records and trade secrets, and private communications between journalists, lawyers, or activists operating under authoritarian surveillance.
Everyday browsing data — a search query, a news article visit — has low value even if decrypted in 2030. But a confidential business negotiation conducted over email in 2024 could still be highly valuable years later.
This is precisely why NIST, the NSA, and cybersecurity agencies worldwide are urging organisations to begin migrating to post-quantum cryptography now — not when Q-Day arrives. Any data encrypted with current RSA or ECC standards before the migration is complete will remain permanently vulnerable to retroactive decryption.
The NSA's CNSA 2.0 framework mandates quantum-safe encryption for all new national security systems by January 2027. The European Union's ENISA and the UK's NCSC have issued similar guidance. The message from every major government security agency is the same: the window to protect sensitive data is not measured from Q-Day — it started years ago.