RETROACTIVE DECRYPTION AND THE RIGHT TO PRIVACY: EVALUATING STATE DUE DILIGENCE IN THE TRANSITION TO POST-QUANTUM CRYPTOGRAPHY

Islombek Abdikhakimov

RETROACTIVE DECRYPTION AND THE RIGHT TO PRIVACY: EVALUATING STATE DUE DILIGENCE IN THE TRANSITION TO POST-QUANTUM CRYPTOGRAPHY

Islombek Abdikhakimov

Tashkent State University of Law

Science-Conference.com

Volume: 4

Issue: 1

Date: January 29, 2026

Abstract

The imminent arrival of Cryptographically Relevant Quantum Computers (CRQCs) threatens to dismantle the cryptographic foundations of global privacy rights through the “Harvest Now, Decrypt Later” (HNDL) strategy. This adversarial practice, wherein encrypted data is intercepted today for future decryption, creates a “privacy time-bomb” that challenges the temporal scope of human rights obligations. This article evaluates the compatibility of the “Harvest Now, Decrypt Later” threat with the International Covenant on Civil and Political Rights (ICCPR) and the European Convention on Human Rights (ECHR). It examines whether the state’s failure to mandate Post-Quantum Cryptography (PQC) constitutes a breach of the due diligence obligation to protect the right to privacy. Through a doctrinal analysis of international jurisprudence and technical readiness assessments, the study finds that the current “wait-and-see” regulatory approach effectively tolerates the retroactive violation of privacy. The article concludes that the international legal principle of due diligence must be reinterpreted to include a “crypto-agility mandate,” compelling states to transition critical infrastructure to quantum-safe standards immediately to prevent a future where privacy is rendered technologically impossible.

Keywords

Retroactive Decryption, Right to Privacy, HNDL, Post-Quantum Cryptography, Due Diligence, State Responsibility, Human Rights

References

Chen, H., Coco, A., Rotondo, A., & Ying, Y. (2025). The Attribution of Cyber Operations to States in International Law. Geneva Centre for Security Policy (GCSP). Cohen, J. E., de Witte, B., & Purnhagen, K. (2016). Bridging the transatlantic divide? The United States, the European Union, and the protection of privacy across borders. International Journal of Constitutional Law, 14(1), 220–229. Erol, V. (2025). The Strategic Imperative of Quantum Readiness: A Comprehensive Review of Post-Quantum Cryptography. Preprints.org. Jang-Jaccard, J. (2025). Practical Challenges in Executing Shor’s Algorithm on Existing Quantum Platforms. arXiv. Jena, J. (2025). The Quantum Security Deadline: Building Crypto-Agility Against ‘Harvest Now, Decrypt Later’ Threats. European Journal of Computer Science and Information Technology, 13(52), 35-52. Journal of Business, IT, and Social Science. (2017). Cybersecurity and International Law: Defining State Responsibility for Cross-Border Cyberattacks. Journal of Business, IT, and Social Science. Kastelic, A. (2019). Inducing compliance with international law in cyberspace – State responsibility, countermeasures and the obligations of due diligence. White Rose eTheses Online. Mavroeidis, V., Vishi, K., Zych, M. D., & Jøsang, A. (2018). The Impact of Quantum Computing on Present Cryptography. International Journal on Advanced Science, Engineering and Information Technology, 8(3), 991-998. Ollino, A. (2016). Due Diligence Under International Law: Reappraising its Scope, Functions and Limits (Doctoral dissertation). Università degli Studi di Milano-Bicocca.

ScienceConference