Abstract
Post-quantum cryptography is often framed as a future technical upgrade. Darren Bender challenges that framing and treats it as a legal exposure that already exists.
In this episode of Shielded: The Last Line of Cyber Defense, Darren introduces post-quantum negligence and explains how US courts may assess quantum risk using established legal doctrines. The discussion centers on a timing problem. Adversaries can harvest encrypted data today and decrypt it years later once quantum capability arrives. That gap breaks the traditional negligence model, where duty, breach, harm, and causation appear close together. With Harvest Now, Decrypt Later, harm may surface long after the decision to delay action. Darren explains why foreseeability becomes central, shaped by expert forecasts, Mosca’s theorem, and the Learned Hand reasonableness test. When migration cost drops below expected harm, inaction starts to look unreasonable. He outlines why financial services may be at that tipping point now, why healthcare may already be past it, and how delay compounds exposure. The episode also addresses performative quantum readiness. Public claims without real cryptographic work can raise legal risk by creating expectations. Darren closes with practical guidance for 2026, emphasizing documentation, governance, and review that hold up later.
What You’ll Learn
- What post-quantum negligence means and why it fills a US regulatory gap
- Why Harvest Now, Decrypt Later disrupts traditional negligence timelines
- How foreseeability is established through expert consensus, not speculation
- How Mosca’s theorem frames exposure versus migration runway
- How the Learned Hand test determines when inaction becomes unreasonable
- Why financial services may face the first post-quantum negligence cases
- What evidence courts may expect when reviewing 2024–2026 decisions
- Why “quantum-ready” marketing without real work creates legal risk
- How liability spreads across vendors, cloud providers, and supply chains
- What leaders can do in 2026 to reduce future legal exposure
Darren Bender is a US litigation attorney with a dual background in law and IT automation. He serves as Managing Attorney at Zwicker & Associates and is Co-Founder and Chief Litigation Officer in the post-quantum cryptography sector for a newly formed UK advisory firm, ProtecQC. Before practicing litigation, Darren spent nearly a decade as a business systems analyst at First American, where he designed and automated complex, high-volume, data-sensitive workflows across national production systems. His work today sits at the intersection of law, governance, and cryptographic risk, with a focus on how emerging technical threats translate into real legal exposure.