Harvest Now, Decrypt Later:
The Attack That Already Happened to You

There is a specific moment when most security professionals first encounter the harvest now, decrypt later concept. It lands differently than most threat briefings. Most threats operate on a timeline — an attacker needs to compromise your network, move laterally, find valuable data, and exfiltrate it before detection. The clock works against them.

Harvest now, decrypt later inverts that entirely. The collection has already happened. The race is over. The only remaining question is when the decryption becomes possible — and that timeline is no longer theoretical.

What Is Actually Being Collected

The Snowden documents, MUSCULAR program records, and subsequent reporting from security researchers have established beyond reasonable dispute that bulk collection of encrypted internet traffic has been operational for over a decade. The stated justification at the time was metadata analysis — who communicates with whom, at what frequency, from where. The encrypted payload was considered inaccessible.

That calculus changed when quantum computing timelines began compressing. What was once stored as interesting metadata became a strategic archive. Encrypted payloads that were unreadable in 2015 are investments against a future decryption capability. The collection programs didn't change. The strategic value of what they were collecting changed.

It is not only government-level programs. Criminal organizations with access to nation-state tools, private intelligence contractors, and sophisticated corporate espionage operations have all adopted variants of this strategy. Storage is cheap. Encrypted data is abundant. The bet is asymmetric — the cost of collection is low, the potential future value is enormous.

What the Timeline Actually Looks Like

Public discourse about quantum computing tends to focus on a binary question: has a quantum computer broken RSA-2048 yet? The answer is currently no. This answer is frequently used to dismiss the urgency of the threat, which reflects a fundamental misunderstanding of how intelligence operations actually work.

The relevant question is not what is publicly demonstrated. It is what exists in classified environments, what the trajectory of private investment implies, and how long the data being generated today needs to remain secure.

NIST's finalization of the first post-quantum cryptographic standards in August 2024 — FIPS 203, FIPS 204, and FIPS 205 — was not a precautionary measure. Standards bodies do not finalize cryptographic standards in anticipation of threats that are decades away. The timeline compressed. The response was the accelerated finalization of a new cryptographic foundation.

For organizations whose communications need to remain confidential for five to ten years — legal privilege, ongoing investigations, competitive intelligence, national security — the harvest now, decrypt later threat is not future risk. It is current exposure.

What This Means for Your Communications Infrastructure

Every encrypted communication your organization has sent over infrastructure you don't control is potentially in an archive somewhere. Email traveling through a major provider. Voice calls routed through carrier infrastructure. Video conferences on third-party platforms. File transfers through cloud storage. All of it encrypted with algorithms that were state-of-the-art when deployed. None of it encrypted with algorithms designed for the post-quantum threat environment.

The standard response to this briefing is to ask what can be done about historical data. The answer is: nothing. What has been collected cannot be uncollected. The only actionable response is to change what is being generated going forward.

Communications generated today under post-quantum encrypted infrastructure are not valuable to a harvest now, decrypt later operation. The algorithms protecting them are specifically designed to resist quantum decryption. The data has no future value to an attacker, regardless of their computational capability.

This is not a theoretical or future-state argument. The migration window — the period during which organizations can move to post-quantum communications infrastructure before their current communications become readable — is open now. It will not remain open indefinitely.

The Specific Vulnerability of Communications Data

Not all encrypted data carries equal risk under harvest now, decrypt later. Financial transaction records from five years ago have limited ongoing value. Communication records are different. A conversation between legal counsel and a client that occurred three years ago, decrypted today, carries full legal privilege implications. An executive strategy discussion, a regulatory investigation communication, a negotiation — these retain their value and their sensitivity regardless of when they occurred.

Communications data is also longitudinal. A single decrypted email thread is useful. Five years of decrypted communications between an organization's leadership and its most sensitive contacts is transformative for an adversary with the patience to wait.

The organizations most exposed by harvest now, decrypt later are precisely the organizations that communicate most sensitively — government agencies, legal and financial institutions, defense and intelligence contractors, healthcare and research organizations. These are also the organizations with the longest confidentiality requirements and the highest consequence of exposure.