Are video calls being recorded by nation-states?

Yes. Intelligence agencies operate large-scale traffic collection programs at network chokepoints (undersea cables, internet exchange points, ISP taps). The Snowden disclosures confirmed programs like TEMPORA and UPSTREAM that collect encrypted traffic in bulk. Video calls, which traverse the public internet, are included in this collection. The cost of storing petabytes of encrypted traffic is negligible compared to future decryption value.

When will quantum computers be able to break video call encryption?

The NSA's CNSA 2.0 guidance sets 2030 as the deadline for transitioning national security systems to post-quantum cryptography, implying they believe quantum threats could materialize around that time. Estimates range from 2030 (aggressive) to 2040 (conservative). IBM, Google, and multiple nation-state programs are actively racing toward cryptographically relevant quantum computers.

How do I protect my video calls from HNDL attacks?

The only defense against HNDL attacks is to use post-quantum key exchange today. If your video calls use post-quantum algorithms like ML-KEM-768 for key establishment, recorded traffic cannot be decrypted even with a future quantum computer. V100 is the only video platform that deploys ML-KEM-768 + ML-DSA-65 + FALCON-512 on every session, protecting against HNDL by default.

What Is Harvest Now, Decrypt Later? The Threat to Every Video Call in 2026

Q: What is harvest now decrypt later?

Harvest now, decrypt later (HNDL) is a cyberattack strategy where adversaries record encrypted network traffic today and store it until quantum computers can break the encryption. The encrypted data is useless now, but will become readable once a sufficiently powerful quantum computer runs Shor's algorithm against the key exchange. Nation-states are actively conducting HNDL operations against high-value targets.

On any given day in 2026, approximately 720 million video calls take place globally. Board meetings where CEOs discuss billion-dollar acquisitions. Telehealth sessions where oncologists deliver diagnoses. Legal depositions that will determine the outcome of major litigation. Investor calls where fund managers reveal unreleased alpha. Diplomatic sessions where trade agreements take shape.

Every one of these calls is encrypted. And every one of them is being recorded by someone who cannot read them today — but will be able to read them within the next decade.

This is the harvest-now-decrypt-later (HNDL) attack. It is not theoretical. It is not a prediction. It is a documented, ongoing intelligence operation conducted by multiple nation-states. And video calls are its highest-value target.

What Is Harvest Now, Decrypt Later?

Harvest-now-decrypt-later is a three-phase attack strategy:

Harvest (Now)

Record encrypted network traffic at scale. Tap undersea cables, intercept at internet exchange points, compromise ISP infrastructure, or position collection devices at data center peering points. Store everything. Encrypted data is cheap to store — about $5 per terabyte per month in 2026.

Wait (Years)

Store the encrypted data in long-term archives. Catalog it by source IP, destination, timing, metadata. Index it for later retrieval. Wait for quantum computing to mature. The cost of patience is only storage — a few million dollars per year for a nation-state. The potential intelligence value is incalculable.

Decrypt (Later)

When a cryptographically relevant quantum computer (CRQC) becomes operational, run Shor's algorithm against stored key exchange data. Recover session keys. Decrypt all recorded traffic retroactively. Every video call, email, file transfer, and VPN session protected only by classical asymmetric encryption becomes plaintext.

The economics are asymmetric and devastating. The cost of harvesting and storing encrypted traffic is trivial. The cost of building a quantum computer is enormous — but nation-states are already spending tens of billions on quantum computing programs. Once a single CRQC exists, the entire archive of decades of encrypted traffic becomes readable simultaneously.

Who Is Conducting HNDL Operations?

Multiple intelligence programs have been publicly documented that perform bulk encrypted traffic collection — the "harvest" phase of HNDL:

Five Eyes (NSA, GCHQ, ASD, CSE, GCSB)

The Snowden disclosures (2013) revealed programs including TEMPORA (GCHQ — tapping undersea fiber optic cables, collecting all data flowing through them), UPSTREAM (NSA — collecting communications from the backbone of the internet), and PRISM (direct collection from service providers). These programs collect encrypted traffic in bulk. The NSA's Utah Data Center was designed to store exabytes of collected data. The NSA publicly acknowledged the quantum threat in its CNSA 2.0 guidance (2022), setting 2030 as the transition deadline — implying internal awareness of CRQC timelines.

China (MSS, PLA Unit 61398, APT groups)

China's quantum computing program is the world's second-largest, with over $15 billion in government investment. Chinese APT groups have been documented compromising telecommunications infrastructure worldwide (Salt Typhoon, 2024 — targeting major US telecom providers). China's intelligence services have both the capability to harvest traffic and the quantum computing program to eventually decrypt it. The 2024 Salt Typhoon campaign specifically targeted communications metadata and potentially content from US government officials and political campaigns.

Russia (FSB, GRU, SVR)

Russian intelligence services operate SORM (System of Operative-Investigative Measures), which mandates that all Russian ISPs provide the FSB with direct, unmediated access to all network traffic. Russian collection capabilities extend internationally through compromised infrastructure, submarine cable taps, and diplomatic intercepts. Russia's quantum computing program is smaller than China's but active, with the Russian Quantum Center and multiple state-funded initiatives.

These are not allegations. TEMPORA, UPSTREAM, SORM, and Salt Typhoon are documented facts. The collection infrastructure exists. The storage capacity exists. The quantum computing programs are funded and operational. The only missing piece is sufficient qubit count — and every major quantum computing company's roadmap shows that arriving within the next decade.

Why Video Calls Are the Highest-Value HNDL Target

Not all encrypted traffic is equally valuable to an adversary. Video calls represent the single highest information density of any network communication type. Here is why:

Information density comparison

Video Call

Highest value per byte

Contains voice (semantic content), facial expressions (emotional context), screen shares (documents, data, code), participant identities (biometric data), and real-time interactions (decision dynamics). A single 60-minute board meeting can contain dozens of material nonpublic disclosures.

High value, but edited and filtered

Written communication is self-censored. People say things in video calls they would never write in email. Video captures the unguarded version.

File Transfer

Valuable but static

Documents are useful but lack the context of how they were discussed, who objected, what was decided but not written down.

Video calls also have uniquely long confidentiality requirements. Consider the information types transmitted over video:

•

Healthcare (telehealth): Patient data must remain confidential for the patient's lifetime. Over 200 million telehealth visits occur annually in the US alone. A psychiatric session discussing suicidal ideation, an oncologist explaining a prognosis, a genetic counselor revealing hereditary conditions — these are permanently sensitive.

•

Legal: Attorney-client privilege has no expiration date. A deposition is admissible evidence potentially forever. A settlement negotiation reveals strategy permanently.

•

Corporate strategy: The average Fortune 500 board meeting discusses decisions affecting $50 million or more in enterprise value. M&A discussions, competitive intelligence, pricing strategy, and organizational restructuring all have multi-year sensitivity. Insider trading liability alone creates 10+ year windows.

•

Government: Classified information has decades-long sensitivity. Diplomatic negotiations shape geopolitics for generations. Intelligence sources must be protected for the source's lifetime.

The Numbers: Scale of the HNDL Threat to Video

The scale of potential HNDL damage to video communications is staggering when quantified:

71%

of organizations have no post-quantum migration plan (Deloitte 2025 survey)

200M+

telehealth visits per year in the US alone, all on classical encryption

$50M+

average decision value discussed in Fortune 500 board meetings

$5/TB/mo

cost of storing encrypted traffic — trivial for nation-state budgets

Consider a single day's worth of enterprise video calls at a Fortune 100 company. Hundreds of meetings, each containing strategic discussions that would be material to competitors, regulators, or adversarial governments. The total bandwidth of a day's video calls might be 500 GB — storable for about $2.50 per month. The intelligence value of decrypting those calls could be worth hundreds of millions of dollars.

The NSA's 2030 Deadline: What It Tells Us

In September 2022, the NSA released CNSA 2.0 (Commercial National Security Algorithm Suite 2.0), setting explicit deadlines for transitioning national security systems to post-quantum cryptography:

CNSA 2.0 transition timeline

2025

Software and firmware signing

All software and firmware for national security systems must use post-quantum signatures. This deadline has already passed.

2027

Web servers and cloud services

TLS and other network protocols must support post-quantum key exchange for national security system web infrastructure.

2030

All key exchange

Every system performing key establishment for national security purposes must use post-quantum algorithms. This explicitly includes real-time communications.

2033

All digital signatures

Complete transition of authentication and non-repudiation to post-quantum signature algorithms.

The NSA does not set arbitrary deadlines. These timelines reflect classified intelligence about adversary quantum computing progress. When the NSA says national security systems must be post-quantum by 2030, they are saying: we believe quantum threats could materialize around that time. They are also implicitly acknowledging that today's encrypted traffic is already being harvested for future decryption — otherwise there would be no urgency.

The critical point: CNSA 2.0 protects traffic from 2030 onward. It does nothing for traffic encrypted between now and 2030. Every classically-encrypted video call between 2020 and 2030 is already in the HNDL window — recorded, stored, waiting. The damage is already done for those sessions. Only sessions encrypted with post-quantum algorithms today are protected.

The Compounding Cost of Inaction

HNDL is unique among cybersecurity threats because the damage accumulates silently and irreversibly. Unlike a ransomware attack (detectable, immediate impact) or a data breach (discoverable, reportable), HNDL creates no alerts, triggers no detection, and produces no evidence of compromise until the quantum decryption event.

Every day that an organization continues to use classically-encrypted video conferencing is another day of harvestable traffic added to the adversary's archive. The cumulative exposure is:

Daily exposure = (meetings/day) * (avg_duration) * (sensitivity_score)

Cumulative risk = Daily exposure * days_until_migration

For a Fortune 500 company: ~50 sensitive meetings/day * 365 days/year * years_delayed

= 18,250 permanently compromised meetings per year of delay

This is not recoverable. Once traffic is harvested, you cannot un-harvest it. You cannot retroactively protect past sessions. You can only protect sessions from this point forward by deploying post-quantum key exchange now.

Industries in the HNDL Crosshairs

While all encrypted video traffic is harvestable, adversaries prioritize targets based on intelligence value and data sensitivity timelines:

Critical Risk

Defense and Intelligence: Classified discussions, weapon system specifications, intelligence sources and methods, diplomatic negotiations. Sensitivity: permanent. Primary adversary interest: absolute.

Critical Risk

Healthcare and Life Sciences: Patient records, clinical trial data, pharmaceutical IP, genetic information. HIPAA requires lifetime protection. 200M+ telehealth visits/year. Adversary interest: pharmaceutical espionage, blackmail.

High Risk

Financial Services: Trading strategies, M&A discussions, client portfolio reviews, regulatory discussions. Sensitivity: 10-20 years (insider trading statutes). Adversary interest: market manipulation, economic advantage.

High Risk

Legal: Attorney-client communications, litigation strategy, settlement negotiations, depositions. Sensitivity: permanent (privilege never expires). Adversary interest: litigation advantage, intelligence on targets.

Elevated Risk

Technology and IP-heavy industries: Product roadmaps, architecture discussions, patent strategy, research findings. Sensitivity: 5-15 years (product lifecycle). Adversary interest: technology transfer, competitive intelligence.

The Only Defense: Post-Quantum Key Exchange Today

There is exactly one defense against HNDL: use post-quantum key exchange before your traffic is harvested. If the key exchange algorithm is quantum-resistant, the stored ciphertext is worthless to the adversary even with a quantum computer. The mathematical problem underlying the key exchange (for ML-KEM: the Module Learning With Errors problem) remains hard for quantum computers.

There are no retrospective fixes. You cannot patch already-harvested traffic. You cannot revoke a key exchange that already occurred. You cannot encrypt data that has already been decrypted. The only action that matters is protecting sessions from this moment forward.

V100 deploys post-quantum key exchange (ML-KEM-768, FIPS 203) on every video session by default. There is no opt-in toggle, no enterprise tier requirement, no feature flag. Every V100 session, from the first call onward, uses quantum-resistant key establishment. This means every V100 session is HNDL-proof from the moment it occurs.

V100's HNDL defense stack

Layer 1

ML-KEM-768 hybrid key exchange

Session keys established via lattice-based KEM. Harvested ciphertext cannot be decrypted by quantum computers. Hybrid with X25519 for defense-in-depth.

Layer 2

ML-DSA-65 + FALCON-512 authentication

Participant identities authenticated with post-quantum signatures from two independent lattice families. Cannot be forged by quantum computers.

Layer 3

SLH-DSA long-lived attestation

Session attestations signed with hash-based signatures (completely independent of lattice assumptions). Provides verifiable proof of session integrity even in a post-quantum world.

What Your Organization Should Do Now

The HNDL clock started years ago. You cannot undo past exposure. But you can stop the bleeding today:

Inventory your sensitive video communications. Which meetings would cause material harm if decrypted in 2035? Board meetings, legal, healthcare, IP discussions, M&A — these are your immediate priorities.

Migrate high-sensitivity meetings to post-quantum video immediately. Do not wait for your primary platform to add PQ support. They have not even announced timelines. Every day you wait is another day of harvestable traffic.

Demand PQ roadmaps from your video vendors. Ask Zoom, Teams, and Meet explicitly: when will you deploy FIPS 203 key exchange? If they cannot answer, you have your risk assessment.

Document your migration for compliance. When regulators ask (and they will — the OMB memo is coming), you need evidence of when you deployed PQ protection. Every classically-encrypted session after today is a documented risk acceptance.

Stop the harvest. Start with your next meeting.

V100 deploys ML-KEM-768 post-quantum key exchange on every session by default. No configuration. No enterprise tier requirement. Your first V100 call is HNDL-proof. Every Zoom call after it is not.

Quantum Security Architecture Try HNDL-Proof Video