Post-Quantum Negligence Assessment Tool
Learned Hand Formula Applied to HNDL and Mosca's Theorem
ā ļø The Legal Risk of Post-Quantum Delay
The Learned Hand Formula (from U.S. v. Carroll Towing Co., 1947) states that negligence occurs when
B < PL, where B is the burden (cost) of prevention, P is the probability of harm, and L is the magnitude of loss.
In the context of Post-Quantum Cryptography and the "Harvest Now, Decrypt Later" (HNDL) threat, this means:
if the cost of implementing PQC now is less than the expected loss from quantum decryption (probability Ć damages),
delaying PQC migration could constitute negligence.
Select an industry scenario to load typical values for that sector, or choose "Custom" to set your own parameters.
Step 1: Mosca's Theorem - Assess Your Timeline
š Mosca's Quantum Threat Probabilities
Based on Dr. Michele Mosca's analysis: 14% probability by 2026 (1 in 7 chance),
50% by 2031 (1 in 2 chance), with projections of 70% by 2035 and 85% by 2040.
ā¦
X = Data Security Requirement
5 years
How long does your sensitive data need to remain confidential?
05101520
ā¦
Y = PQC Migration Time
3 years
How long will it take to complete your migration to quantum-safe cryptography?
03691215
X+Y: 8 years
Probability Calculation (P):
Your data needs protection for 5 years, and migration will take 3 years.
Total exposure window: 8 years (until year 2033)
Based on Mosca's probability curve, the chance that Q-Day arrives before 2033 is:
Your data needs protection for 5 years, and migration will take 3 years.
Total exposure window: 8 years (until year 2033)
Based on Mosca's probability curve, the chance that Q-Day arrives before 2033 is:
60%
Step 2: Learned Hand Formula - Negligence Analysis
B < PL
B = Burden of PQC Migration
$500,000
Total cost to implement post-quantum cryptography (technology, labor, consulting, testing)
$100K$1.5M$3M$5M
P = Probability of Quantum Breach
60%
Calculated from Mosca's probabilities based on your X+Y timeline above
This probability is automatically calculated based on your data security requirement (X) and migration time (Y).
It represents the likelihood that quantum computers will be able to decrypt data harvested today before your
data's confidentiality requirement expires.
L = Magnitude of Loss
$10,000,000
Total damages if sensitive data is decrypted (regulatory fines, litigation, reputation damage, IP theft, competitive harm)
$1M$25M$50M$100M
Negligence Comparison
$500K
Cost to Prevent
$6.0M
Expected Loss (PĆL)
12.0x
Risk/Cost Ratio
āļø Legal Disclaimer
This tool is provided for educational and informational purposes only and does not constitute
legal advice, professional consultation, or a guarantee of legal outcomes. The Learned Hand Formula is a legal
framework that may be interpreted differently by courts and jurisdictions. Actual negligence determinations depend
on numerous factors beyond those modeled here. Consult with qualified legal counsel before making
decisions based on this analysis. No attorney-client relationship is created by use of this tool.