Blog

Things To Do In Encryption When You’re Dead

By Rich

Technically the title should be Things to do With Encryption…, but then I wouldn’t have a semi-obscure movie reference.

Cory Doctorow of BoingBoing linked to a column of his over at The Guardian entitled If I’m dead how will my loved ones break my password?. As a new father myself, I recently went through the estate planning process with my lawyer, and this is one issue I’ve long thought needed more attention. A few years ago I even considered building a startup around it.

Much of my important data is encrypted – especially logins to bank accounts and such. Also, a fair bit of my other data is either encrypted, or protected in ways many of you fair readers could circumvent, but my family members can’t. I also have a ton of “personal institutional knowledge” in my head – everything from how to keep this blog running, to locations of family photos, to all the old email correspondence I kept when my wife and I started dating. If I get hit by a truck (or, more likely, kill myself in some bizarrely stupid way right after saying, “okay, check this out”), all of that would either be lost to the ether, or complex to recover.

Heck, I have content that might be important to my family in applications in virtual machines on encrypted drives.

Part of my estate planning process is ensuring that not only do my family and business partners have access to this information if I’m not around, but that they’ll know where the important bits are in the first place.

Unlike Cory I’m not concerned with using split keys in different countries to prevent exposure to the government, but I also don’t think I’m as organized as he is in terms of where I keep everything.

Thus, as part of my estate planning, I’m looking at the best way to make this information available on the off chance my sense of self-preservation fails to mature. Here’s the plan right now:

  1. Compile my passphrases, locations of important information, and other documentation into a single repository. I’m considering using 1Password since it already has the logins to nearly everything, I use it daily, and it can export to an encrypted PDF or a few other formats. 1Password supports secure notes for random instructions and other documentation.
  2. On a regular basis, I will export the information to an encrypted file which I’ll provide to my lawyer, and store in a secure online repository. I have a lot of options for this, but for the rest of you it might be better to set up a Hotmail/Yahoo/Whatever email account you don’t ever use for anything else, and send it there. You can then give your lawyer or executor access to that account (remember, the contents up there are still encrypted). This makes it easy to keep the information up to date, and it’s protected from your lawyer’s office burning down with your encrypted hard drive. It may be worth it to use two different services, just in case. Remember that if your lawyer doesn’t have direct access, it may be difficult for him/her to legally obtain access after death.
  3. I’ll give my lawyer the locations of the information and the passphrase for my 1Password export in a sealed envelope. Since he’s my brother in law, and might be with me when I accidentally blow up that propane tank, I’ll make sure his partner also has a copy in a separate physical location.

That should cover it – my information is still protected (assuming I trust my lawyer), and it includes logins, locations of important electronic documents, and so on. I’m in the middle of setting this up, and haven’t even talked to my lawyer about the details yet, but it’s as important as any other aspects of my trust.

A separate issue, and the other half of my vaporware startup, is what happens to all my correspondence/photos/movies after I die? Historically, the archives of individuals, handed down through generations, are an important part of the human record. This isn’t just an ego thing – letters and photos of regular folks are as important to historians over the ages. Right now, as a society, this isn’t an issue we’ve really addressed.

No Related Posts
Comments

thank you @reppep

By myoyun.com


Rich,

Dr. Luke at “No Tricks” blog had this entry yesterday that may describe a service that’s just the ticket here. I paraphrase:

A new secure internet storage service called DataInherit. DataInherit is more than secure storage

By Joe Webster


Rich,

I understand that, which is why I’m not squirming for you personally. But trusting wives and brothers (husbands and sisters) has a long history of being less safe than originally thought (regardless of who may or may not be at fault).

Personally, most of my data & infrastructure is unencrypted, so Amy knows several people (including you) who could come over and get access to almost everything in an emergency, without any passwords or escrow. This makes me a bit nervous, but not enough to encrypt everything (and find a workaround for the final scenario).

If I died today, Amy could gain control of my email account and do online password recovery. She’d have all our email and our websites, and the photo & music archives.


tim,

Safe deposit boxes are frozen once the bank finds out you died, which can be problematic.

By reppep


Chris,

I don’t’ really have anything I don’t want them to see. My lawyer doesn’t care, and Sharon has access to everything anyway. I suppose if our relationship collapsed I’d have to change everything out, but that wouldn’t be very hard. Also, it’s not something I ever think about.

By Rich


Tim-

It’s not the encryption that matters (which means I used a bad title for the post), but the passwords to everything else. No one cares about my porn (it’s all cloud-based anyway), but the family might want my writings, old personal emails, access to my online services (email, banking, Amazon) and so on. It’s WAY too hard for me to write all that crap down, but if they get my password vault (which is encrypted) then they are all set. Unlike Cory, I don’t encrypt everything anyway- my laptop for travel, and (occasionally) business stuff at home.

Also, being a 2.5 person company, that *is* our disaster recovery plan.

By Rich


Note that in the general case, one’s wife and her brother are probably not the ideal people to hold secrets which they should not to have while one lives…

Basically you’re giving your lawyer / brother-in-law all your data, and trusting him not to access it while you’re alive. This is a reasonable expectation, but hardly ironclad.

By reppep


Can we say overkill? 

Perhaps 1% of any of my information that I keep is of any remote use to my loved ones when I’m dead.  Will, property documents, tax returns, a CD backup of critical files (less than 100meg), insurance, and a printed copy of account numbers, URLs and passwords are held in - wait for it - a safety deposit box.  In which a second person I trust has authorization to access. 

I know I know - radical concept.  But when I hear Cory and everyone else talking about what encryption to use and types of key management I am wondering what color of the sky is in their world.  Very few people (especially my lawyer) knows what the hell encryption is let alone how to access data on a drive that is encrypted with say with Truecrypt.  They are trying to solve a problem that is already solved with the wrong tools.

Its simple - define what is important when you die (your encrypted pr0n is not) and use tried and true real world mechanisms.

And work related information for someone who gets hit by a train should be all part of any companies disaster recovery process.

By tim


If you like to leave comments, and aren’t a spammer, register for the site and email us at info@securosis.com and we’ll turn off moderation for your account.