From /.: "How to bequeath sensitive information?"

This is a very important question that not many people give much tought. Recently this question was posted on the Slashdot (/.) titled "Ask Slashdot: How To Bequeath Sensitive Information?". In essence:

"I will have documentation on financial accounts, passwords, etc., which I will want to share with a few people who are pretty far away ... is there any way to share this sort of information electronically? There are lots of things to secure transmission of data, but once it arrives on the recipients' desktop, you run the risk of their system being compromised and exposing the data."

The post spurred a debate and suggestions from law firms that offer document escrow, deposit boxes and home safes, to encrypting files and hard drives, splitting the encryption key and send it to several people (Shamir's Secret Sharing). The failure of digital media was often a concern. Saving digital documents on CDs, DVDs, USB thumb drives and hard drives is not fail safe at all (e.g. bit rot). So was a concern the local laws that regulate access to ones legacy.

The most insightful comments were using an encrypted database shared on a cloud with others.

"I use keepass to keep my passwords for various things encrypted on my systems ... you just have one password to share and all of your information is unlocked. Send it to them in a secure fashion or come up with some sort of shared storage they can access (dropbox) so that you can update passwords as they need to change and then you can put your password for keepass in your will so they don't have access to anything until you die."

My concern about this would be the safety of the DB if other people's computers are compromised. Given enough time ... Others suggested:

"My safety deposit box also includes a master password and a 1TB encrypted USB backup drive. Since the professional who wrote my will also advised leaving a copy in the box and registering that this is where the "official" notarized original is located, my executor will, by local laws, just have to provide proof of death and the copy of the will indicating they are the executor to access my box. Having the key (which they likely would) would help too."

This backup drive needs to be updated regularly. It is probably good have two copies and change drives every couple of years just to be on the safe side. Deposit boxes can also be regulated by different local laws. It is a good idea to check them first. For example one commenter said:

"Safe deposit boxes can get funny depending on state law. First don't ever put the will in the box. The executor will need that access the box later. Furthermore, it could take several day or weeks to get the authority to open the box after the person has died, so don't put anything in there that is time critical."

Other suggestions involved cryptography:

"You could send them an encrypted file (#1) now with all the info you wish to share with them. Along with a password for a file that will arrive when you die. Then set up a service like deathswitch.com and have another encrypted file sent to them (#2). The password they already possess unlocks #2 and that contains the password(s) for #1."

or

"Public key cryptography allows a key to be split up, so that you need a minimum of X out of Y pieces to recover the key. Split the key into 5 pieces where 3 are enough to unlock it, and hand it out to lawyer, friends, co-workers, etc."

Even these solutions are not error proof. For example people can get together prior to someone's death and acces all information. An interesting and thought through solution was:

"In California ... a bank safe deposit box is NOT sealed if one of us dies. The box remains available to the other persons who are listed at the bank ... The complete original documents for ... estate plan are in the safe deposit box. ... A list of all ... accounts [and inventory of mutual funds] is in the safe deposit box. In a sealed envelope in the safe deposit box are a floppy disc, a compact disc, and a printout of OpenPGP public and private keys and  OpenPGP passphrase ... (I chose three media since I have no way to predict what formats might become obsolete before I die.) That envelope also contains a list of all important Internet passwords, which are encrypted on my PC. I have an unencrypted list on a PC titled "Where Is It?" that describes where everything should be found: checkbooks, bank statements, insurance policies, durable powers of attorney for health care, mutual fund statements, deed to the house, etc. When I update this list, I E-mail a copy to our daughter; another copy is in the ring binder with our estate plan. Also in the ring binder is the paperwork for our purchase of burial plots."

Most of the solutions need updating. But the will need updating anyway.

PIM paper: Trullemans and Signer "From User Needs to Opportunities in Personal Information Management: A Case Study on Organisational Strategies in Cross-Media Information Spaces"

This paper is exploring piling/filing paradigm.

Sandra Trullemans and Beat Signer 

From User Needs to Opportunities in Personal Information Management: A Case Study on Organisational Strategies in Cross-Media Information Spaces

Abstract

"The ecient management of our daily information in physical and digital information spaces is a well-known problem. Current research on personal information management (PIM) aims to understand and improve organisational and re- nding activities. We present a case study about organisational strategies in cross-media information spaces, consisting of physical as well as digital information. In contrast to existing work, we provide a uni ed view on organisational strategies and investigate how re- nding cues di er across the physical and digital space. We further introduce a new mixing organisational strategy which is used in addition to the well-known ling and piling strategies. Last but not least, based on the results of our study we discuss opportunities and pitfalls for future descriptive PIM research and outline some directions for future PIM system design."

PIM paper: Nebeling et. al. "Engineering information management tools by example"

This paper is about development of PIM tools based on "designing by example". Example in this case is Adobe Lightroom.

Michael Nebeling, Matthias Geel and Moira C. Norrie, 

Engineering Information Management Tools by Example

ABSTRACT

While there are many established methodologies for information systems development, designing by example has not been formally explored and applied previously. Our work is also motivated by the desire to explore interface-driven development techniques that could complement existing approaches such as model-driven engineering with the goal of reducing the need for modelling and reengineering of existing applications and interfaces, while still supporting the development task. We explore the example-based technique for rapid development of powerful and flexible information management tools based on the example of Adobe Photoshop Lightroom, a system that was originally designed to support the workflow of digital photographers in a flexible way. We analyse experiments in which two new systems — one for managing collections of research papers and another for software project management — were developed based on the Lightroom paradigm. We derive a conceptual framework for engineering by example and assess the method by comparing it to traditional model-driven engineering.

Personal information management services market to reach £16.5b

The Information Daily posted an article about how PIM will become like some sort of addition to personal life coaching worth £16.6 billion. Life coaching is a big business overseas in states (although there are some sceptics of how much it helps).

From the article:

"At present, says Jessica Bland a technology researcher at Nesta, PIMS services are a niche business category that has reached few of the 27 million households in the UK used to make the £16.5 billion market estimate. However, people’s relationship with data about themselves is evolving fast and PIMS are one way to make abstract conversations about personal data, and how to balance data protection and data-driven innovation, much more concrete."

But before you jump and start a new company to get a share of the estimated sum, the consulting firm behind the report (paywalled) is already in the business and maybe slightly biased :).

Thank you William for sharing this.


Door design and the affordances of push and pull

I wrote about door design a few years ago and listed two similar examples: 

Here's another nice design from an elementary school. I asked a child to open the door from both sides. Note the different handles and how a child (125 cm tall) interprets them. Note also the heigh at where they are positioned (chest height vs. over head height). However, while observing adults they often get confused with the pulling one (trying to push the handle at below the chest height).