From /.: “How to bequeath sensitive information?”

This is a very important question that not many people give much tought. Recently this question was posted on the Slashdot (/.) titled "Ask Slashdot: How To Bequeath Sensitive Information?". In essence:

"I will have documentation on financial accounts, passwords, etc.,
which I will want to share with a few people who are pretty far away … is there any
way to share this sort of information electronically? There are lots of
things to secure transmission of data, but once it arrives on the
recipients’ desktop, you run the risk of their system being compromised
and exposing the data.
"

The post spurred a debate and suggestions from law firms that offer document escrow, deposit boxes and home safes, to encrypting files and hard drives, splitting the encryption key and send it to several people (Shamir’s Secret Sharing). The failure of digital media was often a concern. Saving digital documents on CDs, DVDs, USB thumb drives and hard drives is not fail safe at all (e.g. bit rot). So was a concern the local laws that regulate access to ones legacy.

The most insightful comments were using an encrypted database shared on a cloud with others.

"I use keepass to keep my passwords for various things encrypted on my
systems … you just have one password to share and all of your
information is unlocked. Send it to them in a secure fashion or come up
with some sort of shared storage they can access (dropbox) so that you
can update passwords as they need to change and then you can put your
password for keepass in your will so they don’t have access to anything
until you die."

My concern about this would be the safety of the DB if other people’s computers are compromised. Given enough time … Others suggested:

"My safety deposit box also includes a master password and a 1TB
encrypted USB backup drive. Since the professional who wrote my will
also advised leaving a copy in the box and registering that this is
where the "official" notarized original is located, my executor will, by
local laws, just have to provide proof of death and the copy of the
will indicating they are the executor to access my box. Having the key
(which they likely would) would help too."

This backup drive needs to be updated regularly. It is probably good have two copies and change drives every couple of years just to be on the safe side. Deposit boxes can also be regulated by different local laws. It is a good idea to check them first. For example one commenter said:

"Safe deposit boxes can get funny depending on state law. First don’t
ever put the will in the box. The executor will need that access the
box later. Furthermore, it could take several day or weeks to get the
authority to open the box after the person has died, so don’t put
anything in there that is time critical."

Other suggestions involved cryptography:

"You could send them an encrypted file (#1) now with all the info you
wish to share with them. Along with a password for a file that will
arrive when you die. Then set up a service like deathswitch.com and have
another encrypted file sent to them (#2). The password they already
possess unlocks #2 and that contains the password(s) for #1."

or

"Public key cryptography allows a key to be
split up, so that you need a minimum of X out of Y pieces to recover
the key. Split the key into 5 pieces where 3 are enough to unlock it,
and hand it out to lawyer, friends, co-workers, etc."

Even these solutions are not error proof. For example people can get together prior to someone’s death and acces all information. An interesting and thought through solution was:

"In California … a bank safe deposit box is
NOT sealed if one of us dies. The box remains available to the other
persons who are listed at the bank … The complete original documents for … estate
plan are in the safe deposit box. … A list of all …
accounts [and inventory of mutual funds] is in the safe deposit box. In a sealed
envelope in the safe deposit box are a floppy disc, a compact disc, and a
printout of OpenPGP public and private keys and  OpenPGP
passphrase … (I chose
three media since I have no way to predict what formats might become
obsolete before I die.) That envelope also contains a list of all
important Internet passwords, which are encrypted on my PC. I have
an unencrypted list on a PC titled "Where Is It?" that describes where
everything should be found: checkbooks, bank statements, insurance
policies, durable powers of attorney for health care, mutual fund
statements, deed to the house, etc. When I update this list, I E-mail a
copy to our daughter; another copy is in the ring binder with our
estate plan. Also in the ring binder is the paperwork for our purchase
of burial plots."

Most of the solutions need updating. But the will need updating anyway.