What happens after we die? We know the body is left behind, but from ancient times there are myriad views on what happens to the soul, spirit, or mojo. One thing the ancients didn’t have to think about was remnants of a digital life. Who inherits your Bitcoin wallet, or your Facebook profile? What do you do with digital assets that you want passed down to your heirs?
Kaspersky researchers Dan Demeter and Macro Preuss delved deeply into this subject and presented their findings at the RSA Conference in San Francisco.
Preuss is deputy director of GReAT, Kaspersky’s Global Research and Analysis Team. Established in 2008, the team has over 40 members—including Demeter, a senior security researcher—and focuses on Advanced Persistent Threats, critical infrastructure threats, financial threats, and sophisticated targeted attacks.
Defining Ownership
Who really owns your data? How is ownership defined? “Unlike physical properties like lands, or a car, [ownership of] data is not clearly defined,” said Demeter. “We might have some laws about intellectual property rights, but for data it’s not clear.”
Inheritance of digital assets is likewise unclear. “It’s very easy for you to inherit your parents’ house,” noted Demeter. “There are rules, there are procedures, everything is set in stone. What about inheritance of digital data? Well, this has never been done before. We didn’t find any clear rules about how to inherit somebody else’s data.”
“Data can reside in multiple countries, in multiple locations, and duplicates of this data can exist at the same time,” said Demeter. “Furthermore, you can almost instantly transfer data from a location in Europe to one in America. Just like that, bam, I moved my data.” He pointed out that any solution to digital inheritance will have to account for clarifying ownership.
Take an Inventory
Before you can pass on your data, you must determine what you’ve got.
“You have to make an inventory of your data, and this is the most crucial part,” said Demeter. “You have to know what you have. What kind of data is important to you? Where is it located? Who should handle the data?”
He explained that this inventory is an ongoing process, any time you open a new account, purchase cryptocurrency, or acquire any other digital asset.
Demeter warned that protecting your data against attack is also important. Ransomware or a data breach could happen. He pointed out that if you’re rich or important in your field, you might face attacks on your business or direct personal attacks. Even so, data security is not the only concern. “You might be super-secure, your devices might be super-secure, everything is OK,” said Demeter, “but inheritance should not be the weakest link.”
Access Is Essential
Demeter explained the importance of knowledge and preparation. “I might be above average knowledge in encryption schemes and ways how attackers are trying to steal your data, but I’m not knowledgeable in the laws of passing on data.”
Also important is the expertise of your heirs. “Inherited data is useless if the receiver isn’t able to access or process it,” said Demeter. “You have to make sure that whoever receives or inherits the data is able to access it.”
He mentioned several important points, including taking stock of any special software and hardware requirements. Demeter advised creating a clear description of what data is involved, where it resides, and how it can be accessed. He also recommended putting this data in written, audio, and video form.
“Maybe you have this whole scheme in your mind, this amazing procedure,” said Demeter. “But if you don’t pass this information to other people, if you don’t tell them how to access it, if something happens to you, they will not be able to access it.”
You have to make an inventory of your data, and this is the most crucial part. You have to know what you have. What kind of data is important to you? Where is it located? Who should handle the data?
Preuss joined in, noting that you also need to clarify just why this data is important. “Take the simple example of a Bitcoin wallet,” said Preuss. “People may not understand what is Bitcoin and what’s the value in that. Maybe you’ve got one, 10, 100 Bitcoin in your wallet. A lot of money, right? But your relatives who get this data may not understand. You need to explain it to them, give them a motivation to take these steps, and get the Bitcoin wallet.”
Digital Data Dangers
“And now a bit of warning about encryption,” said Demeter. “You want to store and secure the data for a long time. There have been real examples where encryption schemes that were once considered secure are now known to be broken. Maybe in the future, like in five years, the encryption protocols that we know right now might be broken.”
This echoes a theme from the Cryptographer’s Panel, where panelists agreed that when actual quantum computing becomes available it will break public key cryptography. Demeter pointed out a wide variety of other threats, including theft, hardware failure, and natural disasters.
Preuss noted that someone who’s 30 today can reasonably expect to live to 80 or more. “We’re talking about 50 years until death,” he said. To put that in perspective, he listed some events from 1973, 50 years ago: the very first cell phone call, the launch of SkyLab, and the development of TCP (Transmission Control Protocol), essential to the workings of the internet.
Inherited data is useless if the receiver isn’t able to access or process it.
Furthermore, today’s tech giants may be tomorrow’s dinosaurs. “Digital Equipment Corporation, DEC, at the time was massive, one of the market leaders in computers,” said Preuss. “They existed for just 41 years.” Even Microsoft is only 48. None of the big tech companies have reached the 50 years we need.
Finally, Preuss tabulated available storage methods and their expected lifespan, ranging from five to 10 years for CD storage to a surprising 35 years for VHS. “Just imagine,” said Preuss. “All of the big companies you know, all of the technology you’re using, all of the storage media you may use for storing data, none of them will be ready for the next 50 years.”
Enough Problems: How About Solutions?
Where to store your digital data? “Nowadays you might upload it to some cloud storage,” said Preuss. “The problem with cloud storage, if you just think about the companies, it’s tricky to find a company you’re 100% sure will exist in 50 years.”
Recommended by Our Editors
After much digging, the team came up with a recommendation for M-DISC(Opens in a new window), a variation on Blu-ray that’s designed to last 1,000 years. “I just got the device at home,” said Preuss. “It’s nice. It’s something you can do, and you have it under your control.”
Having the data physically present on storage media in your country means that your country’s laws apply, something that’s not true of cloud storage.
Preuss assumed the data will be encrypted. “Storing stuff in plain text, psh! Everybody knows that’s a no-go,” he said. As noted, quantum computing will break many current encryption standards, including popular public key crypto systems. But symmetric algorithms such as the widely used AES-256 will survive, with sufficient key length.
“We have the storage media, we have the encryption. So, what do we do with it?” said Preuss. He noted that you don’t want a single point of access. What if you pass along your data disc and password to multiple relatives? But there’s only one Bitcoin wallet, say, so the first to open it keeps it. That’s not good. “Also, what if the person you gave the stuff to would die before you?”
Preuss proposed a system involving multiple stakeholders, including one or more guardians and one or more successors.
“Your Guardian gets the encrypted data disk, and the successors each get a part (just a part) of the password,” said Preuss. “At least two or three have to come together to unlock your data.”
I assume he’s talking about a system such as Shamir’s Secret Sharing(Opens in a new window). He offered a warning: don’t put any keys in your will, as in many cases wills become a matter of public record.
Packing Up Your Digital Estate
You don’t literally have to pack up a backpack for your heirs, but one way or another you must make sure they receive everything that’s necessary to unpack your digital estate:
-
The data itself, on long-lasting media
-
Any software needed to access the data
-
Your will, including an explanation of why your heirs should want the data
-
Any security and protection notes
-
A clear explanation of how to access the data in written, audio, and video form
Preuss concluded that the process can be broken down into Inventory, Protection, Storage, Accessibility, and Distribution. “Do the inventory,” he exhorted. “That’s an ongoing process as mentioned before. This never stops.” He concluded by noting that, “The easier it is to access it for your relatives, the better it is in the future.”
Like What You’re Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
Hits: 0