Personally, I enjoyed most this comment from the bottom of that article:
So let's get this straight; you don't trust your wife, you think your daughter will grow up to be a nut job, and you're worried that your close friends will turn against you.
Man, I'd just hand it all over now. It sounds like you have nothing to live for anyway.
Maybe this should be a unit test for whether you are ready to marry somebody. If you can't bring yourself to trust them with your password - and trust them not to use it - you have commitment issues. :-)
I think it's less that he doesn't trust his wife, and more that, as TFA says, "many countries's laws make it difficult or impossible for a court to order you to turn over your keys; once the passphrase is known by a third party, its security from legal attack is greatly undermined, as the law generally protects your knowledge of someone else's keys to a lesser extent than it protects your own."
Like many security measures, he does not have a technological problem, he has a social problem. Namely, he is the lynchpin of his own security and he is very bad at estimating risks.
It is an absolute certainty that he will eventually die and his data will eventually become totally unavailable.
It would take an extraordinarily speculative sequence of events for him to run afoul of the British authorities who would then, being naturally covetous of the secrets of minor authors, abandon their tradition of spousal privilege and sue his wife for the contents.
Realistically I think he has a problem greater than either of these: assuming every bit of his data passes to his heirs as planned... then what? Does it have a comprehensible filing system? Does it have a document saying "Hi honey, if you're reading this I'm gone, the documents you need today are in ..."? And, the biggest question, is the data in there meaningful to anyone but him at all?
It doesn't protect her from people with a '$5 wrench' that want to get the password from her. This is assuming that 'they' figure that getting the password from her is easier/better than getting it from you.
Hired goon: "Excuse me, madame, but if you would be willing to divulge to me your husband's password, I will gladly give you this shiny new $5 wrench!"
(With apologies to "how to determine the height of a building using a barometer"...)
I'd go even further than that. I trust my wife with all of my passwords and as far as I'm concerned she can go ahead and use any of them at any time for anything she wants. It's really not a big deal. I married her, for heaven's sake. What kind of secrets do you keep from your own wife? Sounds like a Hollywood marriage.
* If he has certain things that he doesn't want his wife to see he should encrypt them separately and not give her access, even in the event of his death since they are probably things he still wouldn't want her to see (secret sicko porn collection or sex chat logs or something)
* Don't be so quick to dismiss him has having a 'Hollywood marriage.' There are plenty of marriages that start out fine and with both partners completely trusting one another that eventually fail. Preventing some finiance information (or whatever) from being viewed by your wife could be a good thing (for you) in case she makes up her mind to divorce you; but decides to peek at your finances before actually telling you about it. [Before you start talking about trusting your wife, realize that people can (and do) change and not always for the better]
* If someone in government really wanted his laptop then jurisdictions -- even foreign ones -- wouldn't matter because they wouldn't necessarily be using the court system.
* Using something like TrueCrypt with a hidden partition could work for him so that he could keep some stuff from his wife/others while leaving the most innocuous stuff behind a password that she knows. [ That said, sometimes even the innocuous stuff can be used against you -- i.e. in court ]
Your spouse is still a human being, so you can really only trust them to the extent that you can trust the most trustworthy human beings. Of course, there should be unparalleled trust between spouses, but there are still times when a password should be secret. Passwords to resources regarding one spouse's employment shouldn't be shared with the other: if not for the trust issue than simply for preventing liability. Also, while I might trust my spouse not to deliberately abuse any password-protected resources of mine, I might not trust the security-awareness of my spouse, e.g. carelessly saving passwords in browsers on public or shared machines or simply underestimating the importance of password secrecy.
Passwords to resources regarding one spouse's employment shouldn't be shared with the other
I totally agree with this: however passwords/passphrases related to my employment are not something I worry about in case of my untimely death - they are known (or can be reset) by my employer.
True, that example drifted off topic, but I was responding to the notion that there should be NO secrets between spouses. I suppose there's a difference between a secret and simple nondisclosure. Your spouse should probably know that there's something you simply can't or don't need to tell them because of security reasons.
It doesn't have to be about distrusting a person as much as distrusting that the person is security aware. E.g., most non-technical people I know have no problem with logging into their Gmail from internet cafes. You may be 100% that your wife would never screw intentionally you over and yet not so eager to share your passwords with her for that reason. Sure, you can teach her not to login from random computers, and then the difference between http:// and https:// and what it means when the browser says that the certificate cannot be verified, but it can turn out to be a quite large project.
I've heard anecdotally that the majority of people with assets (not necessarily a huge amount) hide assets from their spouses. That can be cash/stocks, but very often it's property or even companies.
He's Cory Doctorow -- the Mary Sue characters in his fiction have massively over-inflated egos, are mostly worthless to others, are extremely paranoid and delusional, and tend to dick over everyone close to them.
In one of his short stories he has his wife and child die (who were somewhat fleshed out), and doesn't seem to care a bit.
I also liked his "liberation" speech. "I never have to worry about being mugged for my laptop". Actually, they're just as likely to mug you. They just won't get your data. Even then, all they have to do is beat you over the head with a hammer until you give them the password... and even then, all they have to do is put in a LiveCD to format your hard drive and they have a new computer. Not so liberating...
Your entire comment is predicated on him being concerned about losing the laptop. Clearly he isn't. Clearly he's only concerned about losing the data. After all, a laptop can be replaced.
With that point of view your comment becomes rather less relevant.
I wouldn't suppose people would mug him for his data. But having got the laptop, the data may very well be trawled through for email addresses to spam, credit card numbers to defraud, salacious photographs for blackmail, etc. Someone who mugs you is extremely likely to pass the laptop to a fence, who will then make the most of it.
Yes, the data will get wiped and the laptop sold, but the data will also be mined to see if it's of value. I assume the author doesn't want someone going through their underwear draw.
In the UK computers must be recycled, but recycling companies are required by law to shred hard drives. It was extremely difficult to get them to save the magnets for a youth project robot building exercise.
The entire time I was reading this article I was wondering just what kind of data Cory Doctorow could have that is so important as to require this kind of thought be put into its encryption. Does he have access to some sort of nuclear secrets? It seems to me as though he's crossed the line between 'practical' and 'unnecessarily paranoid'.
I'm envisioning a 22nd century Geraldo moment..."now, using this self-aware quantum computer we can finally, after many years, see inside the encrypted hard disks of Cory Doctorow, a mystery ever since a meteor fell on his lawyer's office during the reading of the will and destroyed the keys to his encrypted data!
We're loading the files...it's a huge PDF! That was a popular 21st century file format, folks...let's read...hmmm....well, obviously this isn't as exciting as we had been led to believe...er...well, back to the studio!"
Stable governments ruling over free societies are a relatively new invention. How long do you think it will be until you are at odds with your government? This seems like his main concern. For others, corporate espionage should be a significant concern.
(To the compilers of various watch lists: Peaceful odds. Peaceful.)
To handle this you could have a duress code that you could hand out that would make the system appear to be decrypted but only show the files you want shown when the duress code is used. That's the way most situations like this are handled. Now if they already know you have the data, then this won't work. If it was super-secure information (national security), you could give them another duress code that deleted ALL data, rendering you and the laptop useless. They might kill you for that though.
This is such a non-issue I really don't understand why it keeps coming up. Write your passwords down and store them with your other vitally important documents like your checks, bank account records, passport, etc. Why make it so complicated?
Seriously. Jesus christ, write your private key file to a USB flash drive and give it to the lawyer/firm in charge of executing your will. Done. Oh, and he really knows nothing about cryptography if he thinks "splitting up the key" is a cryptographically secure way to encrypt your data. Having even part of a private key can hurt.
The problem with having it in a will is that there is a 'single point of failure' to someone obtaining it.
He also mentions moving it out of jurisdiction of the UK, so I'm assuming he's trying to prevent court orders from trying to force the contents to be revealed. If that's the case, then it's possible that having a will stored/signed with a lawyer in Toronto, Canada (or just 'another country from where he currently lives') is not 'legal' or provides issues with the execution of the will in the event of death. If that's true, then he has to have his will in the UK with a lawyer somewhere. I assume that a court could order his will revealed/unsealed if they thought that his password was there and they were trying access the contents of his laptop... If it's possible to have foreign-country wills, then that issue doesn't exist, but I suspect that a will in a foreign country presents legal problems if it isn't outright declared 'invalid.'
Of course, if he put it on his will and didn't tell anyone that he did; it's possible that authorities wouldn't even think to go after it (or maybe a judge wouldn't allow them access to it unless they had some sort of evidence that the password was stored there).
Gosh, why go to all this trouble? Just have an unnecessary heart valve transplant, and have the doctor inscribe your password on the new valve. Then develop a serious booze-and-sodium problem (I guess margaritas are the most efficient way to do this) until you absolutely cannot live without that last remaining valve. At that point, nobody can access your password until you're dead. Or, at least, once someone can access your password, you're definitely dead, which is more or less the same thing.
Just make a program that takes a password, and then (if correct) sends two emails: One to your box, and then (a day later) one to whomever you're leaving your data to. Tell them the password and then if they use it before you're dead, you have a day to change everything.
Better yet, don't require "changing everything". Write a program that takes a password, and upon validation sends you an email. If you don't reply within a certain period of time (say, a week), then it will send your info to whoever you want to leave it to.
And make sure you can change the waiting period, in case you go on vacation or something.
It should include a way for you to cancel the request, so if the person does use it before you die you don't have to reset all your passwords. Basically a dead man's switch.
How will his data persist if he is not paying the bills for hosting, Amazon S3 and so on. His legacy might not live up a few months after death.
I think this is a serious issue. What you blog and write today wont exists after you unless you are a company. Soon I'll post an idea soon on aleveo.com for this, be sure I'll post back on HN. Securing the data is the easy part given it is persisted.
Interesting analysis of a problem that I don't have. Either I'm not nearly as paranoid as I should be, or I just don't feel like anything of value that I will be handing over to my heirs (whoever they turn out to be) will be digital in form. They'll get a chunk of cash and a bunch of computers with open source software on it.
Maybe not files, but things like email account passwords and such would be good. Also passwords to accounts that get charged on a regular basis (hosting or something) would be easier to deactivate in the event of your death if you heirs had your password (vs. needing to prove to the company that you're dead or something).
At the very least, maybe an encrypted file or something with bank accounts, passwords, etc in it would help them out. And it would be easier to update than a will.
I've always wondered about this, and one of the ideas I've been playing with my head is the distributing the keys between a few people, and if something were to happen, they can combine them to unlock my secret (all the keys must be present)
I've thought about this and wondered if it would be possible to create an escrow service that would only give over the key when say an official death certificate is presented or something like that.
Problem being government intervention can force them to hand it over. Unless the company is in a place with laws that prevent that sort of outside interference.
It seems to me that the kinds of people who have data requiring this amount of security usually have a lot of other people working for them on just that task.
So let's get this straight; you don't trust your wife, you think your daughter will grow up to be a nut job, and you're worried that your close friends will turn against you. Man, I'd just hand it all over now. It sounds like you have nothing to live for anyway.
Maybe this should be a unit test for whether you are ready to marry somebody. If you can't bring yourself to trust them with your password - and trust them not to use it - you have commitment issues. :-)