On the security and longevity of data

I was musing today about the lifetime of my data, and what might happen to it after I die. I’m a jolly character, aren’t I?

But there are two questions here. First there’s the question of my private data – e.g. online banking stuff and other personal documents that I want to keep to myself for now, but may well have to be released to the executor of my will or whatever.

Then there’s the question of the data I’d love to share. For example my photographs and musical recordings – I’d like to think that they will persist long after I’ve gone. Maybe even wind up in a futuristic museum so people can marvel at how we used to live. Perhaps.

Private data

If I died tomorrow, would my family be able to get at my private files? It’s a bit more involved than looking in a box-file on top of my wardrobe. Nobody has an account on my home server and PC except me, and nobody else knows my root password (I hope).

But I don’t want to give anyone access to my data today. I don’t want to create accounts for other people that can access my stuff, and I don’t want to tell anyone my password. Can you imagine telling somebody all your passwords and saying they weren’t allowed to use them until your death?

That’s not to say that my data is totally inaccessible. My disks are not encrypted so booting from a live CD would be an easy way to read the data without having to log on as me. This would be an easy job for most of my geeky friends, but I don’t think my parents, brothers or girlfriend would be able to do it. Would my next-of-kin have the initiative to ask one of my colleagues or friends to “hack” my systems in the event of my untimely death?

I expect if the circumstances of my death were suspicious, police would confiscate my computers anyway and examine them. A police computer expert would have no problem in extracting the data, but whether or not they would hand it over to my family is a different question.

Of course for accounts I hold with third parties, such as online banking, email companies and of course my employers, it is usually possible to present a death certificate and the account will be opened for the executor.^{[1, 2]} But this doesn’t apply to my systems.

The flip-side of allowing access to my data is that the executor or next-of-kin gets access to all of my data. After I die, I may well be happy for the executor of the will to browse my financial and legal documents, but what if I don’t want him or her to know about my plans to take over the world, or my illegal downloads? What if I have some embarrassing secrets that I don’t want my family to find out about?

The only two approaches here are to specify in my will which files should be deleted and which should be kept^[3], or to encrypt everything that I do not wish to be read. Bear in mind that if you wish to make the encryption effective, you will also need to encrypt the backups.

Maybe the best idea would be to write down my password and some brief instructions for accessing my data if necessary, and then seal this in an envelope to be kept in a safe place with my will. Anything I don’t want seen, ever, can be encrypted. Then it should be straightforward for the relevant people to get access to my private documents, with minimal risk of abuse.

Public data

As I touched upon in the introduction, the second section is to do with the longevity of my created data. A large part of this is to do with choosing an appropriate format, and ensuring that the format stays current.

For example, my photos are currently stored on a hard disk, formatted with the ext4 filesystem, and saved as TIFF images. They are backed up, but that’s mainly irrelevant here. The point is that I don’t expect my hard disks to still be working in ten years’ time, and there’s a fair chance that today’s popular filesystems won’t be in widespread use after a decade either.

While I’m alive, it’s easy for me to move my things around. Let’s suppose next year hard disks start to become obsolete and a new type of memory card becomes commonplace. It will be easy for me to copy my photos from my hard disk onto this new memory card. I can also convert my images from their TIFF format to tomorrow’s shiny new format if necessary.

But who will do this after I’m dead?

It was easy for me. After my grandad died, I inherited a box of 35mm slides, as well as some 35mm negatives and some 6″×4″ prints. Things you can see with your eyes don’t tend to go obsolete in a decade. Provided I look after these physical photos and protect them from heat, light and moisture, they are likely to last for decades or centuries.

I’ve also scanned them in and archived them on disk – where they are safe from paper-curling humidity, but still prone to obsolescence as I mentioned above.

So long as I have backups and I keep with the times and convert my photos to whatever format is appropriate and save them on whatever media is current, I can’t see a problem. I could even make prints of all my photos and store them securely.

The snag comes when I die, and I will have to entrust my photos to a descendant. Hopefully they will treasure the photos and look after them, as I am doing with my late grandfather’s work – but there’s no guarantee. If I didn’t have an interest in photography myself, it’s entirely plausible that I might have declined my grandad’s slides.

It seems here that the best approach is to preserve my data while I’m still alive and kicking, and make it known to my family that I wish my photos to be looked after when I’m gone. Hopefully they will take heed!

Perhaps undermining the tone of this whole article, I might add that I’ll be dead so why should I care! 🙂

References

1. https://windowslivehelp.com/community/t/150085.aspx
2. http://www.news.com.au/technology/story/0,28348,26303927-5014239,00.html
3. Maybe this could be automated, and my will could specify the path to a script that deletes some things and preserves others.