Death, Disease, Data Access and Digital Legacy
The story of the death of the founder and CEO of QuadrigaCX, Canada’s largest crypto exchange, raises questions about death, disease, data access and dealing with the digital legacy.
If the person with the knowledge of and means to electronic access to information or other assets becomes incapacitated or dies, how do his or her successors gain access? What happens to the cryptocurrency or frequent stay points or intellectual property?
There are systems in place for bank accounts and sometimes securities in different regions. For example, in Canada, if a bank account has been dormant for 10 years, the balance is turned over to the Bank of Canada. Unclaimed balances of less than $1,000 are held for 30 years. Amounts more than $1,000 are held for 100 years. And in the pre-intangible era, a couple of months’ worth of mail might uncover most financial relationships.
But there is no such system for many other items of value – in particular, intangibles such as frequent stay points (although that is a topic unto itself). Email history may help, but not always. Where are the wallets? And what if others are holding the wallets?
In the QuadringaCX story, rather than the investors managing their own cryptocurrency in their own wallet (where the wallets track balances and manage the related private keys, necessary to unlock access to the funds), the funds were managed by QuadrigaCX, and the cryptocurrency addresses and related keys were managed by the exchange. The keys were kept by the CEO and only the CEO, who (allegedly) died suddenly; no one is willing to admit they know how to access the keys to the funds held on behalf of others. If the keys are irretrievable, crypto funds currently valued at $150 million (CAD) cannot be retrieved.
With Bitcoin and other cryptocurrencies, there is no “account”, no financial institution or centralized authority able to override the system, no storage place where physical funds are kept, and the very design based on cryptographic means and methods mean it is wildly difficult to find a private key for a cryptocurrency address even if you know it. There’s over $500 million worth of Bitcoin – 130,000 Bitcoin - at a single Bitcoin address 385cR5DM96n1HvBDMzLHPYcw89fZAXULJP, and little fear anyone can do anything to access it without the private key.
How should individuals and organizations manage all of their electronic access so necessary successors can identify and access accounts – or at least know who to contact if necessary? And do this in a fashion that does not expose them to threats today? And deal with the frequent password changes we’re asked to perform?
To complicate things, you can’t leave your fingerprint on a yellow sticky note on your monitor. Does the use of fingerprints to access our devices … where the device itself may create and store the password without the user even knowing, accessed by fingerprint … make the situation worse?
Comments
- No comments found
Leave a comment