 Before we start, I will point out right now, I know I have a tendency to speak too quickly, especially in front of a big crowd, so go ahead and let me know if I'm talking too fast. My laptop's not acting exactly the way I intended, so I'll be fumbling a little bit. I apologize in advance. Here's a little bit about myself. My name's Matt Yoder. I can be reached at Acronym at Acronym.com. I got into this presentation largely because I wanted to spread the word, had a friend who asked me about the death envelope and I promised him, if I can't find you the resources, I'll go make it. So this is literally the first step toward that. I've been thinking about the topic for years, and I like pens and paper, and the death envelope lends itself well to pens and paper. My goal is today, I'm hoping to cover what should be in a death envelope, what it actually is, who should have a death envelope, or ask someone else for a death envelope, options for your envelope, and different forms of solution to collect information for an envelope. So there's the first question, what is a death envelope, and what it boils down to is, in today's high tech world, there's a lot of information being carried around in people's heads that someone else is very likely to need if they die or disabled. One of the things you want that information to be stored in is something that's fairly tamper resistant and fairly able to reveal if something's been tampered with. Obviously, we're talking about high security information, so you want to know if it's been accessed illegally. I did some research about how many passwords people tend to have these days, and I found a little poll done by a security blog that said people have an average of 40 passwords and 15 of them can be considered sensitive, like this will hurt me if it gets revealed. I saw one, like the high end of the entry said there were 200 passwords and all 200 were sensitive. You see also here in the headline, some of you may remember there was a marine who died in Fallujah and there was a huge battle between his parents and Yahoo about getting access to his email. They basically wanted to know what their son had been doing, who he'd been communicating with and let people know he had died, and Yahoo basically said, no, our policy says you don't get access to his email if you haven't got his password. So point being, if they had had his password in the event of his death, they would have gotten what they needed. Who should have a death envelope? I would propose that probably everyone in this room should have a death envelope. If you have one computer and one password and one person who might need it after you die, it should be in an envelope. Chances are good, most of the people in this room have lots of things that should be in an envelope for their loved ones or their boss. Realistically, I mean, obviously there's a degree of risk assessment that says if you're in a high risk lifestyle or you're skydiver in the military, you really need one. But point being, I think at this point everyone knows death can arrive far more quickly than anyone anticipates, so you should have this information stored now. Another question of course is, are there people who should be asking for a death envelope? And I submit, yes, there are absolutely people who should be asking their employees or loved ones for a death envelope. I mean, a good example is, let's say someone's one person has an enterprise admin password for a Windows NT domain, it takes a fairly significant amount of downtime to recover that password if it goes to someone's grave. In a big deal, spouses or loved ones of network administrators who like to skydive should be asking for a death envelope. A couple of thoughts, obviously anything being carried around in your brain right now that someone needs after you die should be in an envelope also. Some more things, you know, route or administrative passwords definitely should be in an envelope. Bank accounts for web mail, domain name administration like if you have a GoDaddy account, or your financial information, these are important, should be available. I've had some thought as to whether financial secrets should be in there well, and it's probably they should. I mean, obviously there's legal remedies to get access to someone's bank account in the event of their death. There's a certain period where it's much easier if you can access it as that person once they've died. I've seen also a lot of discussions about after care, and I gave a lot of thought as to whether the death envelope concept was well covered by after care and what I realized it wasn't. The more I looked, a lot of after care information you might have in your filing cabinet because it's the kind of thing you might refer to on a fairly regular basis so you don't necessarily want to make it difficult to get to. The difference of course is the death envelope, you want it secured and you want it tamper evident. So now we start to get into a little bit of the thoughts of starting to create a death envelope. Obviously, chances are pretty good, much of your information is going to be on paper. This is the way I trend toward largely because it's easily understandable, you know, your grandmother if necessary can access a piece of paper in an envelope. And definitely there are some advantages to handwriting. I can see some paranoia that says if I put something in a computer, it leaves enough of a record someone can get to, I don't necessarily want to do that. You know, if you're going with handwriting, you dodge that whole thing and like I said here, if it could be sniffed by the feds, they already know far too much about you so go ahead and turn yourself in. The other option obviously is it's easy to create or update with simplest of tools anywhere. On the flip side, the advantages of using the computer are things like consistency of fonts and the other thought, oh, copy and paste. Like basically if someone's got a file and they needed to access your file, if you've got an extremely complicated password, it's easy to paste it into some place as opposed to trying to type it in. So obviously you can go both routes there. Some thoughts if you're going to use handwriting. Obviously you want to slash your zeros so people know they're zeros. Real simple. Handwriting deal, frequently just underline the numerics so people know which one, if something's a one or an L. Handwriting trick, go ahead and slow down so you're not writing too fast and people can read your letters. At this point, once they've opened your envelope, they can't necessarily what you meant when you wrote that down. Another good one is graph paper. This can indicate spaces. Obviously it means there's supposed to be a letter there and it slows you down. Kind of some examples. If you want to look at this slide, it's in the CD of course. By the same token, some of these tricks you want to use if you're creating your envelope on the computer. OCR fonts, freely available and in the same respect that a human or that a computer can read them effectively, human can read them as well. Monotype fonts show spaces. Obviously if you're giving a passphrase, you're going to have spaces. A lot of operating systems will take a space as part of a password now. So you want that to be obvious that that space exists. And here again, slash zeros. Most fonts are going to have a slash zero available. I indicate how to get them on a PC. I have no idea on a Mac, I'm sorry. Here we're getting some of the kind of stuff I really enjoy with the whole paper world. I did a lot of research. There's a lot of interesting things you can do with paper in terms of invisible links that only show up under UV. I'm sure most of you have done lemon juice and heating up. A signature across a seal of an envelope gives you a little bit more indication if it's been tampered with, especially if you're using water-soluble ink. If someone's steamed it open, it's going to get blurred, it's going to run. For a long-term envelope, acid-free papers, all the same sorts of things apply to a depth envelope to any other archiving. You want acid-free paper, durable links, there's a lot of interesting cellulock technology, is fairly impossible to remove from paper once you've used it. Newler's Eternal Ink, same deal. I've thought a lot of well about the human factor. You're creating something here with pretty much an identity theft kit. Obviously, if you're going to ask someone to hold on to this envelope for you, you're talking a great deal of trust. But going hand-in-hand with that trust is some due diligence. What I mean by due diligence is your death envelope doesn't do you any good if you don't ever inspect it. So basically, if someone's got your envelope and knows you're not ever going to come look at it to see if it's been tampered with, they can open it whenever they want. So it's important to plan this into your kind of operations in dealing with an envelope is planning the tampering. By the same token, you've got to consider those facts when asking someone to hold your envelope and have that conversation with them. I, excuse me, I need some water. Additionally, if you've got a will or a living will and you've got a death envelope, the will should discuss the envelope and say, who's the recipient? In what circumstances should it be open to allow access to my accounts, etc.? And by the same token, if you're asking someone else for an envelope, bear in mind you're asking them for something that's fairly critical to their world and just keep that in mind. I'm not the greatest social interactor, so you can probably find resources on someone else for interacting with humans. But nevertheless, you know, just be careful. Just don't say you've got to do an envelope. Explain why, explain that you care. But nevertheless, they could die. I guess I already covered the slide. I'm sorry. That's a good point, however. Make sure they understand it's not insulting to ask to inspect the envelope. It's part of the process. It's part of the practice of the envelope. Basically, you give someone an envelope and a week later say, hey, can I look at it? If you haven't explained it, they might say, why? Do you figure I already broke into it? No, it should be part of the process and the practice, and they shouldn't be insulted when you ask. Some things to keep in mind when inspecting an envelope. If someone really wants in there and doesn't want you to know, they might work fairly hard to reproduce what you've done. You might well consider photographing all the exterior components of your envelope, so you have comparisons. By the same token, UV illumination can frequently consider chemical assaults. I did some experimenting with that. It shows some things, it doesn't show some other things very well. But there's certainly things that can indicate more than the visible eye. Some other things you consider. A safety deposit box is not a bad idea, but it adds some complications. Obviously, you're going to want to understand in the event of your death, how does someone gain access to it? It's possible they'll already need to be on the list to access your envelope. Chances are reasonable for a spouse or a loved one. They may already be, but if you want them to have easy access and they aren't currently on that list, add them. Or, ultimately, make sure they understand what the bank's going to require to access your deposit box if you're not on the list. It may be a death certificate, it may be a death certificate and a durable power of attorney letter. I don't actually know. And additionally, find out from your bank what it takes to determine whose access to your safety deposit box. Given that it adds a factor of access to it when you're not necessarily going to know, find that out in advance. Say, can I look at the law as to who's had access to my safety deposit box? Another possibility is a lock box, just your average little cash box. It adds some security. Obviously, this is a place where you can't claim a lock provides any real protection, but nevertheless, it slows some people down. By the same token, certain strong tapes can indicate that a box has been accessed in advance. Splitting the key in the box to just slow things down a little bit are an option. This is an important question. How often should I update my death envelope? And I think it would be obvious in the ideal world, every time you make a change to something in your envelope, make a new envelope. But obviously, that's impractical. That could possibly be, you know, every three days you may have to add things to your new envelope and go through the whole process of securing, photographing, what have you. I do recommend that you set yourself a religious reminder for it. Once you've created it, if it gets out of date, it's as useful as the envelope not existing. Here I'm starting to talk a little bit about kind of a hybrid envelope. This is where we're getting into a computer solution combined with paper. I'm a little torn on the USB key, realistically. I don't like it as much as pure paper, largely because if someone can get in there and access it and reseal it successfully, you have no idea from the key itself. With a purely secured envelope in paper, it's more obvious. But nevertheless, if you put your key and a passphrase in a secured envelope, you still have all the envelope protection. So that's certainly one thought. Again, you can put a whole bunch more information there. I've given a lot of thought as to whether you want to necessarily have letters to people in your death envelope. I don't know. I'm torn on that. The idea bugs me, but some people will probably want to send this letter to this ex-girlfriend, send this letter to the boss I hated. That's certainly an option on the USB key. Print these out, mail them out. Thanks for the postage. But there are certainly advantages. One option, copying and pasting from a USB key, you avoid necessarily human eye failure to read. You avoid the handwriting problems, you even avoid bad font problems. And here again, you can split some things up. Start talking about encrypted files on one key and then have a paper envelope held by somebody else that has the master passphrase. That's an option I like reasonably well if you want a lot of information in your USB key, but you want it relatively well protected. It adds layers of security here again if they get together and conspire against you. You're still screwed, but still. Disadvantages, like I say, I think you may want a little bit more attention to tamper detection. There is some possibility of obsolescence of media. You put your Bernoulli disc in an envelope. No one can read it. Of course, no one can read it now. But I don't think this is a huge issue, because if you're updating your envelope religiously enough, you're going to have the new media. So nevertheless, same thing applies to media failure, it's a small possibility. It occurs to me also, it's more vulnerable to water. A USB key is at higher risk from water. If you're using good paper with good water-resistant ink, it's less water, it's more resistant to water. I don't know. Here, I get kind of into my paper geekery. Sorry for that, just kind of some discussion of some options for if you want to avoid paper for whatever reason, durability, there are multiple plastic-effect replacements for paper. I can think of one now I didn't even put on this list. There's Write in the Rain, there's Upo, all kinds of fun stuff. More recently, Limestone is being made into paper for ink jets. I've never tried it. I have no idea how it works, but I found it in my research. And finally, if you just want to save some trees, there's lots of other fibers being made into paper, and lots of them are very, very good. One of my favorites is Locta from Thailand. This stuff is, in fact, so durable it's been used for contracts for 1,000-year leases in Thailand. A wax seal. This I can't really emphasize more. This is how you want to seal your envelope. Like I say, 5,000 years of proof-of-concept testing. Wax seals have been found on Egyptian papyrus. They were, of course, hugely popular in the Middle Ages. And even now, sealing wax is specifically designed to adhere firmly and strongly to paper. It breaks up when you get into it. It's the whole point. Additionally, you can see a little bit of picture evidence. They really are as unique as a fingerprint. Everyone's going to show up differently. Obviously, I'm joking a little bit. The top two are entirely different. If someone has access to your wax and your stamp, chances are good. If you have a photograph, you're still going to be able to tell the difference between the seal you made and the seal they made. And of course, what other reason is there to make a CDC or Loft wax stamp? Oh, look, I'm done. As well, deathenvelop.com, I intend to have this information available within a week or two after I get back from DEF CON. Oh, yeah. And that'll be on deathenvelop.com. It's just wax dash works. You can basically send them a vector image and have pretty much anything made into a wax seal. And I hugely underestimated the length of this talk. So thank you all for coming. So the question is discussion of the robustness of a USB key or memory key versus paper. I think realistically the thing there is if you've got a media safe to protect other media for whatever reason, I think a USB key is going to do equally as well there in a house fire. I think if you've got things not in a media safe or in a fire safe and you have a fire, they're both going to die pretty much thoroughly. But realistically, many, many recovery methods have come up for both devices that have gone through fire. You see hard drives all the time that have gone through terrible disasters, including a fire exposed and being put out with water that people recover data from. No doubt it will be true with water or with USB keys. And additionally, paper that's fairly burnt can be recovered through hydration methods. It's not easy, but it's certainly an option. Nevertheless, I do recommend a media safe for both your media and your paper. However, bear in mind a media safe you need for media because a standard fire safe largely protects paper by releasing lots and lots of moisture into the interior. So they get fairly warm, but they prevent combustion with moisture, which is likely to hurt a USB key. Are there any more questions? We have lots of time as it turns out. Like I said, waxworks.com, you can have them made. eBay has a ton of stuff out there as it turns out. You just search Signet Ring or Wax Seal. You saw the makers mark Wax Seal on the slide. Those are all over eBay. I found mine for like three bucks at a thrift store, but those are actually made by makers mark whiskey and they can be bought so I didn't see this light is really bright. So the question was about kind of paper embossing. I can certainly see how that would have benefits. I think largely those are more for authentication authenticity, but certainly if you want basically your loved ones to be able to be assured that that's your death envelope explain to them all the features you've got included like the Wax Seal, an embosser. I would say an embosser that includes the like kind of the seal point of an envelope would certainly contribute to a tamper detection. If someone compromises your envelope and tries to reproduce it, it would certainly add I mean, the more marks you have on your envelope that are unique, the better for authentication, obviously she was first. So the question was how does a death envelope interact with a durable power of attorney or a will? What have you? I've given that a lot of thought and I'm so incredibly not a lawyer. I didn't want to go into it all that extensively. I would say ask your lawyer realistically explain to them what it is that's being held and whether it should be included directly with your will. But that raises the question is how much do you trust your lawyer? I mean, it's a lawyer. So like I say, I think the best thing is probably your will or living will at least discusses kind of the dispensation of it. Perhaps not the location would have you, but your actual legal death documents should probably mention that you have this document available. But for the question of whether they should actually have it for some reason, for some legal reason, you should ask an attorney. I think the main reason to take it off site applies to any other kind of media that gets off site storage is basically let's say you're killed in a fire. You want your death envelope someplace else and I think that'd be the main reason. By the same token, a lot of my employer literally does currently ask for the administrator password for the domain. That would be the main reason. Another reason to have it someplace else is that it basically it contains information that is specific to the location where it is, but certainly another option is to have it yourself as well. So the question was how do I feel about the possibility of a file somewhere on a server or service that basically requires a dead man operation to prevent it becoming viewable. This is something I actually thought about as well and it gets so complex that I didn't want to go too deeply into it. I think I myself am too flaky for a dead man operation and I think it's certainly a great idea but I wouldn't want to forget once and have it get emailed to my mom and say go read this and get all my passwords and especially as well it may say you know if I set it up wrong and email my mom and says I might be dead go read my passwords and so the question was what do I think about encryption. I did actually cover that in the talk. I think I'm actually firmly in favor of encrypting a USB key for example even if you've got the master passphrase right there, oh so the question was basically what if your wife leaves you with your death envelope. I think that's only useful with encryption if someone else has the passphrase. If she's got an envelope that contains the encryption and the passphrase I mean it's no better than having a clear text file. Yeah exactly. Oh that's actually not a bad thought. I mean one envelope that has a passphrase for the other envelope and it has a USB key and then one has basically two envelopes in that set that's not a bad thought actually that's certainly an option. At that point you tell your lawyer if my wife calls don't give her the passphrase. Yeah that's the other option keep your wife happy. Let's go over here. That's a good point. What he was saying is that a safety deposit box in fact is not a good place from a search and seizure perspective for your death envelope because the bank will give it up fairly easily to a governmental entity whereas getting a search warrant for your possessions in someone else's house is very very difficult. That's great I didn't know that. That's wonderful. So the question was do I know if there are specific long term ceiling wax that's currently made because apparently some of the current wax will get brittle and break and because it's not a big surprise with like things like wedding invitations they may be getting kind of lower quality. The answer is I don't currently know. I imagine that's fairly easily Googleable though Googleable though you know archival wax seal. Realistically I think by the same token for a death envelope you want to update it often enough that long term storage shouldn't matter that much. So the comment was if you put a piece of clear tape over wax seal it'll kind of hold things in place and that'll increase the kind of longevity. So the comment was correct me if I get this wrong. So basically if you have your safety deposit box where you have a bank account the banks report where you have bank accounts so it's easier to search for if you get a safety deposit box where you don't have an account they don't report that so it might be more difficult for the governmental entity. So that doesn't inherently create an account by having a safety deposit box. Oh well good. Brian costs more. So that's an interesting comment the USB key with a fingerprint reader to decrypt the volume yourself but I guess who's fingerprint to use. Yeah I guess you don't you don't really want to use your own because how's that conversation go I need his thumb and some of them are snake oil I'm told that's hardly a surprise. Oh question back here. Can you come up I can't hear you at all I'm sorry. Yeah so the comment was basically give you know it's kind of more of a even more hybrid where you split encryption functionality between two different people who don't necessarily know each other. Whereas the envelope also gives contact information for the other holder of the envelope. Yeah I mean realistically that's a great option that there's going to be lots of encryption options they're going to apply very effectively here. So I think we're going to get down quite a rabbit hole if we go into a discussion of encryption here but certainly there's lots of great options. I'm not going to repeat that to the rest of you. Just a discussion basically saying the death indicator database. Social security basically releases social security numbers once someone has died and they are at least been reported dead. That gets kind of weird. So a possibility of a business case using that data to release some degree of information somehow certainly an interesting thought. Then now you're next. Yeah so my friend Alex basically said is the death envelopes an important concept a great idea. The implementation is going to be very individual like I say deathenvelope.com I hope to cover a lot of this information and create an area to grow these kinds of ideas for sure and make it kind of a community discussion of the whole idea but the important thing is for legal matters I'm not a lawyer in any respects not in law school not much thinking about law school. So for those matters talk to your attorney. So yeah the comment kind of agreed with one of the comments I made in my presentation that basically in this case when her father died her mother took the death certificate to the bank at which point they promptly froze the accounts. So it's possible if they had had the ATM pin previous to that some cash could have been arranged before that occurred. You know I don't I don't know if that's a bank by bank sort of thing but it's probably it sounds pretty likely actually. So that was a basically an agreeing comment that basically says it's a U.S. bank standard that says in the event of someone's death within 24 hours of either a death certificate or the death index. Those accounts get frozen so it's probably an important idea if you have the ATM pin go get some cash regardless of your kind of emotional state because the cancer going to get frozen. Now there's another good point talk to a lawyer about joint accounts and what happens in the event of a death and trust funds. So I'm going to ask at this point since these lights are killing me that if anyone still has comments or questions I'm going to go into the Q&A room for a little while. I think it's just not too far that way. Please join me there. Thank you.