Password managers aren’t just for security and privacy, they can also be useful for digital estate planning. This entry takes us through how to consider setting up “password vault” access in case of emergency and incapacitation. The previous entry went over what a password vault is. This entry covers why a password vault is useful for estate planning. The next will cover how to set up a password manager with estate planning in mind, and the final entry will offer a checklist with extra credit.
We do a lot in digital space these days – manage our bills and banking; socialize, share adventures, get tickets to a show; and store our emails, photos, and videos. All of these actions require accounts (usernames and passwords). Some people use what are called “password managers” to keep track of all those accounts and the associated passwords. There are many resources on how useful password managers are regarding security and privacy which we encourage you to check out if interested (1, 2, 3). But here we’re talking about estate planning. This entry isn’t about just privacy – but how you share to others when appropriate.
When you see friends and family in the physical world, your online accounts are invisible and inaccessible. When a friend or family member sees you on a social platform (like Mastodon or Facebook), or sees your bank name on your screen over your shoulder or on your card at a shared meal, they are unlikely to have access to those accounts, just as they are unlikely to have access to your bank account because they walked into a branch with you one time. That’s the main point of having a password – so your accounts are your accounts.
The password vault maintained by a password manager is a record of your accounts and how to access them. This is valuable for your daily life, and is also a valuable asset for fiduciaries. By carefully choosing with whom and how you share a way to access your password vault, you make your digital life visible and accessible – just like your photo albums and china plates.
Using a password manager can make your accounts visible and accessible not just to you, but also to those you care about when they are closing bank accounts, searching for photos of that one day at the park, and notifying your online hobby group of your passing. The trick is letting the right people know, and limiting their access only until they need that access. The next blog entry will cover how to consider setting up your digital estate with a password manager, and who to involve in the process.
Most of the folk who read this blog probably know what a password manager is. You likely even have opinions about what the best one is. The core audience to the Networked Mortality project, however, does not. While any user of technology is impacted by digital estate planning (either because they are doing it or because they are not doing it), few have the technical literacy to manage their digital assets. These skills are necessary to plan for the future of those assets, which is what is then defined in an estate plan. In order to move into management and future planning, this first in a series of posts will describe what a password manager is in this context. The following entries will cover how to set up a password manager with estate planning in mind; and a checklist with extra credit.
Many folk (maybe that’s you!) keep passwords in written format, share passwords with a family member, or have the browser remember passwords. These are understandable ways of dealing with your accounts – remembering passwords is hard! But these techniques don’t set you up to succeed for estate planning, nor do they protect you from abuses.
The area of study dedicated to thinking about how computers store and transmit information to authorized and unauthorized users is called Information Security, sometimes abbreviated to “InfoSec.” InfoSec experts have long advocated for “strong” passwords, meaning they should be long, with many strange characters. For instance, “password” is not a good password. “2=7Am8,KI5eOL!3AnvbGHjT” is a great password. But how would anyone remember something like that?!
Luckily, smart people have made something called a Password Manager. There are now many different options available, but they all basically work like this:
You create a vault, which requires one password to lock and unlock.
By unlocking that vault, always with that one password, you can use all the other passwords you usually have access to. You don’t have to remember which password goes to which account – the vault does that for you!
This means that you need to remember one password, and because the program is remembering all the rest of them for you, they can be long and complicated like D7z8~t;adn4VfLqR!LhUzLlix}sSH6H|1 which prevents others from guessing them. It’s like carrying around a bag full of keys. You only have to remember the one bag in order to have all the keys with you.
Then you need to put your current keys into the vault. Each password manager has a clear way to add accounts – often as you use them.
This is also an excellent time to change simple or redundant passwords into complex ones.
Please take a look at some password managers – do a search for “password manager” and read what other folk have to say about them. The next post will take you through thinking about using password managers for estate planning, the following post will include questions to keep in mind while doing so, and a final blog post will offer a checklist and some extra credit.
I’m super happy to answer any questions you have. These blog posts will be further improved upon as people ask questions and point out issues – so every bit of feedback you give helps others.
While any user of technology is impacted by digital estate planning (either because they are planning or because they are not planning), few have the technical literacy to manage their digital assets. These skills are necessary to plan for the future of those assets, which is what is then defined in an estate plan. In order to move into digital management and future planning, this Networked Mortality blog series will have several posts on topics such as password managers and digital media assets, which go through this arc of explanation.
We’re going to assume some things about our user base, of which readers of this series are a part, or are supporting someone who is:
Low/negative desire to try new technologies, especially when complicated.
Interact with one or two devices, which other people likely have access to.
Deal with memory loss or other cognitive impairments.
Any threats tend to fall within the elder abuse model.
And we’re going to assume some things about our purpose.
Autonomy should be advocated for whenever possible.
Privacy is important.
We should respect an individual’s wishes.
Death is a community-centric event.
From this perspective, the first set of blog entries will start tomorrow – using password managers for estate planning. The first will cover what password managers are for this audience (literacy), the second how to adapt or set up a password manager for estate planning (management), a third on how to consider choices to be made when doing that set up (future planning), and finally a checklist with extra credit will be offered for individuals to execute.
I reached out to friends at Center for Civic Media about how much I’ve been hearing lately about folk wanting to “pop communication bubbles.” A bunch of these (and Berkman) folk have been working on things like that for a long time, and have some excellent things to share in regards to our attempts, successes, failures. This is a near-exact transposition of their response to my prompt. Platforms which already try to bridge political (or other) differences:
Matias, J. N., Szalavitz, S., Zuckerman, E. (2017) FollowBias: Supporting BehaviorChange Toward Gender Equality by Networked Gatekeepers on Social Media.In Proceedings of the 20th ACM Conference on Computer Supported CooperativeWork & Social Computing. ACM Press, 2017 http://natematias.com/media/research/FollowBias_CSCW_2017-Matias-Szalavi…
Q. Vera Liao and Wai-Tat Fu. 2014. Can you hear menow?: mitigating the echo chamber effect by sourceposition indicators. In Proceedings of the 17th ACMconference on Computer supported cooperative work &social computing. ACM, 184–196.http://dl.acm.org/citation.cfm?id=2531711
D’Ignazio, Catherine. 2014. Engineering serendipity : TerraIncognita and other strange encounters with global news.Thesis. Massachusetts Institute of Technology.http://dspace.mit.edu/handle/1721.1/95597
Siamak Faridani, Ephrat Bitton, Kimiko Ryokai, and KenGoldberg. 2010. Opinion space: a scalable tool for browsing online comments. In Proceedings of theSIGCHI Conference on Human Factors in ComputingSystems. ACM, 1175–1184. http://dl.acm.org/citation.cfm?id=1753502
Matias, J. Nathan, Elena Agapie, Catherine D’Ignazio, and Erhardt Graeff. (2014) Challenges for Personal Behavior Change Research on Information Diversity. Workshop on Personalized Behavior Change, at The 32nd ACM Conference onHuman Factors in Computing Systems (CHI’14). http://http://personalizedchange.weebly.com/position-papers/challenges-f…“bad url”]
https://unfold.com/ breaks news into simple statements, lets users vote their opinion Things which indicate how great Amber is and that it should be used, but I bet were great when they led somewhere:
I did one of these posts last year, inspired by Tilde, who I continue to be inspired by. In an effort to be more consistent in my life, I’m going to do it again this year.
Unachieved 2016 Goals:
I did a lot this year, but I did not do everything I set out to do. Before we jump into the “lookit how great it was!” here are the things at which I fell short:
I have an editor I’m working on with this. But it’s still not out. Fingers crossed on 2017.
Do 2 speaking gigs max — unlimited participatory events
I ended up doing 3, but 2 of those were 7 minutes long. This is still a drastic change from past years.
Read and comment on at least one blog entry/article a week
Reach conversational comfort in Deutsche, Kiswahili, or ASL. Future years for the others.
Yeah, neither of these happened. I still understand how important they are, but they just didn’t stay at the top of the stack.
What I did manage to do was…
Slowed down. For me.
Only travel for (well-paid) work and family/close friends
This year was a year of transitions and movement, but also of stillness and consistency. I did go completely around the world once. I also went to India and Japan, meaning I’m now only missing Antartica from Continent Yhatzee.
That said, I travelled less than I have in years past (~30k less). There was an entire month where I didn’t go anywhere further than a 3 hour drive (!!). This has not happened since 2012.
Most of my corners of the internet are currently filled with rage. One of the ongoing cries is “this is not normal.” It’s true, it’s not. So let’s take a moment to remember what normal has been for the past bit. This is to both balance out the past blog post, and in light of great blog posts like this one about mental health and long fights. Much of my “normal” has to do with where I live and what I look like. I still find it important to talk about them because these levels of freedom are something I actively fight to make available for others on a daily basis in my own flawed and insufficient ways.
Normal has been a high likelihood that overhead helicopters etc are for traffic reporting.
Normal has been walking in my neighborhood safely.
Normal has been making aggressively questioning remarks about government, governance, and other systems of power in public and having lively debate and no concern for my long-term well-being.
Normal has been visiting nearly every continent in 5 years and only getting heavy scrutiny thrice, including when soft-packing through TSA.
Normal has been asking friends to move to encrypted channels and no one being targeted for those moves.
Normal has been holding hands with a girlfriend and a boyfriend on a street corner and only getting occasional side-eye.
Normal has been openly attending talks from activists in other countries.
Normal has been experiencing shock when I see enforcement agents with semi-automatic weapons in other countries (because they don’t where I live).
Normal has been publishing under my own name.
Normal has been making an appointment for, and then getting, an IUD from my doctor, and it being covered by insurance.
Normal has been, and will always be, a slow fight towards more justice and more equality.
Every year, Canada’s Médecins Sans Frontières (AKA Doctors Without Borders / MSF) meets for their Annual General Assembly. I know about this because two years ago their topic was “Is MSF missing the technology boat?” to which I was invited to speak about Geeks Without Bounds and community technology projects with the talk “Technology as a Means to Equality” (video broken because of issues with GWOB YouTube account, and with my apologies). I went back this year because my organizational crush on them maintains, and because Aspiration (my employer for teh past 2 years, a technology capacity building organization for nonprofits) has been working on an ecosystem map of the digital response space. The real-world and values-driven experience of MSF provided valuable insights and data points for that map, and so I went seeking their input. I spent the first day at their Logistics Day hearing about 3D printing for manufacturing and prosthetics, telemedicine, and use of smart phones. My second day was for the Annual General Assembly again, this time as an attendee. The first half of the day focused on how to deal with the bombings of hospitals in war zones, the second half on mental health for patients and for field practitioners. I’d like to speak to you here about the first half of that day, how it overlaps with things I’ve learned here at the Center for Civic Media, things I was reminded of during bunnie and Snowden’s announcement at Forbidden Research, and things which have sadly continued to be relevant.
There are certain things that humanity has learned we find untenable from past experience. Some of these lessons are most notably codified in the Geneva Conventions, ratified by the UN and its membership. Among other things, the Geneva Conventions cover how noncombatants should not be involved in conflict, the right to bring someone to trial for war crimes, and the right to access to medical treatment. This last is of most concern of MSF, namely in that more and more hospitals in war zones are being bombed. These bombings are happening without the external accountability which the Geneva Conventions and the UN Security Council claim to uphold (then again, 4 of the 5 permanent seats on the UN Security Council are held by countries linked to these bombings, so that’s maybe a conflict of interest and integrity). So, maybe this is not a system of accountability we can necessarily depend on any longer. How can the bombings be stopped? Who can (and should) hold those doing the bombings accountable, if not the long-standing (albeit imperfect) Geneva Convertion mechanism? MSF has been maintaining a campaign for public visibility, hoping this will lead to some level of accountability via #NotATarget.
The question that I remembered during bunnie and Snowden’s announcement at Forbidden Research was: are these individual blips of horror across many different countries, or is this a new norm? bunnie and Snowden were referring to the subtle but systemic targeting and killing of journalists. MSF panelists spoke of the picking off of hospitals in conflict zones, sometimes when nothing else around them has been attacked. There are two things at play here: a technological way to do the targeting, but also the acceptance of this happening. One speaker at MSF AGA, Marine Buissonniere, spoke to both of these points by indicating that we should be able to hold both highly contextual circumstances and overall trends in mind at the same time. Perhaps the bombing of one hospital happened in a silo of decision making for one military, but the fact that it is deemed acceptable by so many at the same time indicates a deeper shift in global cultural norms. She and the other panelists also spoke to how this is an ongoing attack on civic life, that hospitals are the last refuge in times of war, and to make them unsafe is to remove the provision of basic needs to entire regions. Whether a subtle cultural shift or a concerted effort to errode transparency, accountability, and safety; both the cases of hospital bombings and targeted journalist killings come from a similar place of disregard for human life and for accountability. It is our responsibility to hold those taking these actions accountable.
It can be difficult to understand what this sort of thing means. It is difficult to build empathy, a huge component in bringing sufficient public attention on those trampling human rights to hold them accountable. The panelists acknowledged “outrage fatigue” coupled with the failure to act from enforcement agencies and courts. When our attention wanes, so too do the mechanisms of accountability. Similar to the work already done around Media Cloud and Catherine’s work on location of the news, a question emerged: would people have cared differently if these bombings were happening a part of the world other than the Middle East and North Africa? Regardless, those perpetrating these violences are benefiting from our outrage fatigue. How can we take care of ourselves and each other while balancing our areas of influence with our areas of concern? How do we choose which actions to take?
Journalism and Medicine
This is in part why I think MSF is so amazing. They act both to respond to a basic human need (access to medical care) in places often abandonded or never paid attention to begin with, and they speak truth about the circumstances in which they do so. To publicly statewhere a hospital is both puts them in immense danger and also protects them through public outcry against that danger… but only if those outcries continue to occur. To seek justice for infractions to human rights can be seen as non-neutral, which would then put MSF deeper in harm’s way.
One way to navigate this might be divvying up parts of this ecosystem. Diederik Lohman from Human Rights Watched joined the panel to speak about documentation and accountability — documentation which MSF practitioners are not trained to create, and the creation of which might jeapordize their status as neutral parties. If instead someone from Human Rights Watch were to document, could MSF better maintain their role as a humanitarian, and therefore neutral, party?
Truth is the first casualty of war
Many of the atrocities associated with #NotATarget remain unaccounted for due to politics. But some have to do with a lack of visibility of the incidents and others of the context of the incidents. MSF often doesn’t disclose the nationalities of their clinicians as a way to emphasize that all tragedy is human tragedy, rather than allowing countries to cherry-pick reporting based on what seems connected to them. But they’re also not great at indicating how many different demographics across civilians and combattants they’ve served on a given day. The impartial nature of their service delivery is invisible to both local and international crowds. What would documentation look like which helped MSF do its job, made disruptions of that work visible in a trusted way, and wouldn’t add to the reach of the surveillance state?
I came away from both of these sessions with more questions than I arrived with, but also greater trust and awareness of the others doing work in these spaces. All my best, in solidarity and hypoallergenic kittens, for all that you do.
I’ve gotten into a few conversations recently with friends for whom this election has deeply shaken their world view. They wonder how — how — this could have happened. And how I can be so damn calm?! Instead of talking through this over and over again, I’m documenting it here.
I am not surprised by Trump winning the election.
A bee once flew into my motorcycle helmet while I was at speed on the highway and I was able to calmly and safely pull over and get it out without either of us losing our lives. My being calm and unsurprised is not an indicator of how terrified I am for my friends, for humanity, and for the planet in this slide towards fascism all over.
I know Trump supporters
People I have cared about for much of my life – and continue to care for – find promise in Trump. I think this is due to their feelings of disempowerment, but they have their own reasons as well. They are just as racist and sexist as anyone in a racist and sexist culture is. Which is to say, at least a little bit. They also, like most/all of my radical and liberal friends, feel disconnected from our governance systems. Sorry to go all Steven Universe on y’all, but I see these folk as potential allies in a very long fight, not as The Enemy. We’re all people, and anything I fight to achieve for my friends (legal recognition of love, freedom of speech, safety from harm) I also fight to achieve for these folk, because human rights apply to everyone.
Our systems are set up for this
Friends are under threat of violence. Our planet is under threat of no longer supporting human life. Friends of mine are under threat of funding being yanked, at an organizational or personal level. These are not new challenges, it is simply that we were mildly comfortable with who was at the helm in a haphazard and ineffective attempt to avoid these issues. Until a system can truly have any person in a role without the output of the system changing, it isn’t stable and maybe shouldn’t be relied upon. And unless a government is fulfilling its basic role to provide baseline human needs through collective action and resource management, it ain’t a government I’m much into. I say in a nominally self-aware way as a white lady in SF who has tons of privilege.
These are long standing issues
There are many social justice organizations which have been long working on problems of systemic violence such as racism and sexism through the means available to them. Those who understand the above point likely haven’t shifted what it is they’re up to all that much based on this election, although we may be working with more urgency than before.
What’s to be done?
When the Snowden revelations came out, some corners of the infosec community shrugged and said “yeah, and?” It was a huge lost opportunity. Suddenly, people care about your cause. This is, as they say, a “teachable moment.” Use this time to onboard people to your cause. Use it to teach and embrace and build solidarity.
Live your life
I don’t believe in needing the external morality of religion to guide my actions (though religion is just fine), and I don’t believe I need a government to tell me how to behave, either. I will continue looking out for my fellow humans, performing small acts of human decency, and wading into fights if needed. I hope you’ll do the same, or be even more present than you have been before. This everyday action thing is also the only way I’ve found to be sustainable in my long years of action.
Join the fight
We’re glad you’re here. Hello. Welcome. There are tons of groups already doing excellent work. Please find and contribute to one of them.
Step outside of your comfort zone
Try listening first, and then acting. Try understanding someone you dislike. Try seeing someone you’ve never looked at before. We’re in this together, regardless of how it shakes out.
One of the hardest lessons and ongoing challenges in digital disaster and humanitarian response is how to connect with a local population. While many digital response groups deal with this by waiting for official actors (like the affected nation’s government, or the United Nations) to activate them, this doesn’t always sit well with my political viewpoints. Some of these affected nations have governments which are not in power at the consent of the governed, and so to require their permission rankles my soul. But to jump in without request or context is also unacceptable. So what’s to be done? It’s from this perspective that I’ve been diving into how civics, disaster, and humanitarian tech overlap. And it’s from this perspective that I’ve been showing up to Bayview meetings for San Francisco city government’s Empowered Communities Program. ECP is working to create neighborhood hubs populated by members already active in their communities. Leaders in local churches, extended care facilities, schools, etc gather about once a month to share how they’ve been thinking about preparedness and to plan a tabletop exercise for their community. This tabletop exercise took place on October 20th in a local gymnasium.
The approach of ECP is generally crush-worthy and worth checking out, so I won’t dive into it too much here. In brief, it is aware of individual and organizational autonomy, of ambient participation, and of interconnectedness. It has various ways of engaging, encourages others to enroll in the program, and lightens everyone’s load in a crisis by lightening it in advance. I am truly a fan of the approach and the participants. It’s also possible to replicate in a distributed and federated way, which means digital groups like the ones I work with could support efforts in understood and strategic ways.
Here is what doesn’t necessarily show through in their website: how grounded in local needs and social justice these community members are. There is a recognition and responsibility to the vulnerable populations of the neighborhood. There is a deep awareness of what resources exist in the community, and of historical trends in removing those resources from a poor neighborhood in a time of crisis. We’ve had frank conversations about what they’ll do about debris, and how the Department of Public Works parking and storage in their neighborhood is suddenly a positive thing. About what to do with human waste, and what a great boon it will be to have the waste water plant in their neighborhood. The things that wealthier parts of the city have vetoed having near them because of noise, pollution, and ugliness (NIMBY, or “not in my back yard”) will make Bayview resilient. They’re preparing to take care of themselves, and then to take care of other neighborhoods.
There’s a plan in NYC now to knock on every. single. resident’s door in the next crisis. It’s an approach other cities might also consider. But it’s one which is nearly impossible to implement. Who is doing the knocking? What are they doing with the information they gain? ECP’s approach is to apply their own oxygen masks first, and then to check on their neighbors, to know what the local Hub can take care of and what is needed for external support. When/If a city employee comes knocking on their door, they can then speed up the process of getting aid to where it’s needed (“I’m ok, but Shelly up the street has our 7 disabled neighbors there and they need a wheelchair, medication, and no-sodium food.”)
The end of the tabletop exercise had Daniel Homsey, the gent who heads up this program, talking about how we didn’t devise plans while together, but we did learn how to suddenly have to work at another role with people we’d barely or never met before. And I, as a digital responder, listened to what the community’s needs were, how they organized themselves, and considered the smallest interventions which could be maximally applied.
People I have cared about for much of my life – and continue to care for – find promise in Trump. I think this is due to their feelings of disempowerment, but they have their own reasons as well. They are just as racist and sexist as anyone in a racist and sexist culture is. Which is to say, at least a little bit. They also, like most/all of my radical and liberal friends, feel disconnected from our governance systems. Sorry to go all Steven Universe on y’all, but I see these folk as potential allies in a very long fight, not as The Enemy. We’re all people, and anything I fight to achieve for my friends (legal recognition of love, freedom of speech, safety from harm) I also fight to achieve for these folk, because human rights apply to everyone.