The Flip Side of Privacy in the Cryptosphere: When Estate Wealth and Data Goes Crypto Forever

By | October 29, 2018

Courtesy of Joanna Diane Caytas

When Spanish galleons, and vessels of other nations, sank with tons of gold, jewelry, and artwork, treasures disappeared for centuries. Estimates suggest that up to three million shipwrecks may be littering the ocean floor around the globe, inspiring adventurers (and venture capitalists) who end up in predictable legal disputes over ownership and finder’s rewards and taxes. This article highlights a number of key risks and insecurities inherent in cryptocurrency holdings, both for the initial investor and for his judgment creditors or the administrators of his bankrupt or decedent’s estate.

Matthew Mellon’s Case

When Matthew Taylor Mellon II died of a heart attack in Cancun, it was reported that his $2 million dollar investment in global payments pioneer Ripple Labs Inc.’s cryptocurrency, XRP, had risen to $1 billion at its peak in January 2018. This placed him squarely on Forbes’ list of The Richest People In Cryptocurrency. Leaving the technological merits of XRP aside, Mellon’s sudden death may have wiped out his estate’s access to his XRP holdings as his digital keys are believed to have been kept locked up under pseudonyms in cold wallets not connected to the internet in different locations across the United States. Regardless of value, there are currently only technical, not legal, procedures in place to recover digital assets in the event of death, where passwords, digital keys, seeds, and mnemonic phrases are often safely locked away in mobile apps, digital wallets and offline hardware wallets. Cases like Mellon’s gave rise to “inheritable digital safes” that allow a designated recipient to access a person’s digital assets.

Mellon gloated that his intuition far surpassed that of his family, which had tried to dissuade him from sinking $2 million into XRP, saying: “[m]y family thought I was insane, when I knew it was a home run.” But this does not support a conclusion that he had somehow chosen (or at least implicitly accepted) the risk of keeping this digital asset out of his estate by declining to protect it.[1] Despite a long-recognized need, digital service providers advertising “legacy lockers” hardly offer a satisfactory solution.[2] Mellon’s case may spur the evolution of digital aspects to the law of succession,[3] which would be a welcome development considering the average Americans’ digital estate has reached rather significant, although hardly estate-taxable proportions.[4]

A Specter of Comparable Cases

Despite the large amount involved, Mellon’s case is far from unique. Broadly speaking, typical loss factors include a handful of other scenarios, each demonstrated by a number of cases:

  • Physical loss of media containing digital access keys

One man in Wales threw away a computer hard drive without removing his bitcoin access tools. The town refused to grant the man access to the landfill for environmental reasons, meaning his $108 million in bitcoin is likely lost forever.

  • Physical robbery or theft of digital access keys

A classical low-tech approach flourishes in Russia and Ukraine: physical robbery of cryptocurrencies in broad daylight.

  • Bugs in digital wallet services

A software bug in cryptocurrency wallet Parity caused $300 million in Ether to be lost forever. Parity has also been vulnerable to hacking.

  • Hacker attacks on digital exchanges, wallets or storage devices

Numerous cryptocurrency exchanges have been hacked, resulting in theft in over $1 billion worth of cryptocurrency

  • Misplaced or forgotten access code

A former editor of WIRED had to crack his Trezor Wallet following instructions by a teenage coding wizard.

In sum, vulnerabilities in access methods, the key risk of all encryption, extends to cryptocurrencies. 23% of all bitcoin has reportedly been somehow irretrievably “lost”, and while technology may render unauthorized access more complex, it does not really require fundamentally novel legal concepts, given that at least some of the victims appear to qualify for the Darwin Awards by failing to exercise appropriate diligence.

Legal Mechanisms to Sidestep Access Instruments?

Prima facie, there should be no need for new rules provided a decedent’s title to an asset can be demonstrated.[5] But, similar to physically established anonymity in a bygone era of anonymous or pseudonymous passbooks or securities certificates, such proof requires custody and control of the access instrument – in this case not a physical document like a passbook or certificate, but an algorithmic access procedure.[6] Whatever the rule, Bentham’s famous dictum reminds us that property and legal foundations are inextricably entwined.[7]

In the case of a brick-and-mortar ‘fiat money’ bank, the statute of limitations will expire at some point, while the estate will be protected by record retention mandates and discovery rules. But how does this framework apply in the age of decentralized ledger entries based solely on market acceptance, as is the case with cryptocurrency, where one party’s asset is not necessarily another (regulated) party’s liability?[8]

Squaring Blockchain and Other Encrypted Technologies with Due Process Standards

Models and tentative checklists have been devised to avoid practical frictions for successors in interest. While well-intentioned, they are far from exhaustive when it comes to the  potential legal issues, where no legislative guidelines, much less controlling jurisprudence, exists to date.

This matter adopts particular urgency due to the relative illiquidity of cryptocurrencies.[9] A decedent may have invested a relatively modest amount (in Mellon’s case $2 million) but its valuation may have mushroomed past thresholds for estate tax and other planning considerations. The federal Electronic Communications Privacy Act generally forbids service providers from “providing access to any person who is not an account owner” (see Electronic Communications Privacy Act of 1986, 18 U.S.C. § 2702 (2006): “[A] person or entity providing an electronic communication service [or remote computing service] to the public shall not knowingly divulge to any person or entity the contents of a communication while in electronic storage by that service  [or which is carried or maintained on that service]…”) (emphasis added).[10] Parts of the matter are also addressed in the Stored Communications Act, 18 U.S.C. §§ 2701-2712 (1986) and in the Computer Fraud and Abuse Act, 18 U.S.C. § 1030 (1986).[11]

While the legal aspects and pitfalls[12] of digital property[13] are complex enough under U.S. domestic law,[14] the private international law of decedent’s assets could also lead to multiple countries claiming jurisdiction over parts or all of the estate. It is irrelevant for the narrow purpose of estate matters,[15] but still an overarching challenge to separate the visionary wheat from the chaff in crypto.  Examples of that dilemma exist in numerous jurisdictions.[16] An overview of current state digital estate planning laws can be found here.[17]

Quantum Technology’s Threat to Pre-Quantum Encryption

Encryption is one of the core characteristics of cryptocurrency. It is the basis of cryptocurrency’s claims of privacy and anonymity. Any threat to encryption is therefore an existential threat to value and acceptance of cryptocurrencies. Aside from other security issues in blockchain technology,[18] including network architecture, encryption is threatened by the looming quantum computing revolution that is expected to make brute force attacks on any known encryption methods fast, cheap, and easy.

The need for a distributed global re-mastering of all encrypted digital assets with quantum-proof, post-quantum encryption technology presents a further challenge: its energy costs and thus its environmental footprint. With current technologies, the annual energy use of miners, the advent of For obvious reasons, the advent of quantum decryption – which in itself will be difficult enough to determine, especially if it is accomplished first by state actors or actors in their orbit – will have enormous consequences for all inadequately pre-quantum encrypted networked data, including cryptocurrencies. Achieving simultaneity in the availability of quantum decryption and encryption capabilities, especially when they are not generated by the same source, and its global distribution in a practicable fashion without the foreseeable consequences of a technology overlap, will be one of the great national and private security challenges of the 21st century for distributed ledger technology.

Dawning Needs for Technology Transfer Logistics

This task requires the emergence of a new mission-critical area of knowledge: technology logistics. In a networked world, the capabilities of generating disruptive technologies are no longer enough if all targeted potential users cannot be converted to ‘early adopters’ simultaneously and in real time. Latency periods for the global distribution of technology, formerly measured in decades or at least years, can not afford to take weeks or months without egregious damage. While rudimentary quantum decryption tools already exist somewhere, quantum encryption needs to go through a global logistical proliferation process. During that period of overlap, virtually no data protection will exist and parties with access to quantum decryption will literally be “shooting fish in a barrel,” as was characteristic for the early, pre-Snowden days in the War on Terror, when unsophisticated security threats used poorly secured communication devices and had no grasp of drone, robotic or financial warfare. This techno-monopolistic respite was short-lived under the realities of robotic warfare and of financial and infrastructural digital technology proliferation.[19] Its reincarnation will be short-lived again.

Integrating Technology Development with Stakeholder Interests

Many features of a common law system of property apply to digital assets and will evolve, not quite in lockstep with technology but with a noticeable lag.[20] Then, data comprising digital assets will be understood for what they are, as they become suitable objects of property rights. The old binary conception of personal property consisting of choses in possession and choses in action should not be an obstacle, if indeed it ever was, to their recognition as property.[21] Accordingly, routines in estate planning will not only increasingly apply to digital assets, but will also require legal accommodations on a broad scale to square the following concerns:

  • legitimate post-mortem privacy interests of the deceased;
  • property interests of the estate;
  • privacy and other interests of third-party stakeholders;
  • fiscal and informational interests of the public;
  • procedural economy and expediency; and
  • where applicable, national security interests.

Among numerous issues that will require significant re-evaluation some stand out:

  • document retention rules – since, in most cases, the retention of digital documents involves virtually no cost or document deterioration;
  • authentication rules for evidence;
  • time bars in statutes of limitations – given the increasingly “eternal” life of digitalized evidence, contrasted with the fact that its authentication and context may probably still require human testimony that may or may not justify a change of policies originally created to address its shortcomings.

If blockchain technology is to catalyze a decentralized global Internet 2.0 on a massive peer-to-peer scale and achieve its stated goal of disintermediation, these questions, and more, will require systemic and globally acceptable solutions that do not attempt to explain a brave new world with venerable historic terms.[22]



[1] See, e.g., Gerry W. Beyer, Digital Assets – A Guide to Planning and Administration, Est. Plan. Stud. (Montecito Bank & Trust, January 2018),; Sarah Jacobsson Purewal, How to Prepare for Your Digital Afterlife, CNET (Mar. 2, 2016),; Gerry W. Beyer & Kerri M. Gritlin, Estate Planning for Digital Assets, Est. Plan. Dev. Tex. Prof. (April 2011), available at; Deborah L. Jacobs, Six Ways to Store Securely the Keys to Your Online Financial Life, Forbes, Feb. 15, 2011,; Michael D. Roy, Note, Beyond the Digital Asset Dilemma: Will Online Services Revolutionize Estate Planning? 24 Quinnipiac Prob. L.J. 376 (2011); Ken Strutin, What Happens to Your Digital Life When You Die? N.Y. L. J., Jan. 27, 2011,; Rob Walker, Cyberspace When You’re Dead, N.Y. Times, Jan. 5, 2011,

[2] David Shulman, Estate Planning for Your Digital Life, or, Why Legacy Locker is a Big Fat Lawsuit Waiting to Happen, S. Fla. Est. Plan. L. (March 21, 2009),


[3] Continuing an arc started by David F. Libling, The Concept of Property: Property in Intangibles, 94 L.Q. Rev. 103, 104 (1978) (“Any expenditure of mental or physical effort, as a result of which there is created an entity, whether tangible or intangible, vests in the person who brought the entity into being…”), redirected by the seminal article of John H. Langbein, The Nonprobate Revolution and the Future of the Law of Succession, 97 Harv. L. Rev. 1108 (1984) and that included more recently Abraham Bell & Gideon Parchomovsky, A Theory of Property, 90 Cornell L. Rev. 531, 545 (2005) (“In the bundle metaphor, each right, power, privilege, or duty is but one stick in an aggregate bundle that constitutes a property relationship. Whether removing a stick (or set thereof) from the bundle will negate the classification of the reminder as property cannot be determined in advance”) (footnotes omitted) and David Horton, Contractual Indescendibility, 66 Hastings L.J. 1047 (2015) as well as Lawrence M. Friedman, Dead Hands: A Social History of Wills Trusts, and Inheritance Law 3 (2009) (“[E]verything will pass on to somebody or something else”). See also Naomi Cahn, Probate Law Meets the Digital Age, 67 Vanderbilt L. Rev. 1697 (2014); and Jamie P. Hopkins, Ilya Lipin & John Whitham, The Importance of Digital Asset Succession Planning for Small Businesses, J. Fin. Plan. 54 (Sept. 2014), and Gregory S. Alexander & Eduardo M. Peñalver, An Introduction to Property Theory 47 (2012).

[4] McAfee Reveals Average Internet User Has More Than $37,000 in Unprotected ‘Digital Assets’, IDG Comm. (Sept. 27, 2011), (including photos, projects, hobbies, personal records, career information, entertainment, and e-mail); see also; Susan Stellin, The Afterlife of Your Frequent Flier Miles, N.Y. Times (Nov. 21, 2012),

[5] See, e.g., Richard A. Epstein, Possession as the Root of Title, 13 Ga. L. Rev. 1221 (1979). But technology has created numerous pitfalls for doctrinal concepts of property law as we knew it. See Sandi S. Varnado, Your Digital Footprint Left Behind at Death: An Illustration of Technology Leaving the Law Behind, 74 La. L. Rev. 719, 719 (2014) and Alfred C. Yen, Western Frontier or Feudal Society? Metaphors and Perceptions of Cyberspace, 17 Berkeley Tech. L.J. 1207, 1233-34 (2002), in contrast to Joseph William Singer, Democratic Estates: Property Law in a Free and Democratic Society, 94 Cornell L. Rev. 1009, 1051 (2009) or Gregory S. Alexander, Time and Property in the American Republican Legal Culture, 66 N.Y.U. L. Rev. 273 (1991) or William H. Simon, Social-Republican Property, 38 UCLA L. Rev. 1335 (1991) and Joseph William Singer, The Reliance Interest in Property, 40 Stan. L. Rev. 611, 619 (1988). Conceptual fundamentals of property hearken back in many instances to John Locke: see Ruckelshaus v. Monsanto Co., 467 U.S. 986, 1003 (1984) (citing John Locke, The Second Treatise of Civil Government ch. 5 (J. Gough ed., 1947)); Adam D. Moore, A Lockean Theory of Intellectual Property, 21 Hamline L. Rev. 65, 78 (1997); and Adam Mossoff, Locke’s Labor Lost 9 (U. Chi. L. Sch. Roundtable 155, 156, 2002) (“It is the idea of ‘mixing labor’ as the mechanism for creating property that has proven to be the Achilles heel exposed to contemporary commentators…”)

[6] See National Conference of Commissioners on Uniform State Laws, Revised Uniform Fiduciary Access to Digital Assets (2015),,%20Revised%20(2015); Victoria Blachly, Uniform Fiduciary Access to Digital Assets Act: What UFDAA Know, Prob. & Prop., no. 29, July-Aug. 2015, at 8, 10 (“Often, these assets have economic value and should be included in the estate for tax purposes”). See also Naomi R. Cahn, Christina Kunz & Suzanne Brown Walsh, Digital Assets and Fiduciaries (GWU Legal Stud. Res. Paper, 2016), available at; and New Oklahoma Law Puts Control of Deceased’s Social Media Accounts in Estate Executors, Int’l Bus. Times, Dec. 2, 2010,; and Sarah Howard Jenkins, Application of the U.C.C. to Nonpayment Virtual Assets or Digital Art, 11 Duq. Bus. L.J. 245 (2009). See also Computer Fraud and Abuse Act, 18 U.S.C. § 1030 (2006).

[7] Jeremy Bentham, The Theory of Legislation 69 (Oceana Publications, Inc. 1975) (1802) (“Property and law are born together and die together. Before laws were made there was no property; take away laws, and property ceases”). See also Georg Wilhelm Friedrich Hegel, The Philosophy of Right 23 (T.M. Knox, trans., Encyclopedia Britannica 1952) (1821) (“A person has as his substantive end the right of putting his will into any and every thing thereby making it his”). But see Natalie M. Banta, Property Interests in Digital Assets: The Rise of Digital Feudalism, 38 Cardozo L. Rev. 1099 (2017).

[8] See Stan Higgins, U.S. Marshals Service to Auction Off $54 Million in Bitcoin, Coindesk (Jan. 11, 2018),; and Iuon-Chang Lin & Tzu-Chun Liao, A Survey of Blockchain Security Issues and Challenges, 19 Int’l J. Network Security 653 (Sept. 2017),; E. Cheng, U.S. Government Misses Out on $600 million Payday by Selling Dirty Bitcoins Too Early, CNBC (Oct. 3, 2017),; and Steve Hudak, FinCEN Fines BTC-e Virtual Currency Exchange $110 Million for Facilitating Ransomware, Dark Net Drug Sales, FinCEN.Gov (July 27, 2017), See also generally David Fox, Property Rights in Money (2008).

[9] Arvind Natayanan, Joseph Bonneau, Edward Felten, Andrew Miller & Steven Goldfeder, Bitcoin and Cryptocurrency Technology – A Comprehensive Introduction (2016); Malte Möser, Rainer Böhme & Dominic Breuker, Towards Risk Scoring of Bitcoin Transactions, in Financial Cryptography & Data Security, 8438 Lecture Notes in Computer Science, FC 2014 (2014). See also Sarah Meiklejohn, Marjori Pomarole, Grant Jordan, Kirill Levchenko, Damon McCoy, Geoffrey M. Voelcker & Stefan Savage, A Fistful of Bitcoins: Characterizing Payments Among Men with No Names, 59 Comm. ACM, no. 4, April 2016, at 86,; and Joseph M. Mentrek, Estate Planning in a Digital World, 19 Ohio Prob. L.J. 195 (May/June 2009).

[10] See also Jeehyeon (Jenny) Lee, Death and Live Feeds: Privacy Protection in Fiduciary Access to Digital Assets, Colum. Bus. L. Rev. 654 (2015).

[11] See Michael D. Walker, The New Uniform Digital Assets Law: Estate Planning and Administration in the Information Age, Real Prop., Tr. & Est. L. J. 51 (Spring 2017).

[12] Lauren G. Barron & Samantha L. Heaton, Digital Assets in Estate Administration: Concerns and Considerations for Fiduciaries, Willamette Insights 13 (Autumn 2014), available at

[13] Steven Maimes, Understand and Manage Digital Property, Wealth Advisor Blog (Nov. 20, 2009),

[14] Legislation has been enacted in a number of states: See Conn. Gen. Stat. Ann. § 45a-334a (West Supp. 2012); Del. Code Ann. Tit. 12, § 5004 (West 2016);2007 R.I. Pub. Laws 895-96 (codified at R.I. Gen Laws §§ 33-27-1 to -5 (2011); Idaho Code § 15.3.715(28) (2016); 2007 Ind. Acts 970 (codified in Ind. Code Ann. § 29-1-13-1.1 (LexisNexis 2011) (defining “custodian” as “any person who electronically stores the documents or information of another person”); Nev. Rev. Stat. Ann. § 143.188 (West 2013); 2010 Okla. Sess. Laws 621-22 (codified at Okla. Stat. Ann. Tit. 58, § 269 (West Supp. 2012)); Idaho Sess. Laws 144-46 (codified at Idaho Code Ann. § 15-3-7.1 (Supp. 2012)); Neb. L.B. 783, 102 Leg., 2d Sess. (Neb. 2012); VA Code Ann. § 64.2-110 (2016).

[15] For doctrinal aspects of digital estate matters, see Heather Conway & Sheena Grattan, The ‘New’ New Property: Dealing with Digital Assets on Death, in 9 Modern Studies in Property Law 99 (Heather Conway & Robin Hickey eds., 2017); Alberto B. Lopez, Posthumous Privacy Decedent Intent, and Post-Mortem Access to Digital Assets, 24 Geo. Mason L. Rev. 183 (2016); Alberto B Lopez, Death and the Digital Age: The Disposition of Digital Assets, 3 Savannah L. Rev. 77 (2016); Natalie M. Banta, Inherit the Cloud: The Role of Private Contracts in Distributing or Deleting Digital Assets at Death, 84 Fordham L. Rev. 789 (2014); Jamie P. Hopkins, Afterlife in the Cloud: Managing a Digital Estate, 5 Hastings Sci & Tech. L.J. 210, 221 (2013); Maria Perrone, What Happens When We Die: Estate Planning of Digital Assets, 21 CommLaw Conspectus 185 (2012); Evan Carroll & John Romano, Your Digital Afterlife: When Facebook, Flickr and Twitter Are Your Estate. What’s Your Legacy? (2011); John Conner, Comment, Digital Life After Death, 3 Est. Plan. & Community Prop. L.J., 301, 303 (2011) (noting the absence of definitions of digital assets in both Webster’s Dictionary and Black’s Law Dictionary); Noah Katler, Note, Protecting Your Online You: A New Approach to Handling Your Online Persona After Death, 26 Berkeley Tech. L.J. 1641 (2011).

[16] See, e.g., Joanna Diane Caytas, Regulation of Cryptocurrencies and Initial Coin Offerings in Switzerland: Declared Vision of a ‘Crypto Nation,’ 31 NYSBA Int’l L. Practicum, no. 1, 2018, at 53; Joanna Diane Caytas, Regulation of Cryptocurrencies and Initial Coin Offerings in Poland – Ambivalence at Its Best, 31 NYSBA NYSBA Int’l L. Practicum, no. 1, 2018, at 65; Joanna Diane Caytas, Regulatory Issues and Challenges Presented by Virtual Currencies, Colum. Bus. L. Rev. (May 30, 2017); and Joanna Diane Caytas, Blockchain in the U.S. Regulatory Setting: Evidentiary Use in Vermont, Delaware and Elsewhere, Colum. Sci. & Tech. L. Rev (May 30, 2017).

[17] See also Matthew W. Costello, Note, The “PEAC” of Digital Estate Legislation in the United States: Should States “Like” That? 49 Suffolk U. L. Rev. 429 (2016).

[18] Ross Anderson, Ilia Shumailov & Mansoor Ahmed, Making Bitcoin Legal (Cambridge U. Computer Laboratory, 2018),; and Nathaniel Popper, Bitcoin Thieves Threaten Real Violence for Virtual Currencies, N.Y. Times, Feb. 18, 2018,

[19] See, e.g., Joanna Diane Caytas, Note, Weaponizing Finance: U.S. and European Options, Tools, and Policies, 23 Colum. J. Eur. L. 441 (2017); Joanna Diane Caytas, Sanctions, Real and Imaginary: Experiences with Russia in the Ukraine Crisis, 9 Amsterdam L. F., no. 2, May 2017, at 26.

[20] See Rain Liivoja, Technological Change and the Evolution of the Law of War, 97 Int’l Rev. Red Cross 1157 (2016),; and Ruchir Patel, The Legal Lag Behind Emerging Technology: Aereo – Innovation or Exploit? B.C. Int. Prop. & Tech. F. (2015),

[21] David Fox, Cybercurrencies in the Common Law of Property (2018), available at See also Laura S. Underkuffler, The Idea of Property: Its Meaning and Power 11, 16 (2003) (“The idea that property is “things” is, however, easily discredited by lawyers and philosophers for its awkwardness and incompleteness”; and “Property…involves rights, privileges, powers and immunities that govern the relative power of individuals over tangible and intangible things”) (footnotes omitted).

[22] Justin H. Brown & Ross Bruch, Administering Estates with Digital Assets: using 20th Century Laws to Administer 21st Century Estates, Real Property, Probate & Trust Law Section Newsletter 6, Pennsylvania Bar Association (Summer/Fall 2018),


Joanna Diane Caytas practices tax law and digital assets in New York. She has published several articles on legal issues in blockchain technology and digital assets. Opinions expressed herein are solely those of the author for the purpose of furthering discussion and debate about current policies in financial and digital assets regulation.


0 thoughts on “The Flip Side of Privacy in the Cryptosphere: When Estate Wealth and Data Goes Crypto Forever

  1. Ethereum Wallet

    You make a great point with the ideas of loss and theft when it comes to the property and people passing on. I also like the perspective of what you said about quantum and shooting fish in a barrel, it is an evolving space but so does wallet systems and I think in the coming years, there will be a continuing evolution with the cooperation and acceptance of regulations and laws.

  2. Pingback: Passwords And Estate Planning: Protect Your Digital Assets

  3. Privacy coin

    There’s also off-chain privacy mechanisms to consider as well, of course for cryptocurrencies using a mint/spend system such as Sigma protocol, it’s impossible to know how many coins are held within a wallet off-chain without breaking the wallet encryption itself. So for the open source privacy coin NIX protocol, you can see the on-chain public transactions without any issue (as this uses optional privacy), however once anything is sent to the vault there is simply no way of knowing how many coins still exist in the wallet in the ‘ghosted’ state, as when they are redeemed from the zero knowledge state, these coins are untraceable and can reappear appear in another address within the wallet any time. Additionally there’s also no way of tracing these coins if they’ve ever been sent to a third-party wallet either by using the pederson anonymous “commitment key pack” mechanism (basically a similar result to mimblewimble but on a bitcoin core codebase). This makes it impossible to ascertain an accurate ledger of funds held after forced seizure or after death, but with the benefit of the overall integrity of the chain remaining intact, since it’s still fully auditable.


Leave a Reply

Your email address will not be published. Required fields are marked *