There is a social scheme to provide a level of relative security for an encrypted time capsule:
- Choose n separate trusted individuals or organisations, ideally scattered around the world and unaware of who each other are
- Gain promises from these entities that they will each send a block of data to the time capsule at a given time, and not before
- Decide by policy how many of these entities (m) should be required to do their part, for the time capsule to be decrypted
- For every combination of m entities, generate m strings, where the XOR of all these m strings arrives at the decryption key
- For each of the n entities, issue the required number of strings (n-1)C(r-1) required to contribute to every combination of m entities of which this entity is a part
- Each string is prefixed with a binary string of n bits, indicating by true/false values whether the string is part of a group of each of the n respective keepers
- The whole set of strings given to each entity would be prefixed by a 'keeper number' and then encrypted
- The time capsule curator destroys all record of who these trusted agents are, and relies on them to send their keys at the appointed time
Example - 10 keepers chosen, 4 in UK, 1 in Iceland, 2 in Australia, 1 in USA, 1 in Uruguay and 1 in Morocco. Policy chosen so that the cooperation of 7 is required to decrypt. Each keeper then is thus issued 84 strings. 1 agent dies, another agent gets busted, and a third agent becomes opposed to the decryption. This leaves 7 agents. They each send their key packages in to the time capsule curator, who decrypts each package, identifies which string within each package is need to form the key, XORs these strings, then arrives at a final decryption key.
Even if an intelligence organisation manages to extract keys from 6 of the agents, they won't be able to decrypt. If on the other hand, they kill up to 3 of the agents and stop them returning their keys, the decryption can still go ahead.
Ideally, you would want to set n and m according to perceived risk, plus the size of the data set. For example, 36 agents and 20 required would produce a key set which would fit into a cheap 8GB USB stick.