Am I required to hand out private encryption key to head of institute?

This seems like an X-Y problem. Why is important work data only kept on a computer on your desk, in the first place? I would expect it to be on a Git repository, or on the shared storage space of a workplace server.

Once you fix this problem, the issue you mention becomes irrelevant: your data will not be lost if your disk suddenly becomes inaccessible.

So a practical way to address the issue could be offering to put more of your work data in shared servers and git repositories, so that the problem disappears. Ask your superiors which data they are worried about, and offer to keep them online preemptively.


I am going to (partially) disagree with some of the answers here. I think it really depends on who is asking for your key, and based on what policy.

First of, I am more than confused by the many answers here assuring that the university has in general no business accessing information on the computer they provided you - the IT usage policy in all institutions I worked at so far (in Austria, Switzerland, and Sweden) would certainly disagree with this stance. Sure, the lived practice is that they give you a computer and then don't care much about what you do with it, but the fact remains that it is the university's computer, and that you also use it for private things (maybe with their explicit permission) does not change this fact.

However, if the (somewhat silly) plan of requesting private keys is appropriate depends on who made this request - if this is actually part of the written IT policy (very unlikely) your options are to give them the key or stop using the equipment they provide, but if it's just a wild idea of your PI you have all the right in the world to just say no. "Your" computer isn't really yours, but it also isn't your PI's. Even if they paid for it through their grants, the computer belongs to the university, and university policy governs how they are managed. I am also fairly sure that your IT department would back you up on this if push comes to shove, because a supervisor (or whoever) storing a bunch of private keys or passwords sounds like a liability / traceability nightmare that nobody wants to deal with.

Morally, how would I best act in this situation? Should I hand over a wrong (digital) private key and hope that this situation would never happen?

Certainly not - that's just as silly as asking for the key in the first place, and if your PI wants to test it (every backup solution is only as good as the last time you tested it) you may run into major conflicts. It's much better to acknowledge that their concern is per se not unfounded, even if their solution approach is bad, and to work with them on a better solution. Having a cloud service for data backup would be an obvious approach.

Instead of rebelling, I am thinking to give access to part of the system only, i.e., put certain data in an encrypted container that they cannot access? I do not have to mention this anywhere if I hide the container good enough...(maybe that is not even necessary).

Unless there is some deep distrust between you and however is requesting this key I don't see why they would mind if you had a separate "non-work" partition (assuming that they allow private usage in the first place). That said, as I mentioned before the whole idea of collecting private keys / passwords is a bad solution to the problem anyway.


Morally, how would I best act in this situation?

The moral thing to do is first of all to recalibrate your somewhat immature (in my opinion) attitude towards this question and stop trying to think about dishonest solutions like giving an incorrect password or undoing the system-wide encryption but hiding encrypted content on your system and not telling anyone about it. Whether or not you should agree to give the password is a separate question where the answer would be more nuanced, but certainly if you care about behaving morally, do not lie to your supervisors. Any option that involves dishonesty should be unconditionally off the table.

As for the question of whether to give the (correct) password: first, I think it’s reasonable of you to find the policy a bit draconian. I myself am a person who cares a lot about privacy, and as most academics do, I sometimes use my work email for private purposes, so I get where you’re coming from. I wouldn’t want my employers going through my emails. But I also am perfectly aware that they have the right (and technical means) to do that, so if I need to send something especially private or sensitive, I use a different, private email that is protected by a separate password and is not physically stored on my work computer.

What I find unreasonable however is that you are complaining about the policy and how it infringes on your privacy rights, without looking at things from the institute’s point of view, acknowledging that they are trying to solve what is a real problem for them, or offering a solution that might make the violation of your privacy unnecessary. It would be completely reasonable and honorable for you to go to your department chair (or other relevant administrator), say you object to the policy and offer them an alternative plan that ensures accessibility of your work data in unexpected events. A smart administrator would be willing to negotiate a solution that keeps their researchers happy while still meeting the institution’s needs, so I’m optimistic that a solution can be found. And if they don’t agree and just insist that you hand over the password? Well, then, the mature, professional thing to do is to follow your institution’s policies, even if you disagree with them, and vow to behave more reasonably in the future when you yourself someday become an administrator.

Finally, I want to share with you an insight I had one time during the years I was a department chair. I noticed that regular employees have a different approach to risk (of all different kinds) than administrators do. A regular employee will often be willing to ignore the possibility of low-probability events happening and choose a more risky path when making a decision, but administrators are much more sensitive to such things. The reason is that from your point of view, the low probability event of you falling very ill (to use your example) or otherwise not being available to provide coworkers access to your data seems like an outlandishly unlikely event that is like nothing you have experienced happening in your lifetime. But from the administrator’s point of view, they actually see low probability events happening all the time, somewhere in the organization. Those events are not at all “low probability” from their point of view, and it is precisely the administrator’s job to put in place policies that protect the organization in the actually very likely event that such things end up happening to someone.

So what I’m saying is, the administrators aren’t necessarily being as unreasonable as you think with their data protection policies. But of course, it’s reasonable to want to have some privacy as I said, so it isn’t obvious to me that your objections are completely wrong or misguided. Anyway, good luck.