The reason why an account is required is because asymmetric cryptography is used to share data. The simplest way to create and implement the public and private keys is through the extension.
Currently my master password is used to encrypt data locally, which is then shipped server side for storage and sync purposes. All you get server side is either an encrypted binary blob, and you don't have the keys to to decrypt any of it (I trust that you don't...).
Am I right in assuming that with emergency access, you generate a public/private key pair, with the private key assigned to my emergency contact's account, and my vault data encrypted using the public key and stored server side until it is needed? Doesn't that compromise the contract of LastPass employees (or other "attackers") not being able to decrypt any of my vault data, since now you have both the encrypted blob, and the corresponding decryption key?
Provided I'm right, what happens to the key pair, and corresponding encrypted emergency sync data when the emergency contact is removed from my account? Are all the parts (keys + data) of that contract destroyed too?
Can you please provide more details on how this is implemented exactly
? (go as technically detailed as you can)
P.S.: I've missed one bit I think - the private key is likely passphrase protected, with the passphrase being the emergency contact's master password. Hence, even if the key is intercepted, it will be useless unless the attacker is able to retrieve the master password.