Yottabytes: Storage and Disaster Recovery

Feb 9 2016   8:53PM GMT

Can Your Heirs Get to Your Data When You’re Dead?

Sharon Fisher Sharon Fisher Profile: Sharon Fisher


Normally, this blog talks about the value of protecting your data, whether it’s preserving it, locking it up, encrypting it, and so on. But today we’re going to talk about when you probably don’t want to do that.

Namely, when you’re dead.

Passed on.  No more. Ceased to be. Expired and gone to meet your maker. Stiff. Bereft of life. Pushing up the daisies. Metabolic processes are now history. Off the twig. Kicked the bucket. Shuffled off this mortal coil. Run down the curtain and joined the bleeding choir invisible. Ex-geek.

You get the picture.

“In establishing our online presence: a) we use a computer, camera, or mobile device; b) we register with online services: email, banking, online purchases, photo sharing, website hosting; and c) we store files on a hosting server, network, or cloud service,” writes Crystal Sharp in Online Searcher. “Most of us have several online accounts with different types of services: bank accounts and investments in more than one institution, medical records in a personal health record, website domain ownership information, and photos, music, video, and blogs on various social networking sites. On a regular basis, we may pay bills, collect royalties, make investment decisions, update information, renew subscriptions, or close accounts. Access to each account is by password and users are advised, for security, to have different passwords for each account.”

But all of that becomes terribly complex, Sharp warns. “In an emergency, no one may know what accounts we subscribe to, how to access information for each account, or how to deal with the content within each account unless we record details of the accounts we have, show how to gain access to each account, and provide instructions in a readable and easily available format on what needs to be done.”

Something to keep in mind is that these digital assets may have real value. A 2013 McAfee estimate found that the average person has digital assets worth $35,000. Whether it’s Bitcoin, airline miles, domain names you own, or purchased media, digital assets can add up.

There are certain terms of art associated with the post-death disposition of your digital identity, whether it’s data stored on your own servers, or data stored on somebody else’s servers. Moreover, a lot of this stuff is changing all the time, as these services figure out that, hey, clients die, their heirs want access to it, and they’d better figure out how to handle it.

So the terms you’re looking for are typically “digital assets” for the stuff, “digital legacy” for the stuff after you’re dead, “digital estate plan” for what to do with the stuff after you’re dead, and “digital executor” for the person who handles the stuff after you’re dead. This is all complicated by the fact that not all states recognize digital estate plans or digital executors, but it’s a good idea to write it all down anyway, recommends digital estate service vendor Everplans.

There have been a number of well-publicized incidents of heirs who struggled to retrieve the digital assets of people who died. In one case, a son gave up as much as $2000 in a PayPal account because the father hadn’t left a will granting him possession—even though bank accounts had no problem paying out.

Then there’s Michael Hamelin, a hacker who died in an accident in which his wife was also injured. He secured the family’s systems so well that even with the help of other hacker friends, she hasn’t been able to gain access to some of their files, including the only copies of digital photographs they owned, writes Patrick Howell O’Neill in the Daily Dot.

There have also been legal cases as companies wrestle with the issue of privacy vs. legal access. In one example, Peggy Bush, a 72-year-old Canadian widow, was told by Apple that she’d have to get a court order for the company to reveal the password to an iPad card game she and her husband liked to play. “I thought it was ridiculous,” she told Rosa Marchitelli in CBC News. “I could get the pensions, I could get benefits, I could get all kinds of things from the federal government and the other government. But from Apple, I couldn’t even get a silly password. It’s nonsense.”

Moreover, laws may vary from state to state. While the Uniform Fiduciary Access to Digital Assets Act (UFADAA) has been passed to help address this issue, not all states have supported it, and there has been pushback from vendors. Nearly half of U.S. states have introduced legislation in 2015 to enact UFADAA, according to ARMA International. “However, most of those efforts have stalled due to opposition from Internet and telecommunications companies concerned that the act raises privacy questions, conflicts with federal law, and undermines contract rights.”

(Something else to keep in mind is that when faced with grieving widows, companies have been known to bend the rules regarding access to digital assets, leading some to speculate that this will prove to be a fruitful avenue for social engineering, until companies catch on. “I’ve been involved in social engineering,” Andrew Kalat, a friend of the Hamelins who helped the widow deal with the aftermath, told O’Neill. “When I saw how willing companies with little or no planning for death were to bend the rules, I thought, ‘Wow, this is a powerful technique.’”)

The Internet abhors a vacuum, so startups have been springing up to deal with the issue. The Digital Beyond, for example, considers itself, “the go-to source for archival, cultural, legal and technical insights to help you predict and plan for the future of your online content.” While not a service itself, it does maintain a list of more than 50 services intended to help manage and control online content after the death of the owner. Other sites on the topic include Digital Passing, Everplans, and Planned Departure.

Kalat recommends setting up a “legacy drawer” with signon and account information, and actually swapping roles between spouses for a month every year so that everyone becomes familiar with everything.

That said, there may be …things… you don’t want your heirs to find. If you don’t want your kids screaming, “My eyes! My eyes!”, there are provisions for that, too. Some services offer “account incineration,” writes Rob Walker in the New York Times. “If you don’t want your heirs figuring out that you had a secret Tumblog clogged with pictures of Natalie Portman, maybe you should just arrange for it to be ‘incinerated,’” he suggests.

Some services are setting up procedures to deal with a person’s online accounts. Google, for example, offers Inactive Account Manager, a one-stop shop for all Google services that can alert people, pass on information, or wipe your account should you not log in after a certain (configurable) period. Facebook lets you set up a “legacy contact” to control your Facebook account after you die.

One way or another, the Internet will need to deal with the issue, because demographics are not in its favor. “By 2050 more than half of the Internet’s users will be dead,” writes Cory Doctorow in Locus. “That is, of all the accounts ever created by Internet users, more than half will have been created by people who have since died.”

1  Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.
  • CslegalTech
    I keep a spreadsheet with all the logins and passwords for all the sites for our business and my personal just in case (not to mention that I can't remember them myself). I use lastpass and have included the master password for that on my spreadsheet as well. It is difficult to keep it up to date, but I do try for this very reason.
    10 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: