In January 2015, security researcher and beloved, prolific geek Michael “Hackerjoe” Hamelin died in a head-on collision that also hospitalized his widow, Beth Hamelin.
Hackerjoe had not done anything to prepare for his unexpected death, and he had an exceptionally complex tangle of IT systems and obligations that no one else was prepared to run — or even rescue.
As the widowed Beth Hamelin recovered from her own injuries, she was faced with the task of untangling Michael Hamelin’s affairs, which ranged from the data needed to pay the household bills to the crypto-keys to access the family photographs and archives, to the authentication tokens and knowledge necessary to gracefully wind down the many hosting/IT businesses he ran without leaving his customers in the lurch.
Andrew Kalat — a close friend of the Hamelins and an IT expert himself — stepped in to help, booting Hamelin’s systems with “crash-carts,” begging companies like Apple, Facebook, Twitter and Goolge to let him recover Hamelin’s data, and trying (unsuccessfully) to recover the keys to unlock the Hamelin family’s personal memories. As of the time of the talk, all of the Hamelins’ photos were considered unrecoverable.
Kalat’s talk is a brilliant example of the premise that “we can’t make back doors than only good guys can get through.” When Hamelin hardened his systems against the attackers who might target him or his customers, he also hardened it against his loved ones.
That incident prompted me to create my own digital death plan, which, now that I think of it, is woefully out of date, and, having seen Kalat’s presentation, I realize is also inadequate.
I like Kalat’s proposal that once a year, couples should switch household roles, each paying the bills and taking care of the paperwork the other deals with, just to “stress test” your family’s preparedness for these terrible, unexpected calamities — to make your family a system that fails well, as well as working well.
Most hackers have a massive digital footprint: social media, servers at co-location sites, servers at home, overly-complicated IT infrastructure, and various other IT gear connected in crazy ways. What happens when one of us suddenly dies? How do our loved ones pick up the pieces, figure out all of our random IT crap that we’ve setup, and move forward? This talk explores the challenges, opportunities, and lessons learned as I aided in figure out the IT gear after the passing of a dear friend to the hacking community, HackerJoe, aka Michael Hamelin. I will share details of the challenges Michael’s widow and I faced, how we overcame them, and advice to better prepare your loved ones if you were to suddenly shake off the mortal coil…
Our readers were more than happy to answer them and to pose a few of their own in our first CBC Forum — a live hosted discussion where readers can talk about stories of national interest and the issues that arise from them. We’ll have a new topic every day — sometimes two.
Below you’ll find 10 of the best comments from readers during our discussion about the ownership of digital property after death, followed by the complete discussion in our live blog.
Many readers were happy to know Apple was being strict about privacy.
(Note that usernames are not necessarily the commenters’ names. Some comments have been altered slightly to correct spelling and to conform to CBC style.)
Tom Aaron: I don’t want anyone requesting my passwords and receiving them. Talk about opening up another level of scams — especially on the elderly.
Michael Tea: There should indeed be a process available to next of kin, but it should absolutely require opting-in from the account holder. It would be concerning if Apple and other technology firms provided access to all of your data after your death. They are private documents. I applaud Apple for being this firm about digital privacy. With that said, there needs to be an improvement in the way digital ownership is explained to older customers; it should have been made clear that the private account holder maintains ownership of their purchase history and data. Perhaps introduce a properly shared account with delegated access similar to financial accounts?
Voice_Of_Reason: I don’t disagree with Apple’s reluctance here. I’d rather have high security than lax controls over access. Online accounts and emails are incredibly sensitive — it isn’t just about games. Your account is often your entire identity. An email gives you access to almost everything you do online.
Others (a smaller group) took Apple to task.
Rational Voice: Why in the world should Apple require a court order when the transfer of real estate, pensions and other much more critical items have rational requirements. My bet is that this is purely a dollar-based move on Apple’s part. If you can’t hand it down then you can sell the same items (or bits/bytes) again. The article says they’re working on it, not that it has been resolved and this “generous” solution only came to be after the issue was brought to light on a national news source. As for the reset-the-device crowd — you’d still have lost access to everything he had stored after resetting.
CCGodin: I was fortunate that my husband left me a coded list of all of his, my and our children’s passwords. I refer to it often. I sometimes felt companies were insensitive. A spouse has a legal right to her husband’s property; Apple could be kinder.
Some readers raised interesting questions about what it means to “own” anything digitally.
Nepgear: When you buy something online, aren’t you basically renting a service? The company still owns everything, the games and services and all, and all you’ve done is buy the right to access them and specifically for yourself. The games and servers aren’t inherited by you since the deceased person didn’t buy them, and the licence never pertained to more than one user in the first place. Now, if it did pertain to multiple users, that’s a different issue. However, one can argue that the account was licensed to one user, but that user can then authorize access to another limited set of users.
Tim Smith: Software and online media have always been sold as you “having access to” but not “owning” the media. Maybe this is part of protecting the copyrights because owning it means you can alter it, etc. etc. but it’s a restriction consumers have never really understood. There will have to be a complete rewrite of copyright laws soon, I think, and we need to start taking into account the 21st century reality, instead of the 19th century when they were written.
Others noted that it matters what exactly is being accessed.
Jdev: There are two parts to this really:
Property rights. Digital assets are no different than any other sort of asset, they have value and must be transferable as part of the estate/will
Accounts and internet history. This is very different and engages privacy. Unless specifically granted access as part of the estate, all accounts should be deleted once any property is transferred out.
Unfortunately, very few, if any, companies have the ability to do this or the desire to make it part of their operating procedure, as it’s a logistical nightmare that requires expert staff who can tell the difference between phishing attempts and legitimate death certificates. It also bumps up their bottom line to have people re-purchase assets they’ve already purchased on a spouse’s account.
deemi: It seems that a lot of comments fixate on “passwords.” The client in question wanted access to apps/tools that were used in the household. This does not apply to the deceased person’s personal correspondence, search history, purchasing history, etc. It’s pretty clear that they were married, and shared a household (including computer apps and tools.) Restrict the personal data, allow access to the apps/tools.
Finally, some offered advice to keep others from facing a similar situation.
D. Rand Rowlands: Perhaps the will is out of date. I did mine three years ago, and they have a form requesting passwords to accounts and what should be done with each account. That said, common IT practice is to change accounts every three months if not more frequently, and you do not want to constantly update the will for that.
One solution is a password-keeper application to store all other passwords. If you don’t want it in the cloud, passwords can be stored offline as a Word file on a USB key which is only used to update the other accounts. The will can then list this password keeper account information.
Big hassle? You bet. It’s like keeping the spare key to your front door in a locked box buried under the gnome on the left as you approach the door and then keeping the key to the box in the cap of the garden light near the rose bush that died last summer. Damn, now I have to move the box.
News that Apple demanded a Victoria widow obtain a court order in order to retrieve her dead husband’s password is a good reminder to consider your digital assets when preparing or reviewing your estate plan, says Toronto trusts and estates lawyer Suzana Popovic-Montag.
According to the CBC, Apple initially demanded that 72-year-old Peggy Bush obtain a court order to retrieve her dead husband’s Apple ID.
Bush told CBC, “I thought it was ridiculous. I could get the pensions, I could get benefits, I could get all kinds of things from the federal government and the other government. But from Apple, I couldn’t even get a silly password. It’s nonsense.”
Bush’s daughter provided Apple with the serial numbers for the couple’s iPad and computer, her father’s will that left everything to his wife, and a notarized death certificate — but was told it wasn’t enough.
Apple has since backed off on requiring a court order, but the requirement to provide a will and death certificate is fairly common when someone is seeking account information such as passwords, says Popovic-Montag, managing partner of Hull & Hull LLP.
Technology has become so ingrained in our lives, that we may overlook our digital assets when preparing or reviewing estate plans.
“Technology plays a greater role in our everyday lives,” she tells AdvocateDaily.com. “We now use password-protected technology to pay our bills, communicate and socialize with others, store our photos and music, and to promote ourselves and our businesses.
“By using technology in these ways, we are constantly creating and amassing digital assets and therefore stand to leave behind a multitude of digital content when we die,” she says. “As a result, digital assets are quickly becoming an increasingly relevant consideration for estate planning purposes.”
There are fairly obvious digital assets, such as your email, online banking and social media accounts like Facebook, LinkedIn, Twitter and Instagram. But there are also point reward programs (Shoppers Optimum Points, Aeroplan/Air Miles), digital libraries such as iTunes, online sales accounts (Amazon, Etsy, eBay, Craigslist, Kijiji) and monthly account withdrawal authorizations (cellphone, utilities, memberships, subscriptions) that should be considered.
“Failing to plan for your digital assets can have consequences — for your loved ones and for your digital legacy,” says Popovic-Montag. “No right of survivorship currently exists for digital assets so your surviving loved ones are often faced with challenges when trying to access or delete online accounts, as was the case with this widow trying to obtain her deceased husband’s Apple ID.”
The problem, says Popovic-Montag, is legislation has not been able to keep up with technological advances. She says very few jurisdictions have rules with respect to the release of information required to access accounts to family members or friends, absent a court order.
“Different providers have developed different policies regarding what they allow and what they require in order to facilitate access to, or removal of, digital information stored,” she says. “Unless someone is aware of automatic bill payments/preauthorized debits, these may continue for months following death thereby depleting assets of the estate.”
By creating a digital estate plan, you can ensure your estate trustee knows your digital assets exist and how you would like them managed. Popovic-Montag says an easy way to do this is to create a password-protected spreadsheet that provides relevant information, such as:
a description of the assets;
the web addresses;
user IDs, passwords;
account numbers; and
any other relevant information or instructions.
Popovic-Montag says there are also online services that are designed to assist with storing passwords and relevant information, including, Assetlock, PasswordBox, SecureSafe and Deathswitch.
She says it’s best to appoint a digital estate trustee who is technologically savvy, can handle the responsibility, and is also a person you trust to handle your affairs. Let this person know what you would like done with your digital assets. For example, do you want your Facebook account memorialized or destroyed?
Many providers now have a means for their users to plan for their assets, grant access to a nominated individual for limited purposes and/or leave instructions regarding end-of-life wishes, she says, but there is no standard procedure or service offered by all.
Facebook, for example, introduced a feature called Legacy Contact, which lets users of the social network authorize another person to access or modify their account after they die. Google has Interactive Account Manager, which allows account holders to control how information will be dealt with after a prolonged period of inactivity. Meanwhile, Twitter will work with a person authorized to act on behalf of the estate or with a verified immediate family member of the deceased to have an account deactivated but will not provide access to the deceased’s account regardless of relationship.
Popovic-Montag says it’s important to keep in mind that not all jurisdictions will have the same services available.
“Some services offered in relation to digital-estate planning might be intended for, and only available, to users in the United States or another country,” she says.
Entrusting your money to a bank once seemed strange and risky. Similarly, entrusting all of your data to a company and letting its algorithms build a detailed model of you from it might seem to be an odd or even dangerous idea, but we’ll all soon take it for granted.
A decade from now, your personal model will be more indispensable than your smartphone, and the company that provides it may well be the world’s first trillion-dollar business. So it is time to start getting acquainted with our digital alter egos—and what they’ll mean for our lives.
Today, several different companies gather information about you and use machine-learning algorithms—computer programs that build models from data—to predict what you may want to buy and figure out how to sell stuff to you.
Privacy concerns aside, this poses two problems. First, companies have a conflict of interest: They want to serve you, but they also want to make money.
For example, Google predicts how likely you are to click on an ad to show you the most profitable ones. The choice also depends on the advertisers’ bids, but you’d probably rather just see the ads most relevant to you. Google co-founder Sergey Brin says that Google wants to be the third half of your brain, but nobody wants part of their brain constantly trying to show them ads.
The second problem is that a model of you derived from fragments of your data—Google’s model based on your searches, Amazon’s from your purchases and so on—can only ever have a very limited understanding of who you are and what you want. A single model assembled from all the data you’ve ever produced would be much more accurate: The more data, the better the model. For privacy reasons, you’d want the data and the model under your control, not a third party’s.
Soon enough, facing the fog of life without a good model to guide you will seem unendurable.
To solve both of these problems, we need a new kind of company that is to your data like your bank is to your money—storing it, keeping it safe and investing it on your behalf. For a subscription fee, such a firm would record your every interaction with the digital world, build and maintain a 360-degree model of you, and use it to negotiate with other people’s models.
No major technical obstacles would prevent doing this: The main requirement would be routing your interactions through what’s called a proxy server. If all your interactions with the digital world—through your smartphone, desktop computer or any other device—pass through a “middleman” computer in the cloud en route to their destination, the middleman can record them all.
The companies that now offer to consolidate all your data somewhere in the cloud are forerunners of tomorrow’s personal databanks. Once a firm has your data in one place, it can create a complete model of you using one of the major machine-learning techniques: inducing rules, mimicking the way neurons in the brain learn, simulating evolution, probabilistically weighing the evidence for different hypotheses or reasoning by analogy. Then you can go to town with your model, which you’d own and control like you do your money, rather than letting companies such as Apple, Google and Facebook FB -3.77 % fight for control of it.
With this in mind, here’s a future suggestion for LinkedIn: Add a “Find Me a Job” button. When you click it, your digital model would “interview” instantly for all the open positions that match your specifications, interacting at high speed with human-resources departments’ recruiting models. LinkedIn could then return a list of the most promising jobs for you.
While one copy of your model is doing this, another online alter ego could be looking for a car for you, exhaustively researching the options and haggling with the auto-dealer bots so you don’t have to.
At any moment, millions of copies of your model could roam the Internet, doing all the things you’d do if only you had the time. From these, your model selects the best few options for you to choose—then learns from what you decided, making the model more accurate the next time around.
To offset organizations’ data-gathering advantages, like-minded individuals will pool the data in their banks and use the models learned from that information.
As the models improve, their interactions will become increasingly like real-world ones—just millions of times faster and in silicon. Your model will go on a thousand digital dates with each of a thousand possible spouses and rank them by how well the dates went.
Tomorrow’s cyberspace will be a society of models, a vast parallel world that selects only the most promising things to try out in the real one—the new, global subconscious of the human race.
This will all probably happen in years, not decades. Apple’s Siri, Microsoft MSFT -0.90 % ’s Cortana and Google Now all include efforts to build complete models of you from the data captured by your smartphone, and they’re making rapid progress. Like a personal assistant, they try to help you accomplish your daily tasks, either in response to your commands (Siri) or on their own (Google Now). But to do that, they need to understand you, and they’ll use any data they can to do so—from the smartphone’s sensors to your emails and calendar.
The Web pages you see every day are already the result of complex interactions among the models that content providers, advertising networks and advertisers are deriving. Learning algorithms trade against one another in the stock market. Last May, a Hong Kong venture fund named Deep Knowledge Ventures appointed an algorithm to its board, voting on investment decisions alongside the five human directors, according to Business Insider.
Today’s models don’t yet interact with us: You can’t tell them they’re wrong or ask them questions. Machine-learning algorithms are black boxes that only computer scientists can open up. But that will change as more of us realize how important machine learning is and demand a say in how it occurs.
Eventually, your model will be like your best friend, but with infinitely more patience. What will you ask it? You might not like some of its answers, but that would be all the more reason to ponder them. Your model—your digital half—might even help you become a better person.
—Dr. Domingos is a professor of computer science at the University of Washington and the author of “The Master Algorithm: How the Quest for the Ultimate Learning Machine Will Remake Our World” (Basic Books).
Peggy Bush, a 72-year old Canadian woman whose husband died in August, was told by Apple that she needed to obtain a court order so that she could continue playing a card game app on the couple’s iPad device. The couple owned the iPad and used one Apple ID to purchase apps, including the card game app that Peggy enjoyed playing. She knew the password to access the iPad itself, but she didn’t know the password her husband used for the Apple ID associated with the iPad.
When the family contacted Apple to reset the Apple ID password, Apple told them a court order was required. However, it can be costly and time-consuming to obtain a court order. On the positive side, at least Apple will permit the family to reset the Apple ID password with a court order—some online service providers refuse to reset or reveal a user’s password after the user has died.
An excellent news report by Rosa Marchitelli of CBC News describes the family’s struggle with Apple’s customer service. Peggy’s daughter was quoted in the article saying, “What do you mean a court order? I said that was ridiculous, because we’ve been able to transfer the title to the house, we’ve been able to transfer the car, all these things, just using a notarized death certificate and the will.” Peggy was quoted in the news report as saying, “I could get the pensions, I could get the benefits, I could get all kinds of things from the federal government … [b]ut from Apple, I couldn’t even get a silly password. It’s nonsense.”
When CBC News contacted Apple to ask about its official policy for users seeking to reset Apple ID passwords or to obtain data of family members who have passed away, Apple told them it would not comment.
This is an excellent reminder of why it’s important to plan ahead for access to your digital property—passwords, online accounts, and electronically-stored information—in your estate plan. By planning ahead, you can arrange for full access to your digital property, keep administration costs down, and ensure that no valuable or significant digital property is overlooked.
Compared with traditional types of property, digital property may have four additional, significant obstacles for fiduciaries and family members to overcome: (1) passwords, (2) data encryption, (3) criminal laws regarding unauthorized access to computers, and (4) data privacy laws. These obstacles can make it practically impossible for fiduciaries and family members to access your digital property if you don’t plan ahead.
How should you plan ahead? First, make a list of your important passwords, online accounts, and digital property, and specify what should be done with each item on your list if you become incapacitated or after you die. Keep your list up to date, store it in a secure location, and let your fiduciaries and family members know how to access it. A “My Digital Audit” form to use for your list can be downloaded here: http://www.digitalpassing.com/digital-audit/
Second, if you store valuable or significant digital property in the cloud, back up your data to a local computer or local storage device on a regular basis. Fiduciaries and family members can access the local computer or local storage device without the obstacles that may prevent them from accessing your data stored in online accounts.
Third, work with an estate planning attorney to update your will, power of attorney, and revocable living trust to address digital property. Your estate planning documents should: (1) specify your wishes about the distribution of or deletion of your digital property; (2) provide your consent to divulge the contents of your electronic communications to your fiduciaries; (3) authorize your fiduciaries to access your computing devices, storage devices, accounts, and data; and (4) permit your fiduciaries to bypass, reset, or recover your passwords on your computing devices and to decrypt your encrypted data, if desired. But, don’t list your passwords in your will, power of attorney, or revocable living trust documents—that isn’t secure. Instead, store your passwords securely, and let your fiduciaries and family members know how to access them.