Identity Theft Safeguard

Your death, and your information dots on the Web: what will happen to your digital identity after you die?

If you are reading this, chances are that you have some kind digital identity*. How many email addresses do you have? Do you have Facebook and Twitter accounts? Flickr, LinkedIn, MySpace, Spotify…? Do you have your own blog/s, too?

If you have one or more of the above, have you considered what will happen to all this digital information about you when you die?Because, let’s face it, we will all die sooner or later. And if you do nothing about it, the little digital information dots that we leave around the Web will stay there, as long as the Web exists. Who will inherit your digital estate? How would you like them to manage and distribute it?

The EndThe End

This might sound frivolous and irrelevant when one is faced with illness and the end of one’s life. In fact, some studies have reported that an8% of people are not concerned about this at all. However, the vast majority of Web users have given it some thought, although only a minority (13%) have acted on it. Some people now choose to include this in their will. There are also companies that offer services such as storing all your passwords and relevant data, and passing it on to your loved ones following your instructions. In other words, they offer tomanage and distribute your digital estate after you die. Needless to say, there are enormous ethical and practical issues regarding this. For instance: how can you know that the company you chose to do that will actually still be in business when you die? And what happens if the company servers get hacked?

Digital technologies have brought us joy and knowledge, but with this have come some challenges attached. This blog entry has no solutions to offer, but hopefully it will raise awareness and give you a starting point to gently start thinking about your digital legacy.

Think of the value of your digital dots. Consider including this in your will. Talk to your loved ones about it. 

*Please note this post refers only to digital identity on the Web. It does not deal with digital information you may have in your computer/s or other devices.

The Walking Dead: How To Virtually Kill Someone In Five Easy Steps

The Walking Dead: How To Virtually Kill Someone In Five Easy Steps

The internet is widely known to be misused to commit identity theft, vandalism, blackmail, revenge porn and worse. Imagine if revenge-seekers and other criminals were also able to terminate your digital identity entirely and abscond with all of your resources? Has your wife or girlfriend cheated on you? Revenge is yours. Terminate her (and/or her paramour’s) digital existence and collect the ill-gotten gains. Duped by a business partner? No problem. Digitally kill him and/or her and collect from the walking dead’s assets that which you think should have been yours.

It is far more advantageous to digitally off someone than it is to steal their identity. Digital murder is harder to trace than is identity theft. With a digital virtual death, it is also is easier to quickly cash in on the misdeed and disappear, before the victim even knows what has happened. Digital suicide is also an expedient fix to your self-imposed problems. Virtually kill yourself. Escape prosecutors and debt collectors; enjoy your life insurance while you are alive.

These are the types of real-life, frighteningly easy scenarios laid bare by professional “hacker” Chris Rock, Chief Executive Officer of Kustodian Pty Ltd at DEF CON® 23 in Las Vegas earlier this month. Rock’s presentation, entitled I WILL KILL YOU, was attended by nearly 3,000 conference attendees and was based on his book. In his book and presentation Rock details the system he created to virtually kill someone and collect their assets. This article is a how-to, of sorts, based on his presentation and book.

The global digital death registration security chasm

In his session Rock explained how, by exploiting a flaw in the various individual global death registration systems, he was able to fraudulently create real, legally enforceable death records. His research confirmed flaws in the systems of numerous jurisdictions, including in the United States, Australia, Canada and several European countries. Rock also found weaknesses in the processes to produce, register and probate wills, enabling him to become surrogate beneficiary to these now legally dead but not literally dead persons. To put it as sharply as Rock, “this is a global problem. . .a fuck up.”

Rock’s offensive depiction of these flaws underscores his intent to expose them so they can be corrected. His goal is to bring attention to the global systemic weaknesses in the death records that enable criminals to easily take your, mine, and anyone else’s life (virtually) and assets (literally). What’s yours (mine and/or ours) are the criminals’, by their merely knowing the tricks to logging in and filling out the right forms.

As Rock points out in his speech and book, exposing the weaknesses in dramatic detail is the only hope that these weaknesses will be noticed and fixed. Rock said (in an @_Kustodian_ Twitter post), “[The] main reason hackers don’t disclose vulnerabilities to stake holders is because generally nobody wants to hear it.” Shortly after Rock’s revealing the weaknesses in the systems in detailed, dramatic fashion, one authority (Victorian Registry of Births, Deaths and Marriages) said in a statement that “[it] is always seeking ways to improve the security and timeliness of registration information for the benefit of the [its] community.” Rock’s explicit exposure of these weaknesses is already having positive effect.

Hacking death: no computer skills or experience necessary

The system Rock outlines for erasing someone’s (or your own) digital existence does not require any advanced computer skills and therefore does not technically, in the computer security sense , exploit a “vulnerability”. The simplicity of the system, and the fact that these hacks require no specialized technical skills, mean that a many more people are technically capable of utilizing the weaknesses to gain illegal access than would be able to exploit a more advanced computer or network security “vulnerability”. For that reason, it is imperative that authorities check their systems for weaknesses and fix any that are found.


Once in possession of a valid certificate of death and a fully-probated will (2-3 weeks after filing for probate), you can immediately begin liquidating the victim’s assets in your favor, for example settle life insurance and pension claims, transfer property titles, as well as apply for other death benefits.

Now what?

It is now incumbent upon individuals to more closely police their financial and other records. Rebecca Herold, an information privacy, security and compliance expert, suggests requesting a credit report (at least as often as the three per year that are available for free in the U.S.) for yourself, your children and any related deceased persons, rotating a different credit reporting agency (CRA) each time. She also recommends considering using an online reputation management service for you, your children, and any other family members (alive and deceased) to identify if their information is being fraudulently used. Finally, she recommends speaking to your doctors about these systemic weaknesses to alert them of the potential for fraud in vital registry systems. Note that the public versions of death record systems such as the Social Security Death Master File that feed into searchable databases such as the Database of the Dead are not updated sufficiently often (in the case of the DMF, every three years) to be of much immediate use in checking for fraudulent death records.

It is now also long past time for authorities to begin tightening the security of the systems through which deaths are registered and legal entitlements to estate assets are transferred.

DEF CON® just released the video of Rock’s presentation, so you can fill in the details directly from the source, and/or buy his book here.

With Rock’s DEF CON® presentation and its open availability online as well as the publication of his book, the large potential for misuse of the system and the extensive potential harm resulting from that misuse is now disclosed and can be addressed by policymakers. These stark revelations also put the public on actionable notice and enable it to be more vigilent.

It should be noted that Rock’s book also contains extensive detail about the analogous weaknesses in global birth records and the extensive potential for their criminal exploitation. The full title is The Baby Harvest: How virtual babies became the future of terrorist financing and money laundering.

Permissions have been given for all excerpts contained in this article and image.

Texts from the dead: Post-mortem digital communication has arrived

Is Digital Life Eternal?

Is Digital Life Eternal?

Recently Jerry and I were featured in an article about what happens to digital assets after we die. Orlando Sentinel writer Kate Santich was reporting on Florida State Sen. Dorothy Hukill’s proposed legislation to deal with digital life after death.

Click here to read the article and see the video online; click here to see a pdf version of the article if the online version has been archived.

We think the real question is broader: What happens to your digital property or digital identity if you can’t manage it yourself for any reason, not just after death?

Think about it:

  • You could experience a short- or long-term illness or disability that prevents you from accessing your social media and other online accounts. According to theCouncil for Disability Awareness, over 1 in 4 of today’s 20-year-olds will become disabled before they retire.
  • You may want to take an extended vacation and not worry about your online identity during that time (I know, that’s probably unlikely for most of us, but I’m sure it happens).
  • An accident or some type of disaster could leave you unable to get online for a variety of reasons, including physical injuries or infrastructure damage.

This is about more than your Facebook, Twitter or other social media accounts — although those are important, especially if you depend on them for professional networking. And it’s about more than your online banking and bill paying services.

Consider what might happen to your PayPal and other online payment services accounts that you use to both send and receive funds, your blog or website if you have one, business activities hosted on third-party sites such as eBay, your various rewards programs and even your email.

Sharing log-in information and passwords with someone you trust is a good first step but not a total solution. In the Sentinel article, Sen. Hukill points out that the fine print of user agreements often prohibits access to accounts by anyone except the original user, even if you have the password.

Beyond basic access is the question of what to do with the digital property. Of course, that will vary widely depending on the type of account and its value. But it’s a decision you should make for yourself rather than leaving it to others.

There is no one-size-fits-all solution, and the solution you find today might not be sufficient a few years from now as technology continues to evolve. But it’s worth taking some time now to make sure your virtual identity is protected in the present and in your afterlife.

Death in the digital age: What to do to protect the deceased from identity theft

Death in the digital age: What to do to protect the deceased from identity theft

 According to Pew Internet and American Life Project, 73% of online adults use social media. But what do you do when a family member or friend on these sites passes away?
According to Pew Internet and American Life Project, 73% of online adults use social media. But what do you do when a family member or friend on these sites passes away?
Julie Myhre, Editor

The UpTake: According to Pew Internet and American Life Project, 73 percent of online adults use social media. When a family member or friend who used social media passes away, how do you protect identities and life from identity theft?

In this Digital Age, more and more people are connecting on social media. As of May 2013, 72 percent of online adults use social networking sites, according toPew Internet and American Life Project. The unfortunate aspect of so many people using social media is that when one of our friends or family members dies, we are forced to not only deal with their identity — in terms of their personal information — but also with their digital identity.

Family members and friends question if they should take down the loved one’s social media or leave it as a memorial for people to leave comments and reflect. Technically there is no right decision to make in this difficult situation, yet family members and friends need to consider that if they leave the profile online, then they might be putting their loved one’s identity at risk. This is mostly because of constantly changing privacy rules for all of the major social media websites.

If the family members or friends do decide to delete the digital identity of their loved one, then here are some tips on how to request the removal of the deceased’s account.

Facebook:This social network’s policy is to memorialize the account of a deceased person, however it understands that some people want to delete the deceased person’s account. To memorialize an account, simply contact Facebook, provide proof of death and request for the account to be memorialized. To delete an account on Facebook, you’ll need to fill out thisonline formas well as provide proof that you’re related to the deceased. Facebook considers appropriate proof to be a death certificate, the deceased person’s birth certificate or proof of authority.

Twitter:Unlike Facebook, Twitter’s policy is to deactivate the account of the deceased. In order to complete this you’ll need to mail Twitter a packet of information, including the username of the deceased user’s Twitter account, a copy of the deceased user’s death certificate and a copy of your government-issued ID.

On top of the copies of the official documents, Twitter also requires you to mail or fax the company a signed statement that includes your first and last name, your email address, your contact information, your relationship to the deceased person, written request to deactivate the account and a description of the details that show the account belongs to the deceased — if the account has a different name than the death certificate. You can also include a link to the online obituary, however adding this is not required. Once you’ve collected all of the information, mail or fax it to:

Twitter, Inc.
c/o: Trust & Safety
1355 Market St., Suite 900
San Francisco, CA 94103
Fax : 1-415-865-5405

After you’ve mailed or faxed all of the required documentation, a representative of Twitter will contact you to complete the deactivation process.

Instagram:This social networking website requires you to send an email to with the details of the person’s account. A representative from the company will then email you back and include the steps and documentation that you need to remove the account.

LinkedIn:Similar to Facebook, LinkedIn prefers to have you fill out anonline form, which asks for information such as the deceased member’s name, deceased member’s email address, the name of the company they recently worked for, your relationship to the deceased person and a link to the deceased person’s email address. Once you complete the form, a LinkedIn representative should contact you.

Pinterest:This site requires you to fill out anonline contact formand explain that you’d like to deactivate the page of a deceased person. In the “body” of the contact form, you should include a link to the deceased person’s Pinterest page or their Pinterest username. It’s also important to note that once you’re contacted by a Pinterest representative, you’ll need to provide some sort of supporting documentation, such as an obituary or copy of the death certificate.

Tumblr:Similar to Instagram, Tumblr requires you to send an email to requesting to remove the account of the deceased person. Be sure to include a link to the deceased person’s Tumblr or their Tumblr username. You’ll then work with a Tumblr representative to prove the person is deceased — with appropriate documentation — and complete the process of removing the account.

Since all of these companies haveprivacy policiesthat forbid them from giving out the account information — such as username and password — it’s best if you, as a living person, write down the usernames and passwords for your social media accounts and keep them in a safe place. This way, your family and friends won’t have to go through the stress of contacting each of the social networking websites to have your account removed because they’ll instead be able to go into the account and deactivate or remove it themselves.