What happens to our data when we die? Elaine Kasket on a digital dilemma

What happens to our data when we die? Elaine Kasket on a digital dilemma

What happens to our data when we die? Elaine Kasket on a digital dilemma

Click here to view original web page at What happens to our data when we die? Elaine Kasket on a digital dilemma

Elaine Kasket.
‘Under contract law, privacy ceases on the point of death’: Elaine Kasket. Photograph: Antonio Olmos/The Observer

Elaine Kasket is a counselling psychologist based in London. Her first book, All the Ghosts in the Machine: Illusions of Immortality in the Digital Age, examines the ethical and technical issues surrounding our data when we die.

If I were to fall under a bus tomorrow, what would happen to my Gmail and Facebook accounts?
Under contract law, privacy ceases on the point of death. But what’s interesting about this area is that big tech treats the erstwhile account holder and their data almost with the same contractual reverence as they would when this person was alive. So they end up privileging that concept over the needs, requests and wishes of the next of kin.

But that’s not what relatives expect; they would assume to inherit data much like they would shoeboxes of letters, photographs and so on.
Exactly. In the UK laws of succession, the two tests are tangibility and value. So if something’s tangible, even if it has no value, you can execute it in a will. Or it will automatically pass to the next of kin if the estate goes to them. So people assume the digital stuff is going to obey the same rules, but it doesn’t.

Generally speaking, what’s the social media company response to relatives’ requests for access to their deceased’s accounts?
Something along the lines of: “We’d love to be able to help you with this but we’re not able to.” They say they are protecting the (technically nonexistent) right of privacy of the deceased. You could call it agency laundering.

Occasionally this attitude has been challenged in court…
One of the most ridiculous cases was where Hollie Gazzard was murdered by an ex-boyfriend. Her Facebook account contained photographs of her with her killer. Facebook told the family that they needed to protect Holly’s privacy by not allowing them to selectively edit her profile.

Hasn’t Facebook recently tried to address some of these problems?
Earlier this month it announced it will be using artificial intelligence to stop profiles from sending out troubling things such as birthday reminders and so on. But for every person who’s upset by a reminder there could be another family member who would mourn their loss. Because the thing is, grief is idiosyncratic. There is no rule book for grief. And if there were one, a profit-driven company, such as Facebook, shouldn’t be writing it.

Facebook’s business model is to collect data to encourage people to buy things. Dead people aren’t consumers. What’s the business case for maintaining memorial accounts?
There are several things. The only reason some people stay on Facebook is that there are memorials for people who are dear to them. And once you deactivate your account, the deceased user is no longer able to re-add you – you are locked out of the cemetery.
Another reason is that even if the person is no longer available to buy something, their data can still be analysed and be valuable to a company for a number of purposes.
They used to cull the accounts of deceased users, but there was user backlash from that. Ultimately, automatic profile retention is the least resource-heavy thing to do.

At some point there will be more dead Facebook accounts than live ones.
The Oxford Internet Institute recently predicted there could be 2bn dead Facebook accounts by the end of the century.

That’s a lot of data…
Although we’re doubling what we can store every couple of years, it’s not, like infinite – and our devices capture more and more stuff by default. That surplus data, either with the aid of artificial intelligence or human decision making will be jettisoned, and big tech will be making those decisions.

Meanwhile, people have to act like hackers to gain access to their relatives’ accounts
They are forced to break the law. They are impersonating people, using other people’s passwords… but we let it slide, because what else can you do? I’m not sure if I’m happy to leave someone a set of my passwords; they might find things that were important, but they would have access to everything else. Even if one isn’t harbouring toxic secrets, that’s still quite a thing.

Belief in the afterlife is strengthened by the sense that the dead are remaining socially influential via the internet.

Like people, social networking sites, such as MySpace or Friendster, also die…
The Marie Kondo idea that you should be storing all your books, photographs and music in the cloud, so we have nice clean shelves, is great. But just be aware that your grandchildren might know nothing about you – unless someone is taking the time to think: that platform is becoming obsolete, let’s make sure we download an archive. Companies aren’t going to do this for you; they’re not humanitarians, they are profit-based companies. Look at the history of computing: coding changes, hardware changes, software changes. Your data won’t survive. Moreover, you can’t bequeath your collections of music or books – all you’ve done is purchased a user licence agreement limited by your lifespan. The music isn’t yours; what you have is permission to listen.

Have social media changed how we mourn?
It makes the deceased much more present. The industrial revolution, with its hospitals and suburban cemeteries, enabled us to keep death at arm’s length. But the internet is tailor-made for continuing bonds; it makes it exceptionally easy, because the dead live in tech already. There’s dead people’s data everywhere: their Amazon reviews, their Trip Advisor recommendations. You may encounter something that influences you and have no idea whether it is authored by a dead or a live person. The dead remain socially active in a way that is unprecedented. They are undifferentiated, ambiguously there.

You write about people who leave messages on memorial pages who often talk about “getting through” to the deceased…
The sociologist Tony Walter describes how the internet is a particularly amenable place for angels. Historically, angels were messengers between heaven and Earth, but now they inhabit the ether where we can readily access them. Lots of nonreligious people have a belief in the afterlife, and this is strengthened by the sense that the dead are remaining socially influential via the internet.

An idea explored by Black Mirror and others is that we could one day be able to upload the contents of our brain or our consciousness to the cloud and create a hologram or virtual version of ourselves, which people could continue to interact with. Is this wise?
I find it faintly narcissistic. These people are dealing with their own terror of not being alive. They assume people would still like to hear from them when they are dead! Moreover, you may well run into some of the same problems of digital legacy: the platforms need updating, the code ceases to work, and so on.

What’s the bare minimum you’d advise people to do?
It’s a good idea to clean your digital house frequently. If nothing else, you don’t want relatives buried under a hundredweight of undifferentiated data with no sense of what is important to you. The default is to become a digital extreme hoarder, with data up to the rafters. The things which are really important to you, the artefacts you want to pass on to future generations, put them in a physical form. You cannot trust corporations to safeguard your data.

 All the Ghosts in the Machine: Illusions of Immortality in the Digital Age is published by Little, Brown (£14.99). To order a copy go to guardianbookshop.com or call 0330 333 6846. Free UK p&p over £15, online orders only. Phone orders min p&p of £1.99

How to settle your loved one’s digital estate

How to settle your loved one’s digital estate

How to settle your loved one’s digital estate

Click here to view original web page at How to settle your loved one’s digital estate

digital estate

Settling the estate of a deceased family member has long been a taxing and emotional process. Among other things, we have personal possessions to sort through, probate court to visit, assets to distribute, and agencies to notify.

As our lives become more and more connected online, we increasingly need to also consider what to do with the digital estate, the online accounts of our dearly departed, many of which hold photos and personal memories, as well as sensitive financial information.

“Most people know it’s something they should think about, but not a lot of people actually have a plan in place that specifies how they want their digital assets handled,” says Alison Besunder, principal attorney of Arden Besunder, a New York law firm that focuses on estate planning and intellectual property.

People who have created a digital will—which can denote anything from whether a Facebook account should be deleted or memorialized, to how to download photos from a cloud service—make the process much easier for executors.

Alas, a majority of people who die today haven’t set up a digital will or anything like it.

“Many people do nothing with a decedent’s online accounts because they don’t know where to begin,” Besunder says. But inaction can be problematic. Accounts left dormant are susceptible to fraud, she says, because no one is necessarily monitoring them for suspicious activity.

Many social-media companies and email providers have services to help executors settle a decedent’s digital estate, and some have services to help users prepare for their own death. Here’s an overview of services some of the top providers offer to deal with death—and how to use them.

Amazon

Amazon does not appear to have an automated process to close a deceased user’s account. Read more about its account closure policies.

Apple

To close a deceased user’s Apple ID, contact Apple Support. You will be required to provide the user’s Apple ID, email address, and death certificate.

Facebook

To permanently close a deceased person’s account, you must submit a special request. You’ll need the deceased person’s birth certificate, death certificate, and proof of authority under local law that you are the representative of the deceased person or their estate.

The form includes an option to memorialize the account. In a memorialized Facebook account, the content they shared will remain visible according to their privacy settings, and friends can continue to share memories after the person has passed away. Living individuals can proactively appoint a legacy contact to manage their account once they’re no longer able to.

Google

To submit a request to close a deceased user’s Google account, fill out this form. You’ll need to verify whether you’re a relative or legal representative, and present the deceased’s death certificate and additional documents that may be helpful. Google will not provide anyone with passwords or other log-in details, regardless of their relation to the user.

Google users preparing for their own death can use its Inactive Account Manager feature to share parts of their account data, appoint a trusted contact, and notify someone if their account has been inactive for a certain period of time.

Instagram

Instagram, owned by Facebook, provides two options for a deceased user’s account: Remove it, or memorialize it. Verified immediate family members may request the removal (read: closing) of the account. You’ll need to submit proof that you’re an immediate family member, along with the deceased’s birth and death certificates.

To memorialize the account, complete this form, which requires the same information as removing an account. When an Instagram account is memorialized, no one is allowed to log in, but the posts that the deceased shared are visible, according to the deceased’s privacy settings, and the account won’t appear in public spaces, such as Instagram’s Explore section.

LinkedIn

Complete this form to request the closing of a deceased LinkedIn user’s profile. You’ll need to submit information that includes your loved one’s LinkedIn profile URL, the date of death, a link to an obituary, the company at which he or she most recently worked, email addresses associated with the account, and any other attachments or information that may be helpful to process the report.

Snapchat

Snap does not currently offer any way to close a decedent’s account.

To request the closing of a deceased person’s Twitter account, start here. Twitter will email you with instructions to provide more details, including information about the deceased, a copy of your ID, and a copy of the deceased’s death certificate.

In closing accounts of deceased account holders, Twitter will work with only verified immediate family members or those authorized to act on behalf of the estate. The company says it will not grant anyone account access, regardless of their relationship to the deceased.

Yahoo

To process the closure of a Yahoo account, the company requires that you mail a letter containing the deceased user’s Yahoo ID, a copy of a document appointing you as the personal representative or executor of the estate, and a copy of the deceased’s death certificate. Mail this information to:

Concierge Executive Escalations

Yahoo Inc.

5250 NE Elam Young Parkway

Hillsboro, OR 07124

Yahoo owns Flickr and Tumblr, though it’s unclear whether those sites have different policies.

What happens to your online accounts when you die?

What happens to your online accounts when you die?

BSides Manchester What happens to the numerous user logins you’ve accumulated after you die or become too infirm to manipulate a keyboard?

Some people have a plan, the digital equivalent of living will, or have chosen “family” option in a password management package such as LastPass or have entrusted a book of passwords to a family member.

But the consequences of doing nothing are not as neutral as some might expect and were spelled out during an informative presentation by Chris Boyd of Malwarebyes at BSides in Manchester on Thursday. The presentation, cheerily titled “The digital entropy of death”, covered what could happen to your carefully curated online presence after you log off.

Chris Boyd at BSides - Pic by John Leyden
The dormant accounts of the deceased can be abused, warns Malwarebytes’ Chris Boyd. Pic: John Leyden

Miscreants are already targeting obviously abandoned profiles. Boyd explained that in some cases it’s easier for fraudsters to gain hold of these accounts than the account-holders’ relatives, because crooks know the systems better and controls – although present – are often deeply embedded on the sites such as Facebook, Twitter et al.

Alongside regular postings asking for help on Facebook due to compromise of dead people’s logins (examples here and here) there’s also the problem of “cloning”.

“Facebook users have reported receiving friend requests from accounts associated with dead friends and family members,” The Independent reports. “Such requests appear to be the result of cloning or hacking scams that see criminals try [to] add people on the site, and then use that friendship as a way of stealing money from them or running other cons.”

Social media accounts are, of course, just the tip of the iceberg. Most people these days run 100+ accounts, as figures from password management software apps show. These figures are only increasing over time. Some sites are managing the inevitability of their users shuffling off this mortal coil with features designed to deactivate accounts after months of inactivity or other features, Boyd explained in a recent blog post:

Many sites now offer a way for relatives and executors to memorialise, or just delete, an account. In other circumstances, services would rather you ‘self-manage’ and plan ahead for your own demise (cheerful!) by setting a ticking timer. If the account is inactive for the specified length of time, then into the great digital ether it goes.

While a lot of services don’t openly advertise what to do in the event of a death on their website, they will give advice should you contact them, whether social network, email service, or web host. When there’s no option available, though, people will forge their own path and take care of their so-called ‘digital estate planning’ themselves.

Users would be ill-advised to leave everything to their next of kin. “Do some pre-handover diligence, and take some time to ensure everything is locked down tight,” Boyd explained. “If there’s anything hugely important you need them to know, tell them in advance.”

People may have bought digital purchases tied to certain platforms. Games on Steam, or music on iTunes or Spotify.

“Legally, when you go, so do your files (in as much as anything you can’t download and keep locally is gone forever),” Boyd explained. “That’s because you’re buying into a licence to use a thing, as opposed to buying the thing itself.”

Here’s a video of his presentation, if you want to see more…

There’s nothing stopping someone from passing on a login to a family member so they can continue to make use of all the purchased content, at least for now. Boyd predicted that at some point, all of our digital accounts tied to financial purchases will have some sort of average human lifespan timer attached to them.

Millennials mark the first generation not to know life before an always-on, everywhere internet, which will become the norm from now on. “Younger generations absolutely will demand reforms to the way we think about digital content, ownership, and inheritance,” Boyd concluded. ®

As well as the inevitable rise and fall of social media site (e.g. MySpace), and web 2.0 services there is also the issue of link rot, the phenomenon of more and more URLs not working over time. This issue is covered by Boyd in another recent blog post here.

The digital entropy of death: what happens to your online accounts when you die

The digital entropy of death: what happens to your online accounts when you die

Unless you’re planning on having your mind jammed inside some sort of computer chip, eventually mortality will catch up and you’re going to have to work out what you’ll do with all of your online accounts. When it’s time to shuffle off this mortal coil, you might, theoretically, be slightly annoyed if someone is using your dormant accounts to spam viagra or fake Twitter apps. The sad reality is, when we go, we leave behind a potentially terrifying amount of accounts lying around in the digital ether, and not all of them may be as secure as one would like.

Even if they’re locked down with multiple security steps, someone could break into a database and pilfer insecure information from the back end. We have the very odd situation of there being a digital zombie sleeper army, ready and willing to come back and cause all sorts of security/spam issues worldwide.

Is there anything we can do about it? Can relatives ensure we don’t come back as some sort of bizarre cyber-horror? Do websites and services have any process in place for this strange new world of accounts that are, to coin a phrase, just taking a nap?

Surprisingly, help is at hand more often than not. First, though, we need to have a think about some sort of tally.

There’s (not) security in numbers

Passwords are a great way to gauge how many accounts we have personally. Check out any number of “How many accounts do we have” articles going back several years. Very handy! An unintended side effect of said articles and their number crunching is that we can also use that data to try and map out the kind of problem we may be facing with orphaned accounts. The average UK consumer alone has something like 188 online accounts, and that figure is from 2015—no doubt the number continues to rise as every aspect of our lives winds its way online.

Speaking of number crunching: 151,000 people die every day. Something like 55 million people die every year. Even if just 10 percent of the 500,000 people who die in the UK annually had 188 accounts each, that’d still be 94 million accounts suddenly abandoned—more than enough to cause a spot of bother. Then throw in the accounts of the recently deceased from around the world, and the numbers are suddenly a bit panic-inducing.

I’d be surprised if scammers don’t set aside a little time for targeting obviously abandoned profiles. Aside from regular postings asking for help on Facebook due to compromise of dead people’s logins [1], [2], there’s also the problem of “cloning.” Once you start poking around this subject, problems are everywhere.

Setting the tripwires

Of course, there are a fair few security-centric things we can do now to ensure we make it as hard as possible for those going on a spot of dormant hunting. Multi-factor authentication, password managers, good browsing practices, blockers, security tools…in short, everything you’re hopefully doing by default anyway. It’ll all help to keep your accounts in lockdown when the time comes that you no longer require them.

Additionally, not all services will be around forever—the endless churn of the web will see to that. Today’s social network is tomorrow’s “bought out and turned into something for delivering pizzas by taxi.” One can assume a large portion of all but the biggest accounts you have will, eventually, crash and burn. Not good for them, not good for people using the service, but definitely good for anyone no longer fussed about the paradigm shift in pizzas and taxis.

As time has passed, digital providers have realised they need to start offering some options for relatives of the recently deceased—one can’t assume everyone knows their security stuff, and many relatives would be hugely distressed to see accounts of a dead relative tweeting about healthcare plans or posting movie promos to Instagram.

Many sites now offer a way for relatives and executors to memorialise, or just delete, an account. In other circumstances, services would rather you ” self-manage” and plan ahead for your own demise (cheerful!) by setting a ticking timer. If the account is inactive for the specified length of time, then into the great digital ether it goes. These are useful options to have available.

While a lot of services don’t openly advertise what to do in the event of a death on their website, they will give advice should you contact them, whether social network, email service, or web host. When there’s no option available, though, people will forge their own path and take care of their so-called “digital estate planning” themselves.

The D.I.Y. approach

What do you do if the visible services your loved ones used don’t do the whole “death resolution” thing? Worse, how do you even know about the potentially hundreds of logins they have sitting around elsewhere? Sure, you might know about the really obvious ones but people don’t typically draw up a list of the weird, wonderful (and possibly not wonderful) services they used and hand it to their next of kin.

What we are seeing is people making use of password managers in ways other than having a convenient and secure login to services; they’re also creating back up accounts for their digital departure. In these situations, a fully fleshed out password manager, containing all of a person’s logins, has its access stored in a secure place and given to a close relative. Of course, the relative receiving this digital treasure trove is going to be extremely trusted—they probably don’t want to hand it to that crazy uncle who shouts at family gatherings.

The manner in which they hand over the password manager account is incredibly important, too. Is it a physical thing? A login written on paper? Something digital? Is it secure? Maybe it’s a hard drive. Is it encrypted? How will it be updated with new logins/ changes to passwords? Does the relative live nearby if it’s physical? If they live far away, would something purely online make more sense?

These are all important questions that need to be thrashed out long before handing account information over, and it’s probably a bit much to put the onus on the recipient to start bolting security gates you may have left wide open. Do some pre-handover diligence, and make some time to ensure everything is locked down tight. If there’s anything hugely important you need them to know, tell them in advance—don’t hand over a hard drive and ask them why they didn’t make a backup two months after the thing has fallen into the bathtub.

Digital family heirlooms

That’s the grim stuff out of the way. What happens to accounts you’ve invested a ton of money in? You may have bought a lot of digital purchases tied to certain platforms. Games on Steam, or music on iTunes or Spotify—they’re all tied to specific logins in your name. When you die, what happens to the purchases? In the real world, you end up with a ton of dusty boxes. Online? Those “boxes” will be taken away from you.

In an ideal scenario, you could nominate someone to take over a digital account and they’d inherit the purchases. But legally, when you go, so do your files (in as much as anything you can’t download and keep locally is gone forever.) That’s because you’re buying into a license to use a thing, as opposed to buying the thing itself. I did have a whole pile of text for this bit, but as it turns out, the ground has already been thoroughly covered.

Logan’s (video game) Run

Logan’s Run, the sci-fi movie from 1976 where everyone has a timer ticking down till they hit the age of 30, is weirdly relevant to this discussion because ticking timers are most definitely going to be a thing. See, there’s nothing stopping someone from passing on a login to a family member so they can continue to make use of all the purchased content. The platform owners are never going to know about it. However, as those wheels of time continue to crank, at some point somebody is going to wonder why Steve McHuman is still playing games at the ripe old age of 123.

This is why I predict that at some point, all of our digital accounts tied to financial purchases will have some sort of average human lifespan timer attached to them. The moment it wanders past 100 or so years? Poof, gone. I mean, this is better than being chased down by a Sandman once you hit 30, but it does mean your digital purchases will almost certainly expire at a later date—and that’s assuming the services of today are even around in 100 years time.

Many are the grim ways that lead to his cybercave: all dismal

Well, not quite so dismal. Sorry, Milton. We’re in a bit of an odd situation at the moment, as we’re now well into the point in history where we have the last generation to know life before 24/7 Internet. For many, being online is an absolutely crucial resource of existence. Meanwhile, Internet of Things technology ensures it continues to leap from behind a screen to the real world. We can’t escape it, no more than we can somehow skip around Milton’s cave, and the younger generations absolutely will demand reforms to the way we think about digital content, ownership, and inheritance.

I just hope I’m around to see it. And if I’m not? Please, don’t touch my stuff.

This is a Security Bloggers Network syndicated blog post authored by Christopher Boyd. Read the original post at: Malwarebytes Labs