I Needed to Save My Mother’s Memories. I Hacked Her Phone.

I Needed to Save My Mother’s Memories. I Hacked Her Phone.

I Needed to Save My Mother’s Memories. I Hacked Her Phone.

Click here to view original web page at I Needed to Save My Mother’s Memories. I Hacked Her Phone.

Claire Merchlinsky

Several days after my mother died in a car accident, my two sisters and I sat together in her apartment, stunned and overwhelmed. High on our horrible to-do list — along with retrieving her smashed vehicle from the tow lot, making burial plans and meeting with the rabbi — was this: getting into her cellphone.

Everything we needed to get her affairs in order was on her phone. Her contacts would tell us who to reach out to about the memorial service. Her email would tell us whether she had made plans we needed to cancel. Her finance apps would tell us whether she had been paying bills electronically. And there would be personal information, too. Her texts to family and friends. Her notepad. Her photos. The e-book she had been reading on the flight home in the hours before the accident as she left the Tulsa International Airport.

Luckily, Mom had given me the passcode to her phone only a month before. When we felt ready, I turned on her iPhone in its pink plastic case and typed in the code.


I typed in the code a second time. Again, nothing. My sisters and I looked at one another. A tightness gripped my stomach as I realized that the code Mom had given me couldn’t possibly work: That code had contained four digits, and her phone was asking for six.

Six digits means one million possible combinations, and her phone would give us only 10 tries before Apple would erase all of her data. Her old passcode had been the last four digits of the phone number at our childhood home, which ended in a zero. We decided to add two zeros to the end and were so confident that we knew how Mom’s brain worked that I paused dramatically before I tapped in the final zero, certain it would work. It did not.

[As technology advances, will it continue to blur the lines between public and private? Sign up for Charlie Warzel’s limited-run newsletter to explore what’s at stake and what you can do about it.]

After that failure, my sisters and I treated every one of the remaining tries like some sort of nuclear access code. We made a few more attempts, none successful. With each failure, the phone made us wait longer between tries. Eventually we decided it was best to stop and find a different way in — the risk of permanently erasing everything was too great.

As a historian and biographer, I’ve made a career of reconstructing lives. To do that, you need information. The people I study and write about are entrepreneurs, innovators, famous and wealthy individuals. Their lives have been well documented in countless ways, including television interviews, newspaper and magazine articles, congressional testimony, patent records and the corporate archives of companies they founded. It’s relatively easy to reconstruct those lives, particularly if there are still friends and colleagues to help fill in the blanks.

Mom left no public record aside from a letter to the editor published in The Tulsa World. Instead, she had a dusty purple plastic bin she labeled “Memorabilia” with a Magic Marker. Inside were a prom program, a love letter from a boyfriend we had never heard of and hundreds of drawings, photos and notes from her grandchildren or us sisters as children. She had the photo albums she had made when we were little. A safe deposit box held her citizenship papers and other legal documents.

Nearly anything from the past 20 years existed only online, locked away behind passwords and firewalls. Notwithstanding the cards she made by gluing New Yorker cartoons onto cardstock, her written communications essentially stopped in the early 2000s, when she got an email account. She was a great texter, pouncing to be the first to respond in any group and embracing emojis with the passion of a preteenager. Her social media posts were politically passionate and at times head-scratchingly random.

I valued these public things, of course, but I also wanted more. We document our lives in two ways, one intended and one not. There are the emails we send, the photos we post and the comments we debate and wordsmith before hitting Return. And then there is the inadvertent record: the enraged first drafts, the unflattering selfies, the record of purchases at Amazon or Netflix, the digital sticky notes we had not meant to keep.

We work hard to curate the public self and rarely think about the shadow self. I knew from my own work, however, that off-the-cuff notes, old receipts, call logs and calendar entries can serve as proxies for feelings. A run of doctor’s appointments, a glut of calls to the same phone number that never picks up, the purchase of five types of acne cream or a self-help book — these are clues. When we are alive and artificial intelligence assembles these clues to hazard an eerily accurate prediction about our interests and future desires, we are horrified. But for a historian looking at the life of someone who has died, the same clues can lead to understanding.

As a daughter, my heart broke at the realization that digital records, along with the stories from those of us who loved Mom, were going to be the best way to be with her again, to learn from her again or to laugh again at her stupid jokes. But as a historian, my mind raced. If the only way to preserve her memories was to put together the pieces of her digital life, then we had to hack into her online accounts.

After a frantic hunt, my middle sister found a small pocket calendar in Mom’s desk. The back pages were filled with handwritten login IDs and passwords. I patted myself on the back for having insisted Mom record her passwords, and we sisters rejoiced … for about five minutes. At site after site, login page after login page, every attempt failed.

The only login and password combination that worked was for her Apple iCloud account, but she had protected it with two-factor authentication. We could see that her phone was receiving texts — texts from Apple containing the codes needed to get into her account — but we couldn’t unlock the phone, so we couldn’t see the code. I called a few high-powered techies I know from working at Stanford and living in Silicon Valley, but none of them could help. It seemed we would be locked out of everything.

Eventually I found a savior — a young employee at an Apple Store. I explained to him that I had Mom’s login ID (an email address) and the password for her Apple account, but I couldn’t override the two-factor authentication. He asked me to enter the login and password, and he grimaced when her locked phone lit up with the authentication code we could not see. Then his expression changed. “Let’s try her SIM card,” he said.

A phone’s SIM card is no bigger than the fingernail on your pinkie finger, but it is of vital importance. It gives your phone its unique identity, making it possible to associate the physical device with a specific mobile carrier and phone number. You can pop the card out of your phone by inserting a paper clip in the tiny hole you might have noticed on the side of your phone. Moving a SIM card from one phone to another is how most people move their phone number when they upgrade their devices.

The employee ejected the SIM card from Mom’s phone and put it in his own. His phone now had her phone number. We logged into Mom’s iCloud account again. This time we clicked the link that said we had not received the original two-factor passcode sent to the phone as a trusted device. We requested another be sent to her phone number. An instant later, his phone buzzed with the code. “O.K. to input this?” he asked. My heart pounded at the thought of this young stranger being with me when I peeked into Mom’s hidden digital life for the first time, but I nodded approval. He typed the code on the site.

Boom: We could see her Apple mail, her memos, her bookmarks and her photos. We had recovered a key to unlock her digital world.

At home, I put Mom’s SIM card into my husband’s phone so that it could receive texts sent to her number. Now, with her login ID and control over her phone number, I could impersonate her. At every website, I said that I forgot her password. The website tried to confirm her identity by texting a code to Mom’s registered phone number — and the code would go straight to my husband’s phone. Once I was logged in, I could then change both the password and the trusted phone number that would thereafter be associated with the account. Every time a page opened up with her name at the top, I felt a mix of elation and nausea.

It took hours, but I gained control of her email accounts, her Amazon account, her cable provider and the sites for her credit cards. We never did figure out the passcode to her phone, which means I will most likely never see the iMessages or other encrypted information. Otherwise, I now have access to almost all of her digital history.

After all that work to crack Mom’s accounts, I haven’t looked at them. It has been six months, but it’s still too soon. Looking through her digital life will mean remembering her before she was gone, back when I was a daughter with the luxury of being annoyed by her calls or texts, back before she or I understood in the visceral, never-going-back way I do now that it was all going to end. I haven’t even listened to the voice mail messages from her that I still have on my phone. I do know they almost all begin in the same way: with a pause and then her voice saying, “It’s just me.”

Leslie Berlin, a historian at Stanford, is the author, most recently, of “Troublemakers: Silicon Valley’s Coming of Age.”

The Times is committed to publishing a diversity of letters to the editor. We’d like to hear what you think about this or any of our articles. Here are some tips. And here’s our email: letters@nytimes.com.

Follow @privacyproject on Twitter and The New York Times Opinion Section on Facebook and Instagram.


Have a say in your digital legacy by writing down instructions today

Forgotten Elements in Estate Plans

After hearing the words “estate plan,” some people may think of a will or a trust. These are important legal documents, but there is so much more to consider when thinking about estate planning.

When considering how complex estate planning can be, it is understandable that some elements may be overlooked. While the following components are often forgotten, their importance should not be minimized.

Incapacity planning

We like to think that we’re invulnerable, but we’re all susceptible to facing a serious injury that could leave us incapacitated. Having a living will gives you the power to specify which types of end-of-life medical care you want to receive. Naming a power of attorney allows you to choose someone to make medical and financial decisions on your behalf if you’re unable to do so on your own.

Choosing the best executor

The executor is the person responsible for settling your estate after your death. This is an important role, and it is something that should be carefully considered when naming someone. Some families simply choose their oldest child to serve as the executor of their estate. The oldest child may be the best person for this role, but that isn’t always the case. Rather than defaulting to someone, look for someone with a good temperament and is willing to carry out the responsibilities of the role.

Digital asset planning

As technology advances, our lives are becoming increasingly digitized. While people often remember to include their non-digital assets in their estate plan, many people are forgetting to plan for their digital assets, too. Digital currencies and files that are stored on your computer, including photos and music, should be included in your estate plan. Having a list of passwords that will allow people to access your accounts after your death is also a good idea.

Regularly reviewing beneficiary designations

When you opened a retirement account or purchased a life insurance policy, you were likely prompted to name a beneficiary. These beneficiary designations specify who is entitled to receive the money in your account or the death benefits on an insurance policy if you die. The beneficiary designation will trump what is written in your will, so it is critical that the designation is up to date.

Estate planning is about so much more than simply deciding where your belongings go after you die. A complete estate plan should protect your finances, your family and your independence. Ensuring these four elements are part of your estate plan can help you accomplish those goals.

What Makes up Your Digital Estate?

This article is provided by Legal Templates — the web’s leading resource for creating free legal documents simply and quickly. We equip people with the right tools to be their own legal advocates. Find out more at Legal Templates »


Americans are creating online data at an alarming rate, and it is increasing exponentially. Each minute of the day, online users share roughly 2.5 million pieces of content on Facebook, Tweet 2.8 million times, post 2.2 million photos on Instagram, and swipe over 400,000 times on Tinder. On top of social media, people may use a combination of other online accounts – email, financial, blogs, photo-sharing, and online data storage services.

This adds up to a large amount of “digital property” or “digital assets” for most individuals. It should, therefore, seem commonplace to include a plan for your digital estate in a Last Will & Testament to ensure this sensitive data remains secure and is managed properly after one’s death. Otherwise, this data could be vulnerable to identity thieves and hackers who target the records of approximately 2.5 million deceased individuals a year.

What is Your Digital Estate?

A person’s digital estate is made up of all the information about themselves or created by themselves that exists in digital forms, either on the internet or on some sort of electronic storage device. This article will help you better understand the many different kinds of “digital assets” you might own.

Types of Digital Property

  • Personal digital property
  • Personal digital property with monetary value
  • Digital business property

Personal Digital Property

Your personal digital property includes any information or data that you store electronically – online, on the cloud, or on external hardware. Examples include:

  • Computing hardware – computers, external hard drives, flash drives, tablets, smartphones, digital music players, digital cameras, and any other digital devices
  • Online accounts – email accounts, social media accounts, shopping accounts, photograph or video sharing platforms, video gaming accounts, online storage, websites or blogs you manage
  • Intellectual property – copyrighted materials and trademarked items

Personal Digital Property with Monetary Value

This is not completely separate from the list above, but includes digital property that brings in some sort of monetary value or generates revenue. Examples include:

  • Computing hardware – computers, external hard drives, flash drives, tablets, smartphones, digital music players, digital cameras, and any other digital devices of monetary value
  • Websites that generate revenue
  • Payment platforms – Paypal, Amazon Payments, Google Wallet, bank accounts, loyalty rewards programs, and accounts with credit balances in your favor

Digital Business Property

This includes digital property that is owned by a business organization, either your business or your employer. Examples include:

  • Online accounts registered to the business
  • Assets to sell on an online store – eBay, Etsy, Amazon, etc
  • Mailing lists, newsletter subscriptions, or email lists with the names of company clients
  • Client information and customer history

Other Digital Property to Manage



It is not just online data that you need to secure in order to keep your digital estate safe. There are numerous external hardware devices that can contain either valuable or sensitive data. Here are some examples and what content needs to be secured:

  • External hard drives – all contents
  • Smart phones and mobile phones – call history, text history, photographs, videos, location data, contact list, online access through applications, and other content
  • Tablets – all contents
  • Computers – all contents
  • Digital music player – personal data and online store accounts
  • Digital camera – photographs or videos
  • E-readers – personal data and online store accounts

Online Accounts

It has become common for people to have a wide variety of online accounts. Each one of these accounts likely required some sensitive data – name, age, gender, email address – in order to open it. Beyond this personal data, many of these accounts generate and host a lot more personal information about you that makes up a large portion of your digital estate and therefore, needs to be managed. Consider these digital assets:

  • Social media accounts
    • Facebook, Twitter, LinkedIn, Pinterest, and other, including any content you shared and any correspondences you had on those platforms
  • Online communication tools
    • Skype, FaceTime, IM, iChat, WhatsApp, Line, Facebook Messenger, Gchat, and any data or conversations you have shared on those platforms
  • Email accounts
    • Any conversations or data you have shared
  • Photo and video sharing platforms
    • Instagram, Youtube, Flickr, Photobucket, Picasa, and others, including any content you shared, personal data in account settings, and correspondences you had
  • Websites
    • Writing or content you created, history of interactions with readers or users, and any income that was generated as a result
  • Online shopping accounts
    • Personal information stored in account settings – credit card information, address, purchase history, and credit card information or online credit you have with the company
  • Video gaming accounts
    • In-game or in-app purchase history, account information, and any in-game assets you acquired
  • Online storage accounts
    • Dropbox, Goggle Drive, and other cloud storage, including any data and information stored there
  • Loyalty programs
    • Credit cards, airlines, car rental companies, hotels, and other, including any benefits you have collected

Intellectual Property

Your digital estate can also include intellectual property that you have created whether there are physical elements or not. Intellectual property can often have monetary value or the potential for future gains. Intellectual property can include:

  • Registered trademarks
  • Copyrighted digital materials
  • Patents


By being aware of what digital property you own, you can begin to grasp what makes up your entire digital estate, and, as you can see from the lists above, this can include a vast web of online accounts and personal data. Although it might seem like a daunting task, it’s important to keep track of all of this sensitive online data. One day, you will have to include this information as part of your digital estate planning in order for the Executor, or Digital Executor, of your Will to have the ability to manage your digital property. Without a plan to keep this data secure, identity thieves and hackers can pose a serious threat to your digital assets and, in turn, your loved ones.