I Needed to Save My Mother’s Memories. I Hacked Her Phone.
Click here to view original web page at I Needed to Save My Mother’s Memories. I Hacked Her Phone.
Claire Merchlinsky
Several days after my mother died in a car accident, my two sisters and I sat together in her apartment, stunned and overwhelmed. High on our horrible to-do list — along with retrieving her smashed vehicle from the tow lot, making burial plans and meeting with the rabbi — was this: getting into her cellphone.
Everything we needed to get her affairs in order was on her phone. Her contacts would tell us who to reach out to about the memorial service. Her email would tell us whether she had made plans we needed to cancel. Her finance apps would tell us whether she had been paying bills electronically. And there would be personal information, too. Her texts to family and friends. Her notepad. Her photos. The e-book she had been reading on the flight home in the hours before the accident as she left the Tulsa International Airport.
Luckily, Mom had given me the passcode to her phone only a month before. When we felt ready, I turned on her iPhone in its pink plastic case and typed in the code.
Nothing.
I typed in the code a second time. Again, nothing. My sisters and I looked at one another. A tightness gripped my stomach as I realized that the code Mom had given me couldn’t possibly work: That code had contained four digits, and her phone was asking for six.
Six digits means one million possible combinations, and her phone would give us only 10 tries before Apple would erase all of her data. Her old passcode had been the last four digits of the phone number at our childhood home, which ended in a zero. We decided to add two zeros to the end and were so confident that we knew how Mom’s brain worked that I paused dramatically before I tapped in the final zero, certain it would work. It did not.
[As technology advances, will it continue to blur the lines between public and private? Sign up for Charlie Warzel’s limited-run newsletter to explore what’s at stake and what you can do about it.]
After that failure, my sisters and I treated every one of the remaining tries like some sort of nuclear access code. We made a few more attempts, none successful. With each failure, the phone made us wait longer between tries. Eventually we decided it was best to stop and find a different way in — the risk of permanently erasing everything was too great.
As a historian and biographer, I’ve made a career of reconstructing lives. To do that, you need information. The people I study and write about are entrepreneurs, innovators, famous and wealthy individuals. Their lives have been well documented in countless ways, including television interviews, newspaper and magazine articles, congressional testimony, patent records and the corporate archives of companies they founded. It’s relatively easy to reconstruct those lives, particularly if there are still friends and colleagues to help fill in the blanks.
Mom left no public record aside from a letter to the editor published in The Tulsa World. Instead, she had a dusty purple plastic bin she labeled “Memorabilia” with a Magic Marker. Inside were a prom program, a love letter from a boyfriend we had never heard of and hundreds of drawings, photos and notes from her grandchildren or us sisters as children. She had the photo albums she had made when we were little. A safe deposit box held her citizenship papers and other legal documents.
Nearly anything from the past 20 years existed only online, locked away behind passwords and firewalls. Notwithstanding the cards she made by gluing New Yorker cartoons onto cardstock, her written communications essentially stopped in the early 2000s, when she got an email account. She was a great texter, pouncing to be the first to respond in any group and embracing emojis with the passion of a preteenager. Her social media posts were politically passionate and at times head-scratchingly random.
I valued these public things, of course, but I also wanted more. We document our lives in two ways, one intended and one not. There are the emails we send, the photos we post and the comments we debate and wordsmith before hitting Return. And then there is the inadvertent record: the enraged first drafts, the unflattering selfies, the record of purchases at Amazon or Netflix, the digital sticky notes we had not meant to keep.
We work hard to curate the public self and rarely think about the shadow self. I knew from my own work, however, that off-the-cuff notes, old receipts, call logs and calendar entries can serve as proxies for feelings. A run of doctor’s appointments, a glut of calls to the same phone number that never picks up, the purchase of five types of acne cream or a self-help book — these are clues. When we are alive and artificial intelligence assembles these clues to hazard an eerily accurate prediction about our interests and future desires, we are horrified. But for a historian looking at the life of someone who has died, the same clues can lead to understanding.
As a daughter, my heart broke at the realization that digital records, along with the stories from those of us who loved Mom, were going to be the best way to be with her again, to learn from her again or to laugh again at her stupid jokes. But as a historian, my mind raced. If the only way to preserve her memories was to put together the pieces of her digital life, then we had to hack into her online accounts.
After a frantic hunt, my middle sister found a small pocket calendar in Mom’s desk. The back pages were filled with handwritten login IDs and passwords. I patted myself on the back for having insisted Mom record her passwords, and we sisters rejoiced … for about five minutes. At site after site, login page after login page, every attempt failed.
The only login and password combination that worked was for her Apple iCloud account, but she had protected it with two-factor authentication. We could see that her phone was receiving texts — texts from Apple containing the codes needed to get into her account — but we couldn’t unlock the phone, so we couldn’t see the code. I called a few high-powered techies I know from working at Stanford and living in Silicon Valley, but none of them could help. It seemed we would be locked out of everything.
Eventually I found a savior — a young employee at an Apple Store. I explained to him that I had Mom’s login ID (an email address) and the password for her Apple account, but I couldn’t override the two-factor authentication. He asked me to enter the login and password, and he grimaced when her locked phone lit up with the authentication code we could not see. Then his expression changed. “Let’s try her SIM card,” he said.
A phone’s SIM card is no bigger than the fingernail on your pinkie finger, but it is of vital importance. It gives your phone its unique identity, making it possible to associate the physical device with a specific mobile carrier and phone number. You can pop the card out of your phone by inserting a paper clip in the tiny hole you might have noticed on the side of your phone. Moving a SIM card from one phone to another is how most people move their phone number when they upgrade their devices.
The employee ejected the SIM card from Mom’s phone and put it in his own. His phone now had her phone number. We logged into Mom’s iCloud account again. This time we clicked the link that said we had not received the original two-factor passcode sent to the phone as a trusted device. We requested another be sent to her phone number. An instant later, his phone buzzed with the code. “O.K. to input this?” he asked. My heart pounded at the thought of this young stranger being with me when I peeked into Mom’s hidden digital life for the first time, but I nodded approval. He typed the code on the site.
Boom: We could see her Apple mail, her memos, her bookmarks and her photos. We had recovered a key to unlock her digital world.
At home, I put Mom’s SIM card into my husband’s phone so that it could receive texts sent to her number. Now, with her login ID and control over her phone number, I could impersonate her. At every website, I said that I forgot her password. The website tried to confirm her identity by texting a code to Mom’s registered phone number — and the code would go straight to my husband’s phone. Once I was logged in, I could then change both the password and the trusted phone number that would thereafter be associated with the account. Every time a page opened up with her name at the top, I felt a mix of elation and nausea.
It took hours, but I gained control of her email accounts, her Amazon account, her cable provider and the sites for her credit cards. We never did figure out the passcode to her phone, which means I will most likely never see the iMessages or other encrypted information. Otherwise, I now have access to almost all of her digital history.
After all that work to crack Mom’s accounts, I haven’t looked at them. It has been six months, but it’s still too soon. Looking through her digital life will mean remembering her before she was gone, back when I was a daughter with the luxury of being annoyed by her calls or texts, back before she or I understood in the visceral, never-going-back way I do now that it was all going to end. I haven’t even listened to the voice mail messages from her that I still have on my phone. I do know they almost all begin in the same way: with a pause and then her voice saying, “It’s just me.”
Leslie Berlin, a historian at Stanford, is the author, most recently, of “Troublemakers: Silicon Valley’s Coming of Age.”
The Times is committed to publishing a diversity of letters to the editor. We’d like to hear what you think about this or any of our articles. Here are some tips. And here’s our email: letters@nytimes.com.
Follow @privacyproject on Twitter and The New York Times Opinion Section on Facebook and Instagram.