September 22, 2006 4:00 AM PDT
Taking passwords to the grave
- Related Stories
-
House panel endorses controversial spy bill
September 20, 2006 -
Google revises privacy policy
October 18, 2005 -
Google balances privacy, reach
July 14, 2005 -
Yahoo releases e-mail of deceased Marine
April 21, 2005
Talcott, 69, a friend of beatnik Neal Cassady, apparently took his password to the grave.
It's a vexing, and increasingly common problem for families mourning the loss of loved ones. As more and more people move their lives, address books, calendars, financial information, online, they are taking a risk that some information formerly filed away in folders and desks might never be recovered. That is, unless they share their passwords, which poses security threats.
"He did not keep a hard copy address book. I think everything was online," said Talcott's daughter, Julie Talcott-Fuller. "There were people he knew that I haven't been able to contact. It's been very hard."
"Yahoo (his e-mail provider) said it wouldn't give out the information due to privacy laws, but my dad is dead so I don't understand that," she said.
But it's not a question of privacy rights so much as property rights, said Marc Rotenberg, executive director of the Electronic Privacy Information Center.
"The so-called 'Tort of Privacy' expires upon death, but property interests don't," he said. "Private e-mails are a new category. It's not immediately clear how to treat them, but it's a form of digital property."
Attorneys advising clients on estate planning should ask them to determine who they want to have access to their computers when they die, Rotenberg said.
That's exactly what San Francisco-based estate planning attorney Michael Blacksburg does. "I advise clients to put all their passwords to things online in an estate planning document," he said.
Blacksburg also asks his clients what they want to have happen with their electronic media, like music in iTunes and photos in Shutterfly.
"The older generation is just getting in the habit of using computers," Blacksburg said. This problem will become more acute in coming years as more and more people become computer savvy, he added.
The situation poses a dilemma for e-mail providers that are pilloried by privacy rights advocates at the mere suggestion of sensitive data being exposed, at the same time they are expected to hand over the digital keys to family members when a customer dies.
Last year, Yahoo was forced to provide access to the e-mail of a U.S. Marine killed in Iraq to his father, who got a court order in the matter.
"The commitment we've made to every person who signs up for a Yahoo Mail account is to treat their e-mail as a private communication and to treat the content of their messages as confidential," said Yahoo spokeswoman Karen Mahon.
Beyond acknowledging that Yahoo complies with court orders, Mahon declined to discuss Yahoo's requirements for providing family members access to the e-mail accounts of their deceased loved ones.
Google will provide access to a deceased Gmail user's account if the person seeking it provides a copy of the death certificate and a copy of a document giving the person power of attorney over the e-mail account, said a Google spokeswoman.
America Online follows the same policy, according to spokesman Andrew Weinstein.
"In terms of tips for estate planning, it's much easier if a family member already has the password, or a person could entrust their key passwords (for online access/banking/stock accounts, etc.) to a trusted friend or attorney," Weinstein wrote in an e-mail. He said the situation comes up "fairly regularly."
And "Microsoft's policy allows next of kin to gain access to the content of the Windows Live Mail account (burned on CD/floppy disk) of the deceased upon proving their relationship," a Microsoft spokesman wrote in an e-mail. "We have tried to institute a policy that is very focused on privacy, but at the same time honors the request of bereaved family members going through a difficult time."
Talcott didn't leave a will, unless it is stored on his computer somewhere, so his family is still working out who will be his executor, his daughter said. Once that is established, Talcott-Fuller said she will approach Yahoo again for access to his e-mails.
However, an electronic will is not necessarily valid, according to Ronald Cooley, an estate planning attorney in the retirement enclave of Sun City, Ariz.
"A will in a computer is no good. It has to be printed out, signed and witnessed" to be valid in California and Arizona, Cooley said. "You can't leave it in a Word document on your computer."
Although his password remains a mystery, Talcott, who worked as a mainframe programmer when he wasn't traveling around Europe, acknowledged the importance of data retention for posterity in a poem titled "Eating Salad With My Fingers:"
"Our office romance is over because I am no longer employed," Talcott wrote. "Where is our offsite backup tape?"
See more CNET content tagged:
estate,
Marc Rotenberg,
e-mail company,
address book,
password
I can see envision a business where loved one's sign up with a business that sells personal USB flashdrives that can be used in case of sudden or natural death.
Nice idea but impractical and highly insecure.
If you really have a problem with passwords, use a smart card. That way, when you die, your next of kin will have the physical card with which your data can be retrieved, while random people on The Internets are still denied access.
but i guess you people don't want to trust anyone.
I do like the idea of using a thumb drive. The thumb drive can be kept on a key ring or in a safe place, such as a safe deposit box (if you really think that your information is that important).
Five years ago I learned a valuable lesson about Yahoo when I forgot my password. Yahoo's system wouldn't send my password to the address I specified and I never got a response from Yahoo customer service despite my multiple e-mails. It's been about that long since I used Yahoo.
If they were not involved in their life enough to know any of the relative's contacts who could then pass the information on to others then they shouldn't get involved with ths now.
The sentence is missing the verb BE before recovered!
Check out the Mars "face" photos on C/Net... several more missing
words and grammatical errors.
It doesn't take long to get it right.
On the other side of the coin, many years ago, spotted a big thick computer printout in a dumpster. The old fanfold paper with the green shading and holes down the side.
I figured to use the back for drawing paper. In the front i discovered every username and password to the Chase Manhattan Bank Money transfer computer.
About 90% of them were single english words, and half were either "Loot" "booty" or similar very guessable words.
Moral: Better to carry the passwords to the grave than to throw them in the trash.
PS, no i didn't get illegally rich, i called security and returned the printout.
Maybe the police could get back to catching [b]real[/b] criminals.
Some may say that people don't plan for such because they want a dark side of their life hidden. That argument only stands for those who have a value for a dark side. But for most people who understand the importance of the issue, they will plan for it.
In short, no one likes to plan for after their death let alone think about the possibility of death itself. But in an increasingly digital world we've included technology as part of our lives, now we must include it in the plans for after we move on beyond this world.
At first I thought the idea of putting your passwords in your will was lame because there is so many of them. However, if you used a password manager to store all your data, then you would only need to place one password in your will, along with instructions to your next-of-kin.
As for the "perversion" comment, I suppose you could have two copies of your password manager, one for your data that needs to survive you, and one for data you only want your creator to know about.
Keep it updated on a periodic basis, and when you eventually get shunted off to daisy-pushing duty, your next of kin can retrieve the stick and get to work on using it to settle all your final stuff.
/P
Well, the point is that there are ways to give people access to your file of passwords after you die and not before. I remember an idea discussed a while back in emaildiscussions.com of having an email automatically sent to someone after you die. There are some issues involved (such as "what if they changed address?") Anyway one might leave part of the passphrase with someone, and have the other part automatically freed after a certain time of inactivity (so you have your encrypted keys online, you have a timer that will open access to them once you failed to reset the timer, and you have someone that knows where to access them once they are accessible, and that someone has another part of the passphrase needed to decode the info (and then you can complicate it as much as you like, such as by sending the person who can access the info to a third party holding another part of a needed passphrase and instructed not to give it unless you are dead...).
Before windows, I had a perfect plan. I wrote a program I named “dead”. Once the program was activated, it waited 2 months and then decrypted and printed all my passwords. If the machine was stopped for any reason, it started over. That will not work in windows. You could start the program and open another window to change the clock.
If he'd wanted them in his email accounts, he'd have given up the password - it's not like he wasn't aware that he had cancer.
And, close personal friends would be aware of his condition (if he so wanted) and would have alternate means of contacting the family.
I can't imagine a close personal friend who's sole way of contacting a person with cancer would be an email account. I mean, what if they died?
I can see no real reason for this post-death invasion of a person's privacy. Dispite the family's stated noble purposes, if Mr. Talcott had wanted his family in his emails, he'd have given them the passwords.
People sometimes want to take thier secrets to the grave. Who are we to say that they can't?
Rest in peace, Mr. Talcott.
I think if it was that big of a deal, like if it was REALLY important, that that person is going to tell their family or next of kin or be it what it may.
What they have in their account is really no body else's business unless that person feels that they have the right to access it.
It is really none of our business if that person didn't want us to know. Why can't we all just leave things as they are, and let that person's secrets die along with them. Because that's exactly where the secret needs to be, with THEM!!
-
by keeef1
July 25, 2008 3:06 PM PDT
- That's odd, because Yahoo will share your account details with Mafia in a moment. http://endmafia.com
-
Reply to this comment
-
See all 35 Comments >>