The Digital Estate
- Details
- Created on 27 July 2016
- Written by Steve Burrows
So, what happens when I die? What happens when you die? Apart from standing in front of the Pearly Gates trying to explain to St. Peter why he shouldn’t shove us back in the elevator and push the button for the basement?
One of the first things will likely be that our credit cards are cancelled, and all the recurring charges for our online services will cease to be paid - email, cloud file storage, web services, domain names etc. If the services we use are free then sooner or later the service provider will notice that we’re not logging in any more, and after emailing us a notification they’ll start deleting our accounts and data. Even in cyberspace we’re unlikely to live forever.
I don’t know about you, but in my case nobody knows my passwords, and they’re not written down. My successors, next of kin, co-directors et. al. don’t know which services I use to keep data online, or how to access my electronic correspondence, accounts and documents. They don’t necessarily even know how to gain administrative rights over services I have set up for them to use including their own email etc. - and unless I do something about this, which I promise I will (hopefully before I lose my memories or kick the bucket), the whole digital shooting match will collapse and be lost irrecoverably.
The Digital Estate is a modern phenomenon, and a modern problem. In the past a very small number of people used passwords and ciphers to encrypt information and may have died without passing on the keys, but today huge swathes of us use passwords to restrict access to services, and many of us have encrypted data for security - possibly not even realising it because some digital service providers encrypt by default to protect us from prying eyes.
For many years I was a director of a UK company which, despite a turnover of over £50 Million, did not possess a single credit card. We needed a credit card for all sorts of web transactions including web server rental, domain name rental, online advertising, buying computer spares and software online etc., so I used one of mine and claimed all the expenditure back as expenses - regularly over £10,000 a month. The company’s entire Internet estate depended upon my credit card to pay those increasing number of online suppliers who do not accept purchase orders and do not offer corporate accounts or standard business credit terms, and my passwords to access the services. I was on the risk register, my co-directors determined that the single worst thing that could happen to the company would be Steve dying, the Finance Director finally gave way and arranged corporate credit cards to take the strain from my flexible friend.
Cutting all the waffle then, when you, or one of your co-directors, or one of your family die it is increasingly likely that there will be digital assets which the executors and survivors want or need to take control of - anything from the master passwords for business-critical online services or email and written correspondence which may cover instructions given or agreements made, to digital photo albums which survivors wish to preserve for sentimentality. For the small business in particular the risks are substantial as the online services may include the business domain name, email services and web shop; losing access to these would be a major business setback.
Getting control of these assets, the deceased’s digital estate, is going to be problematic. If it is known what online services the deceased used, and what user credentials are required to access them, then all will be well, but we are exhorted to regularly change passwords and not to share them with anyone. Therefore it’s common that any credentials known to survivors are outdated. Small businesses in particular should ensure that the keys to the digital assets of the business are held by more than one person.
If the survivors don’t know which service providers the deceased used then things get tougher, significant investigation may be needed to reconstruct the deceased’s digital life and discover where digital assets are held.
Some online service providers, certainly most of the big ones, have established processes, albeit not necessarily very robust or easy, for transferring control of online accounts to survivors. These procedures are not necessarily easy to find, they are commonly hidden away in the legalese of terms and conditions, and they are very inconsistent from one provider to the next - there is no uniform protocol for the handling or handing over of a deceased person’s digital assets. To complicate matters further, the Internet being what it is, some service providers are likely to be in foreign jurisdictions with different laws and different expectations of proof of death and proof of the survivor’s rights.
Once the digital service providers and online account identities have been established the next step is to execute the provider’s process, which will include supplying evidence to show both that the deceased is deceased, and that the survivor has a right to claim access to the digital estate. This will almost always involve telephone contact with the online providers, which is rarely easy, and will often require posting of certified copies of death certificate and survivor’s proof of identity.
It’s always messy when someone dies, but so much easier and quicker to search the desk drawers and discover the paper records than it is to track down the electronic records - some services such as domain names may be pre-paid for up to ten years so the original transaction may be lost in the mists of time. Identifying the various online suppliers can be slow, which is a problem in itself. When the account ceases to be paid or used the clock may start ticking towards the supplier’s automatic deletion of the deceased’s data.
How long the supplier holds the data once the account payments or usage ceases varies, it may be as little as 30 days for some free email services or 90 days for some paid email services, whilst a rented server or web hosting may terminate a couple of weeks after the first missed payment, therefore it is necessary to act fast. Some paid service providers will simply downgrade the account to their “free” tier once the monthly bill ceases to be paid, if they have one. This will result in loss of features, and likely a reduction in storage capacity, but will probably retain all that vital information for an extended period. With other service providers delete means delete; if you don’t get the data before time runs out then it will be lost completely.
Social media accounts tend to stay up a long time, allowing the presence of deceased to linger like a ghost in the Internet, but some social media platforms will not provide the survivors with access to the account on the basis that it was a service to a single living individual. The survivors can usually request that the account is deleted, but access to any data not publicly available on the user’s account may be refused on privacy grounds.
So what to do? For each of us it is probably sensible that we have a list of online services used, with account names, securely locked away where they may be found after death - nothing more than a list of where our digital assets are kept online. Passwords would be helpful for the survivors, but keeping them up to date would be improbable and a security risk.
For the survivors, the very best advice irrespective of any legal niceties is to gain control of the deceased’s computers, tablets, smartphones etc. immediately - in many cases digital services used by the deceased, and the username and password needed to access the data, will be stored in the web browser or email client meaning that accessing and retrieving the data is easy as long as it is done quickly, before the credit card payment is missed or the account has been left unused for too long. It will almost certainly be a breach of the online supplier’s terms and conditions, but it’s better than the alternatives. Prompt action to recover the digital estate is rarely going to be at the top of the list when somebody dies, but any delay can introduce all sorts of hassle.
There really ought to be a specialist service to assist with the recovery of the digital estate after death, but at present there isn’t one that I know of. If you don’t feel confident about finding and accessing the deceased’s digital assets then call in an IT expert - but do it quickly.
