Taking passwords to the grave

William Talcott, a prominent San Francisco poet with dual Irish citizenship, had fans all over the world. But when he died in June of bone marrow cancer, his daughter couldn't notify most of his contacts because his e-mail account--and the online address book he used--was locked up.

Talcott, 69, a friend of beatnik Neal Cassady, apparently took his password to the grave.

It's a vexing, and increasingly common problem for families mourning the loss of loved ones. As more and more people move their lives, address books, calendars, financial information, online, they are taking a risk that some information formerly filed away in folders and desks might never be recovered. That is, unless they share their passwords, which poses security threats.

"He did not keep a hard copy address book. I think everything was online," said Talcott's daughter, Julie Talcott-Fuller. "There were people he knew that I haven't been able to contact. It's been very hard."

"Yahoo (his e-mail provider) said it wouldn't give out the information due to privacy laws, but my dad is dead so I don't understand that," she said.

But it's not a question of privacy rights so much as property rights, said Marc Rotenberg, executive director of the Electronic Privacy Information Center.

"The so-called 'Tort of Privacy' expires upon death, but property interests don't," he said. "Private e-mails are a new category. It's not immediately clear how to treat them, but it's a form of digital property."

Attorneys advising clients on estate planning should ask them to determine who they want to have access to their computers when they die, Rotenberg said.

That's exactly what San Francisco-based estate planning attorney Michael Blacksburg does. "I advise clients to put all their passwords to things online in an estate planning document," he said.

"I think everything was online. There were people he knew that I haven't been able to contact. It's been very hard."

--Julie Talcott-Fuller, daughter of deceased man

Blacksburg also asks his clients what they want to have happen with their electronic media, like music in iTunes and photos in Shutterfly.

"The older generation is just getting in the habit of using computers," Blacksburg said. This problem will become more acute in coming years as more and more people become computer savvy, he added.

The situation poses a dilemma for e-mail providers that are pilloried by privacy rights advocates at the mere suggestion of sensitive data being exposed, at the same time they are expected to hand over the digital keys to family members when a customer dies.

Last year, Yahoo was forced to provide access to the e-mail of a U.S. Marine killed in Iraq to his father, who got a court order in the matter.

"The commitment we've made to every person who signs up for a Yahoo Mail account is to treat their e-mail as a private communication and to treat the content of their messages as confidential," said Yahoo spokeswoman Karen Mahon.

Beyond acknowledging that Yahoo complies with court orders, Mahon declined to discuss Yahoo's requirements for providing family members access to the e-mail accounts of their deceased loved ones.

Google will provide access to a deceased Gmail user's account if the person seeking it provides a copy of the death certificate and a copy of a document giving the person power of attorney over the e-mail account, said a Google spokeswoman.

America Online follows the same policy, according to spokesman Andrew Weinstein.

"In terms of tips for estate planning, it's much easier if a family member already has the password, or a person could entrust their key passwords (for online access/banking/stock accounts, etc.) to a trusted friend or attorney," Weinstein wrote in an e-mail. He said the situation comes up "fairly regularly."

And "Microsoft's policy allows next of kin to gain access to the content of the Windows Live Mail account (burned on CD/floppy disk) of the deceased upon proving their relationship," a Microsoft spokesman wrote in an e-mail. "We have tried to institute a policy that is very focused on privacy, but at the same time honors the request of bereaved family members going through a difficult time."

Talcott didn't leave a will, unless it is stored on his computer somewhere, so his family is still working out who will be his executor, his daughter said. Once that is established, Talcott-Fuller said she will approach Yahoo again for access to his e-mails.

However, an electronic will is not necessarily valid, according to Ronald Cooley, an estate planning attorney in the retirement enclave of Sun City, Ariz.

"A will in a computer is no good. It has to be printed out, signed and witnessed" to be valid in California and Arizona, Cooley said. "You can't leave it in a Word document on your computer."

Although his password remains a mystery, Talcott, who worked as a mainframe programmer when he wasn't traveling around Europe, acknowledged the importance of data retention for posterity in a poem titled "Eating Salad With My Fingers:"

"Our office romance is over because I am no longer employed," Talcott wrote. "Where is our offsite backup tape?"

[Kiyomizu]

Personal USB FlashDrive

Maybe people need to have a personal USB Flashdrive with all your passwords in it just in case you decide to kick the can prematurely.

I can see envision a business where loved one's sign up with a business that sells personal USB flashdrives that can be used in case of sudden or natural death.

[brodie657]

....

Right so if someone breaks into your house, they now have access to every single password you've ever had. And I really can't see someone putting it in a safe deposit box at the bank, and taking it out and updating it every time you get a new password.

Nice idea but impractical and highly insecure.

[ordaj]

Passwords are required to change frequently

What a mess. Do I have to keep updating my gazillion passwords and then keep updating a relative. It's a giant pain. Passwords need to go away.

[MrNougat]

Moron

If passwords need to go away, why don't you just tell me yours then? You do realize that your statement says "No one's information should be secure at all," don't you?

If you really have a problem with passwords, use a smart card. That way, when you die, your next of kin will have the physical card with which your data can be retrieved, while random people on The Internets are still denied access.

[vkotor]

Trust

what you need is to have a person in your life that you trust enough, so that (s)he can know your password. then there's no problem.
but i guess you people don't want to trust anyone.

[MythicalMe]

Trusting someone else

My thoughts exactly. My wife doesn't know my passwords, but she knows where I keep at least one. If she has that password, she has access to all my passwords along with instructions on how to obtain them. I wonder if Melinda Gates has access to Bill's accounts?

I do like the idea of using a thumb drive. The thumb drive can be kept on a key ring or in a safe place, such as a safe deposit box (if you really think that your information is that important).

Five years ago I learned a valuable lesson about Yahoo when I forgot my password. Yahoo's system wouldn't send my password to the address I specified and I never got a response from Yahoo customer service despite my multiple e-mails. It's been about that long since I used Yahoo.

[chrisx1]

Not important

Relatives probably just want to satisfy their own curiousity by reading their relative's old e-mails and are using the need to notify people about the death as an excuse.
If they were not involved in their life enough to know any of the relative's contacts who could then pass the information on to others then they shouldn't get involved with ths now.

[closeupman]

Do writers here not PROOFREAD their work?

As more and more people move their lives, address books, calendars, financial information, online, they are taking a risk that some information formerly filed away in folders and desks might never recovered.

The sentence is missing the verb BE before recovered!

[Sparky672]

It's Friday

... the editors must be out at TGI's already.

Check out the Mars "face" photos on C/Net... several more missing
words and grammatical errors.

[Jon Skillings]

Missing word reinstated

Thanks for catching that. We've put the "be" where it belongs.

[texasags]

No, they don't.

Writers often do not proofread their work anywhere in the internet realm. I think they believe that since it is a simple post, or email, or instant message, it doesn't matter. Ultimately, it does not. However, it also doesn't help to win arguments or prove a point in a discussion when you cannot handle basic spelling and grammar.

It doesn't take long to get it right.

[mpotter28]

common sense

all we need is common sense . This man has undoubtable appointed someone to control his will. this person has the right upon presenting proof of the facts to decide what should happen. Dew the world a favor bill a lairyer. all mispallings for "igknorants". do you really think anybody really cares what we right

[DougDbug]

EXACTLY!

The executor or trustee of an estate has access to everything. He can access bank accounts and withdraw or transfer funds. He/she can even hire a locksmith to crack the deceaseds safe!

[disco-legend-zeke]

Old cartoon in BOARDWATCH...

Picture at graveside, guy is asking widow, "Did your late husband ever say anything about a 'password?'"

On the other side of the coin, many years ago, spotted a big thick computer printout in a dumpster. The old fanfold paper with the green shading and holes down the side.

I figured to use the back for drawing paper. In the front i discovered every username and password to the Chase Manhattan Bank Money transfer computer.

About 90% of them were single english words, and half were either "Loot" "booty" or similar very guessable words.

Moral: Better to carry the passwords to the grave than to throw them in the trash.

PS, no i didn't get illegally rich, i called security and returned the printout.

[kamwmail-cnet1]

Took password to grave cause they don't want to reveal their perversions.

It's a very simple reason why people take their passwords to the grave. They don't want their family members to see what kind of deviant perverts they were.

[Too Old For IT]

Wouldn't it be nice

Wouldn't it be nice to live ina country where you didn't have labels like "normal" or "pervert"?

Maybe the police could get back to catching [b]real[/b] criminals.

[cgrcgr]

Legacy Fingers and Eyeballs

With biometric security coming ever closer to mainstream, will we have to retain the departeds' extremeties as talismans of their digital past?

[Joe Koskovics]

Take the password to your will, not the grave

It's not a surprise to me that people don't consider computer issues in estate planning. Most people don't look upon their email as a disposable commodity rather than a connecting line to their personal & professional life. But they should.

Some may say that people don't plan for such because they want a dark side of their life hidden. That argument only stands for those who have a value for a dark side. But for most people who understand the importance of the issue, they will plan for it.

In short, no one likes to plan for after their death let alone think about the possibility of death itself. But in an increasingly digital world we've included technology as part of our lives, now we must include it in the plans for after we move on beyond this world.

[Ngallendou]

ISPs to offer passwords to berieved

ISPs should now start offering to provide deceased users' account names and passwords to berieved relatives, with users' previous permission, upon presentation of death certificate or probate court order.

[converter42]

Security implications would be unacceptable

A secure password store contains only a cryptographic hash of the original password. I won't do business with any online service provider that keeps cleartext copies of my passwords. This would be an unacceptable security risk.

[daveteare]

Bequeathing a single password

I really liked this story, it gave me a lot to think about.

At first I thought the idea of putting your passwords in your will was lame because there is so many of them. However, if you used a password manager to store all your data, then you would only need to place one password in your will, along with instructions to your next-of-kin.

As for the "perversion" comment, I suppose you could have two copies of your password manager, one for your data that needs to survive you, and one for data you only want your creator to know about.

[Penguinisto]

Simple enough to get around...

...put all of your most commonly-used usernames and passwords on a geek stick (in .txt/ASCII format), and stick that in a safe deposit box with a copy of your will. Give a copy of the key to a relative/loved-one you trust.

Keep it updated on a periodic basis, and when you eventually get shunted off to daisy-pushing duty, your next of kin can retrieve the stick and get to work on using it to settle all your final stuff.

/P

[hadaso]

two passwords

Store all the info you want people to have after your death encrypted in a safe place. Do it in a way that two passwords (or passphrases) are needed to decypher. Give the two passwords that are needed for the decryption to two people that hate each other's guts. After you die look down from heaven and enjoy watching them having to cooperate to see if you left them anything!

Well, the point is that there are ways to give people access to your file of passwords after you die and not before. I remember an idea discussed a while back in emaildiscussions.com of having an email automatically sent to someone after you die. There are some issues involved (such as "what if they changed address?") Anyway one might leave part of the passphrase with someone, and have the other part automatically freed after a certain time of inactivity (so you have your encrypted keys online, you have a timer that will open access to them once you failed to reset the timer, and you have someone that knows where to access them once they are accessible, and that someone has another part of the passphrase needed to decode the info (and then you can complicate it as much as you like, such as by sending the person who can access the info to a third party holding another part of a needed passphrase and instructed not to give it unless you are dead...).

[willdryden]

I like That

That’s funny. The only problem is if one of them dies first or if you do not have 2 friends that hate each other or they make up.

Before windows, I had a perfect plan. I wrote a program I named “dead”. Once the program was activated, it waited 2 months and then decrypted and printed all my passwords. If the machine was stopped for any reason, it started over. That will not work in windows. You could start the program and open another window to change the clock.

[gmycyk191]

Better idea

Why not have a security compnay offer a password "safe keep" service? Sort of a last will type service. Of course security would have to be utmost, but another idea for the ambitous entrepreneur.

[Jim Hubbard]

Ridiculous.......

A person's personal email is just that - personal. The family has no rights to his email accounts. It's the ultimate betrayal of your loved one's trust - to snoop through personal belongings when they die.

If he'd wanted them in his email accounts, he'd have given up the password - it's not like he wasn't aware that he had cancer.

And, close personal friends would be aware of his condition (if he so wanted) and would have alternate means of contacting the family.

I can't imagine a close personal friend who's sole way of contacting a person with cancer would be an email account. I mean, what if they died?

I can see no real reason for this post-death invasion of a person's privacy. Dispite the family's stated noble purposes, if Mr. Talcott had wanted his family in his emails, he'd have given them the passwords.

People sometimes want to take thier secrets to the grave. Who are we to say that they can't?

Rest in peace, Mr. Talcott.

[katelynf]

You assume too much, Mr. Hubbard

You know nothing of Mr. Fuller's condition at the end of his life, or of his wishes, or the content of his e-mails. You assume far too much, including a know-it-all naive tone.

[mommy_2_lexus]

Agreeable

I agree. Someone's personal e-mail is personal.

I think if it was that big of a deal, like if it was REALLY important, that that person is going to tell their family or next of kin or be it what it may.

What they have in their account is really no body else's business unless that person feels that they have the right to access it.

It is really none of our business if that person didn't want us to know. Why can't we all just leave things as they are, and let that person's secrets die along with them. Because that's exactly where the secret needs to be, with THEM!!

[keeef1]

That's odd, because Yahoo will share your account details with Mafia in a moment. <a class="jive-link-external" href="http://endmafia.com" target="_newWindow">http://endmafia.com</a>

[RedHotJoe]

There's an opportunity in this!
Maybe someone could create a "password for next of kin" online application?
Here's how it would work:

1. You feed all of your passwords to the website, but *ONLY* your passwords. In case the website has a dishonest employee, he or she won't know where the passwords will work.

2. The website contacts you via email periodically to see if you are alive.

HEY SO-AND-SO, ARE YOU STILL ALIVE? IF SO, CLICK HERE! YOU HAVE ABOUT ONE WEEK TO RESPOND! OTHERWISE, I'LL CONTACT EVERYONE ON YOUR "NEXT OF KIN" LIST AND REVEAL YOUR PASSWORDS! HAVE A NICE DAY!

3. If the website doesn't hear from you, it assumes that you are dead.

4. The website will immediately contact everyone on your "next of kin" list to reveal your passwords. Since your next of kin already knows about your email addresses, social web profiles, and the like, they can just keep plugging away with the passwords until they have access.