Digital wills are mechanisms that determine who has access to our digital data after death. One of the critical challenges for transmitting online and offline digital data is the transmission of passwords.
- Offline digital data is the data in our laptops and various storage devices. Transmitting this data is relatively easy because the ordinary will (or in its absence, normal succession laws) determine the transmission of the hardware on which the offline digital data resides. Since no third party is involved, there is no need to worry about the service terms of such third parties. The principal obstacle in the transmission of offline data arises when this data is encrypted. As I explained in an earlier blog post, all valuable offline data must be encrypted. Hence a way must be found to transmit these passwords.
Online digital data include email and other cloud based services. The difficulty here is that a cloud service provider might not respect the terms of the ordinary will or an intestate succession. This might happen for many reasons:
The provider might not have verified the real world identity of the customer and might not be able to satisfy itself that the death certificate and will relate to the original owner of the email account or other service.
The provider might be located in a different country and might be only partially subject to the jurisdiction of the customer’s legal system and judiciary.
The terms of service may restrict transferability of the account after death so that the cloud data does not constitute inheritable property at all.
Because of these problems, the first line of defence against loss of data on death is to maintain an offline backup as I explained in my two posts on “Head in the cloud, feet on the ground”. Any mechanism for transmitting the offline data will also transmit the latest offline backup of the online data as well. The second line of defence would be to rely on the well known maxim that Possession is nine-tenths of the law and assume that a legal heir who obtains access to the password has practical control over the cloud account.
So the solution to both components of the digital data problem boils down to the same thing: the passwords must be transferred to the heirs. This post is about the challenges of achieving this transmission. A digitally active person would have so many passwords (for example, I use more than 250 passwords) that the only practical way to keep track of them is to use a password vault (say, Password Safe, KeePass or KeepassX). Then the question is how to transmit the password vault to the legal heirs. If your laptop is encrypted (as it should be), then it could take a couple of passwords to even reach the password vault and so the vault must be transmitted separately to be of any use.