On The Meaning of Death As It Pertains To The Digital World
I’ve been thinking about death. That may sound macabre and odd, but it will happen to us all one day, and the better you are prepared for it, the easier it gets for your next of kin.
In the olden days
Before the advent of the web and the inevitable explosion of personal information stored about every person, what happened after you died was pretty straightforward. Either you had a will or you didn’t. If you did, the will would set out, in varying levels of detail, how to apportion your property - from something as simple as leaving it all to a spouse, children and/or charity to complex schemes involving trusts, restrictions and percentages. If you didn’t, the law of the land determined what would happen - either handing it all to your closest surviving relation(s) or transferring it to the state.
With physical assets, it’s often pretty easy both to take stock of what you have and also apportion them as you see fit. The executor simply needs to hand over the asset and the transaction is complete.
Leaving online accounts and goods in your will - or not
Now that we have websites, accounts, personal information and goods that exist only in the abstract (such as subscriptions or software), it has become much more difficult to both work out what you have and also how/if to hand them over to others, and if not, how to leave instructions to the service provider about what should happen next.
Unlike physical assets, there is no easy way for the executor to “hand over” these abstract assets to another person. Subscriptions and software and normally tied to a single individual and cannot be transferred due to licensing restrictions. With online accounts, some may contain private information, and there is no standard way for them to be transferred.
Some of the larger companies have recently started thinking about this problem and how it can be solved - for example, Facebook allows you to set up contacts that are able to carry out some actions on your behalf after your death. In addition, next of kin can ask that your profile is memorialised or deleted upon your death. Some other services such as Twitter and Instagram have similar mechanisms.
That’s all well and good for the handful of accounts where the provider has spent the time and energy to think about the problem and come up with a solution. But how about the vast majority of instances where there is no set process?
Safes, vaults and emergency recovery codes
As a prudent IT professional, I choose long, random passwords for all my accounts, store them in a password manager and enable two-factor authentication wherever provided. In addition, where available, I print out lists of account recovery codes and store them in a physical safe. In addition, I have SSH keys and PGP keys that I use to protect access to servers and encrypt sensitive information or sign GitHub commits.
What happens to all of these things after I die? Do they all stay in limbo, frozen in the last state I left them in? Do they languish and slowly decay as accounts, passwords and keys expire, companies go out of business and subscriptions lapse? Or is there a sane plan, known to the relevant people, that can be used to gain access, freeze or shut down accounts, retrieve valuable information and otherwise proceed in an orderly fashion?
Digital wills for digital natives
At the moment, wills can be stored anywhere, as long as there is a good chance that they are found and followed at the appropriate time. A lot of people entrust this important role to a solicitor or other legal professional who helps draft the document and then keeps a copy of it to release at the appropriate time. Amending this will is potentially a time-consuming and costly exercise and only really needs to be done if there’s a major change of situation (like marriage, divorce, children or a major new asset or disposal). Online accounts, subscriptions and software don’t move at this slow pace, so wills that detail such assets must also be able to be amended at short notice and keep pace with changes as they happen.
There are a handful of companies in various states of maintenance that purport to offer digital wills - that is, online repositories of information such as passwords to social media accounts which are released to online “trustees” or “executors” upon death. These may be a good option for some people, but personally I don’t trust a third-party company to release my information at the right time to the right people, not be hacked and to stay around for as long as required to actually outlive me.
A self-hosted will
If a traditional paper-based will deposited with a solicitor is too cumbersome and slow, and a digital will deposited with an online company is too unreliable, then we get to the logical conclusion that the only remaining option is to do it yourself - that is, a self-hosted will.
The concept of self-hosting is applied to a variety of technologies but is maybe best associated with websites, where it normally denotes a setup where all the infrastructure is under your control, as opposed to the “usual” setup where you rent server space or similar.
On the face of it, self-hosting a will seems like the ultimate in self-sufficiency and the pinnacle of technical achievement. However, it comes with one large circular dependency - the self hosting itself is in danger as soon as its owner dies. There’s the issue of funding it (an automatic recurring payment will work as long as the account it’s backed up by remains active, which may be enough time to retrieve the will, and a pre-payment is only as good as the remaining balance), but that can be somewhat mitigated. The larger issue is access to the will itself. Any sort of password protection or similiar authentication means that the credentials then need to be stored somewhere safe. An alternative may be to use passwords or U2F keys or similar belonging to multiple people as a method of authentication, possibly with the stipulation that only multiple passwords or keys held by separate people will “unlock” the will.
Then there’s the even larger issue of tampering. An online will which gives access to all the deceased’s credentials necessarily will also disclose credentials for the hosting provider itself. This means that anyone with permission to access the will can also amend it in their favour, and without sufficient logging and auditing (which itself may be open to tampering), there is no way of finding out. This can be mitigated by stipulating that one of the credential holders be a trusted solicitor or similar who will be present during the “unlocking” of the will.
What does it all boil down to?
There are a number of things that digital natives can do to start to safeguard their online lives for the next generation. However, we haven’t yet reached the point where significant numbers of people with fully-fledged online lives are dying and leaving large, unresolved portions of their former lives to be handled by their next-of-kin. For that reason, there hasn’t been anywhere near the amount of thought put into this issue that I think is necessary. At some point, we will reach the time when these issues will crop up with increasing frequency and urgency, and I just sincerely hope that by that time, better ways of handling this inevitable event have been thought through and implemented. I also hope that there are enough new-generation legal experts, solicitors, barristers and judges who understand digital issues to be able to resolve the issues that arise.