When we die, we leave behind not just intangible memories and tangible physical possessions, but a whole host of digital accounts that are somewhere in between the two. Unlike the photos and documents you store in your desk, access after death to data stored with email providers and social networking websites is impeded by several major barriers.
1) Passwords. Unlike the lock on a safe, a relative is unlikely to be able to crack a Google password. Providers like AfterSteps let you store your passwords so they can be passed on to a designated “verifier” who would follow your instructions about disposing of your digital assets after death. “This is sort of the simplest way to do it,” AfterSteps founder and CEO Jessica Bloomgarden told us. But it’s not always in step with those companies’ policies.
2) Policies. As many who have lost loved ones have found, the policies of Google, Facebook and their ilk aren’t simply to hand over account access to the next of kin. The specifics of the policies, however, differ between companies in important ways. Facebook’s standard procedure, after being contacted and presented with evidence of a user’s death, is to “memorialize” the account. Far from handing the account over, this “restricts profile and search privacy to friends only, but leaves the profile up so that friends and family can leave posts in remembrance.” Last week, Google announced a new “Inactive Account Manager” that allows you to designate trusted contacts who could inherit your data (though, again, not the account itself).
3) Laws. There are two flavors of laws that affect digital accounts after death, according to estate planning attorney Jim Lamm. One are the federal and state data privacy laws (like the Stored Communications Act), which treat your accounts as private and protected. The second are federal and state laws that criminalize “unauthorized access” to computers and data (like the Computer Fraud and Abuse Act).
The challenge of these laws comes out in their interaction with the policies of companies like Google and Facebook. Facebook cited the Stored Communications Act in refusing to turn over the account of British model Sahar Daftary, saying, effectively, that this law required them to keep Daftary’s private information private, even after her death. Meanwhile, the Computer Fraud and Abuse Act has been interpreted to turn violations of a company’s Terms of Service into a felony. That means that, technically, you could be breaking the law if you pass on your Facebook password, since their Terms of Service state: “You will not solicit login information or access an account belonging to someone else.”
There are efforts to update those federal laws. In New York, assemblyman Michael Kearns introduced a bill to update laws in the state to empower courts to order email providers and social networking sites to hand over access to accounts of the deceased. Until laws and policies change, individuals will continue to have to make their own way, sometimes violating the law in an effort to pass on their own digital legacies.