The Grim Reaper & Your Data

Our perception of time when it applies to how long a particular type of technology has been in our lives is a matter of perspective, your age and personal circumstances. Take for instance the smartphone revolution where we were told by Apple, “There's an App For That.” It may seem like the Apple iPhone has been around forever, but it was only launched in June 2007 and it wasn’t until a year later in July 2008 with the iPhone 3G that the AppStore was born.?

The first Google Android phone didn’t arrive until September 2008. Now, in that short time our lives have dramatically changed beyond recognition where we cannot function without our mobile phones as governments, local authorities, organisations and businesses shift to requiring you to have a smartphone to access key services and functionality. That’s less than a single generation for such a massive leap, which has resulted in many people being left behind.

If you were close to retirement age when the app store smartphone revolution truly took off, chances are you didn’t get one as they were quite expensive. Now fast forward to the present day and you are in your seventies, and now you are forced to use a smartphone because your local bank is now a coffee shop and you need to book a doctor's appointment via the NHS app. At least the screen size has grown a bit from minuscule to small, though any arthritis makes the gains redundant. Still, reading glasses are a must, though you still quite cannot work out why every previous mobile phone you had would last for nearly a week before needing to be recharged, while this one doesn’t last a single day.

Let’s face it, the smartphone manufacturers aren’t really targeting people in their seventies or older, yet with an ageing population across much of the globe, maybe they need to seriously consider it. Without support from a younger family member, ideally a grandchild, this age group is quickly left behind with the speed of the advances in mobile technology. Advances such as fingerprint biometric authentication, facial recognition, two-step verification prompts or SMS codes, authenticator apps, one time magic links and more passwords than you can remember, so you write them down. Even if things are explained to you, because it may be weeks or months before you need to login again into that app or online service, chances are you’ll probably forget the password, or make everything have the same password to make life easier.

If throughout most of your working life you didn’t work in an office, or sit at a desk, you probably weren’t exposed to computers and technology, and therefore naturally less confident with it unless you had another reason to spend time using one, like for a hobby. An office worker sitting in front of a computer would easily spend 12,000 hours over ten years using technology. This makes a massive difference compared to someone with limited or no real exposure to a computer.

Yet, the people deciding that everyone must do things using a particular type of technology haven’t seemed to have factored any of this in. Yes, technology is wonderful when it works, but when it doesn’t (which could be for a myriad of reasons) it is frustrating to say the least, or utterly despairing when you don’t understand what is going on. Security features like 2-step verification (2fA), biometrics, voice identification and passkeys are big improvements over just a basic username and password, until things go wrong. Life has a habit of throwing spanners into technology at a given point in time, partly due to the sheer number of dependencies behind the scenes. There is often a list of cloud services from multiple vendors behind most online services and any one of them could have issues preventing things from working. Also mobile phones which are needed for these additional security steps, can be lost, stolen, dropped and damaged rendering them unusable. Internet connections can be unstable, domain name server (DNS) issues, bad mobile phone signals, and dodgy WIFi routers effectively render any online service unusable.

Everything gets far worse though when you factor in cybercrime. Security features that are temporarily not working is one thing, when they are actively blocking you due to malicious changes, it is an absolute nightmare. The same security features designed to protect you can block you from accessing your own account. If the customer support is fully automated and no contact number to speak to anyone, you can be stuck in an endless loop. If the criminals change the mobile number and email address on the account, with SMS based 2-step verification, you are effectively locked out of your account, often permanently. I’ve encountered individuals who have had no way to recover a compromised Instagram account. Frustratingly the recovery options point to either an email or a mobile and both have been changed to something under the criminals control.

Even just forgetting a system password can have serious consequences, especially if encryption is linked to that account. It is quite common for people at work to forget their Google Workspace password if they use a Chromebook laptop, because after setting a password when the account is first created, they are then asked to create a 6-digit PIN code. Years can go by and they never have to enter their password, as entering the PIN is all that is required. Troubleshooting a problematic Chromebook laptop though, often involves a factory reset which only takes a few minutes, but now the PIN no longer works. If a user forgets their password it can easily be reset, but as the laptop is encrypted by default against the previous password, anything stored locally is completely lost. That could be years of personal files!

There has also been a lot of talk over the years about the death of passwords, with them being replaced with more secure alternatives, but the real problem is passwords after death. My grandfather had a fireproof box (similar in size to a shoebox) where he kept all the important household documents like insurance policies, bank passbooks, deeds, etc. If anything were to happen, the rest of the household could open the box and have instant access to all the important contact numbers and account information. Fast forward to today, chances are most of this information is in an online account linked to an email address or an app on a mobile phone.

When my father passed away he had previously lost his last two mobile phones. He knew and had helped hundreds of people during his life, yet we only had a tiny subset of his contacts when it came to arranging his funeral. Many organisations encourage us to go paperless, which is all well and good when things are fine, but a nightmare if an unexpected tragedy hits.

Another area of concern is who owns what, especially with digital products. Subscriptions like Apple Music with access to 100 million songs are gone as soon as the account is closed. Purchased digital music, books and films are not typically transferable and access is blocked without an active account on new devices. There was a case previously where a young music composer died unexpectedly and his family wanted to access his Apple MacBook to share his recent work, but without the password Apple could not let them access his encrypted data. Even if the laptop was bequeathed in a will, Apple could not help.

Amazon even has a dedicated support team at [email protected] to deal with accounts of people who have passed away. Amazon’s own wording is as follows: ‘Once the account is closed all of the products and services accessed through that account will no longer be available across any Amazon sites globally. These products and services include any content such as photos, music, Prime, and books that will also be deleted.’

Data in online cloud services such as email or? cloud storage, without an active or paid account is typically deleted after 30 days. Closing email accounts and mobile phone numbers typically has major consequences as just about every online account is linked to an email address and or a mobile number. Without access to the primary email account or mobile, it is often the case that a secondary email account is used as a recovery email.?

Multiple email addresses further exacerbate the problem as online services and accounts can be tied to different emails (each possibly with a unique password and 2fa) to access. Password managers can help if you have access to the master password (and any 2fa if applicable) though I expect many passwords will be stored in the built-in password managers in a smartphone as well as within any web browsers on those devices.

In the event of the death of a loved one, having access to their mobile phone and being able to unlock it goes a long way into helping manage their affairs. The next best option is access to a tablet like an iPad or a laptop or desktop computer if they had one. Though in the case of sudden tragic deaths like from a major car accident or fire, there may not be a usable mobile phone left (or any other computers).?

A last will and testament may say you have access and control to manage online accounts, but the reality is that without the login credentials or access to the reset email account, there isn’t much you can do. Data protection laws like GDPR aren’t of much help as it only applies to a living person. Many online services will automatically close free accounts after a specified period of inactivity, while paid accounts do the same if a certain number of payments have been missed.

It doesn’t help that many online services state in their terms and conditions that sharing or credentials and passwords is prohibited, as well as transferring the account to another user. Access to the library of music, eBooks, shows and films built up over many years may all be revoked. Some though, do offer access to close relatives on receipt of a death certificate, while some require this to change the status of the account to a read only archive. Hopefully some will revise their terms?

Some suggested steps to take (though may breach terms and conditions)

• Make sure all key bills (including online services) are paid via a joint account or an account that a trusted person is named on the account for administrative purposes.
• Do not shutdown mobile phone contracts until the telephone number is no longer linked to anything important.
• Make sure your will or a trusted person has any device logins (computers, mobiles, tablets, etc) and any PIN codes.
• Use a password manager and share key accounts with a trusted person.
• Set up a backup device (this can be an old smartphone) for 2fa authenticator apps that is synced to the main profile.?
• Backup your data to a USB drive or a cloud service that a trusted person has access to.

Our digital lives have become complicated at an exponential rate and unless some serious housekeeping and planning is done, sifting through the digital remnants of a deceased loved one’s accounts can all too easily be an unbearable burden for the grieving person(s). There are some helpful resources and further reading that may help:

• The Digital Legacy Association (https://digitallegacyassociation.org) has free resources
• https://www.freewills.co.uk/guides/what-is-a-digital-legacy
• https://digital-legacy.apple.com/ https://www.sunlife.co.uk/over-50-life-insurance/digital-legacy-guide/
• https://www.theguardian.com/money/2023/oct/16/how-to-manage-digital-legacy-after-death-will
• And for more information and security resources, see: www.booleanlogical.com