Somebody had to Say It
I’ll start this post off with a disclaimer: I am not a lawyer. I strongly advise you to consult a lawyer who specializes in wills and trusts so that when you do shuffle off your mortal coil (in the way, way future) your descendents think of you fondly.
You Don’t Even Have To Be Dead!
All these concerns apply if you become incapacitated, as well.
Or in The US
This is a mostly US-Centric post, so if you do not live in the US or would not be subject to US laws in this area, you’ll need to research the situation where your estate or legal affairs would be managed.
If you are in a relationship without a legally settled status where you live or where you have assets, it’s probably even more crucial that you consult an attorney to maximize the chances of the outcome you wish.
The basic advice, though, is more or less the same: When you pass away or become incapacitated, your family/loved ones will need access to your computers and other such devices, as well as websites and information you protected with a password or other security measure.
Given our past discussions here about the state of computer security (not so great) and the number of websites that hold your personal and financial information that your heirs will need to access, what do you do to make that transition as seamless and least costly as possible?
A Bright Spot?
On July 16, 2014, The Uniform Law Commission passed the Uniform Fiduciary Access to Digital Assets Act (UFADAA): Uniform Fiduciary Code.
When this is final, sometime later this year, it will be up to individual States to decide whether to adopt the the measures of this act. So, as you might imagine, you will need to know how to make it easy for your heirs to comply with any applicable legal requirements. With luck, this Act will make it easier. Because right now, wowza.
[D]igital assets may have additional obstacles to overcome that do not apply to traditional types of property. These additional obstacles in the digital world include: (1) passwords; (2) encryption; (3) criminal laws regarding unauthorized access to computers (including the Computer Fraud and Abuse Act); and (4) data privacy laws (including the Stored Communications Act, also known as the Electronic Communications Privacy Act). UFADAA helps fiduciaries address obstacles #1, #3, and #4, but it doesn’t solve obstacle #2—encryption.
Uniform Law Commission Blog Post. Emphasis added.
It might be illegal for you to access certain of a deceased person’s accounts — even if you have the password.
Do You Have Trust Issues?
I have just made my first ever legal joke. Savor it.
Here we go: In order to make your digital information available to your heirs, you are going to have to decide who you trust with sensitive information. You will have to put documentation where a grieving person is going to find it in a timely fashion. I don’t think you should make them guess nor should you assume they will find it quickly without you telling them where to look.
If you have encrypted data that your heirs or caretakers will need to decrypt, then you must document somewhere your encryption key and the hashes and then you must make the storage location known and accessible to them. I see no way around this.
If you have made out a will and decided who will have a Power of Attorney, then you will have an easy/easier way to open a conversation with the people who will be managing your estate or affairs.
The Ideal World
Ideally, we should be able to present documentation that proves our right to access someone’s digital account when that person has died or is incapacitated. Once that is right is established, we would then be able to have passwords reset and administer accounts as necessary, subject to any privacy concerns that might still exist.
We do not yet have that world. Therefore, we would be wise to make sure our survivors or legal caretakers have the access they need to deal with your demise or protect your assets while you are not able to.
Document your accounts including:
- user name
- Answers to Security Questions
- Answers to other Challenge/Response questions
- Credentials to the master password/file/document/database
We have previously discussed password managers. If you are using one, then, until such time as the situation is more ideal you are going to have to document the master password with the understanding that someone is going to need to access it.
This is NOT something you should do lightly. This is why you should consult an attorney.
What To Document in Your Digital Life?
NOTE: You may already be thinking, huh. I went and encrypted my hard drive (or other media) so that no government entity or bad actor could snoop on my private business. And now a government entity could just subpoena my future heirs or other representative for the keys? This is quite a potential loophole. If you are in this situation, well, see above, IANAL, but you will need to assess the situation your heirs would be in if they could not access the information. You may need to consult an attorney and get advice on whether leaving that information with an attorney would make the information subject to legal protections not extended to non-attorneys.
In addition to websites generally, document these sorts of website/digital information:
- Other investment accounts
- Website domains you own or operate
- Domain registrations
- Nuclear launch codes
- Passwords on individual files or directories
- Accounts you manage(d) for others (parents, children, spouse, significant other)
- Information required to access internet connected devices (phones, tablets, etc.)
- If your device access is biometric (eg: fingerprint), have you set up an alternate method of access?
- Access codes/pins
- login credentials to your desktop and/or laptop
- Your encryption key to encrypted media
- Credentials for any virtual machines your devices run
- Your car, if it’s internet enabled
- Access to other devices controlled by digital accounts
Protect Digital Assets After Your Death — Kiplinger
I’m sure I haven’t covered everything. What steps have you taken?