The media is reporting this week a situation in the US where Apple Inc. is being asked to develop and provide a software tool that will prevent the telephone records and voicemail message history of an iPhone used by one of the San Bernardino gunmen to be deleted after 10 failed password attempts. The reasoning behind this? Not surprisingly, the iPhone records cannot be accessed without the password which died with its owner. After 10 failed password attempts, factory settings are reinstated as standard and all personal settings and phone history is wiped.
All online accounts, whether they be bank accounts, store accounts or social media accounts are personal, protected and secure by virtue of the password system. When the owner of the account dies without sharing their passwords, access to these accounts dies with them. Their digital legacy is frozen in time. Sharing passwords with loved ones may seem to solve this from a practical perspective but legally, logging into a third party’s account using their login and password breaches most organisations’ terms and conditions of use and is likely to result in the organisation locking the account. Facebook and Google+ have created concepts of a legacy contact and digital heir respectively, thereby enabling the author’s materials to be inherited by a nominated third party after the author’s death.
The issue relating to the Apple Inc. request links more into the right to access personal information without the owner’s consent. Prior consent from the owner of the personal information is required for a third party to store, process, copy, alter, retain etc. that personal information. This is a right enshrined in most privacy laws around the world. Providing an individual’s personal information to a third party without their consent is not permitted unless such disclosure is exempt from consent. Assisting law enforcement bodies with their investigations and as part of formal legal proceedings are 2 common exemptions.
The issue here is that the request is not for personal information in the form of digital communications – a right that is possible for a state law enforcement agency in certain circumstances under the terms of the the recently enacted Electronic Communications Privacy Act in California. It is a step back from this. It is a request for software tools to be invented to enable a request for access to digital communications to be made. Potentially this means that your personal information is accessible without your consent after your death even if an exemption does not apply? Will your personal information still be yours? Yes it will, but can you control who you are sharing it with and for what purpose, after you die? If Apple Inc. develop this tool then the answer is certainly no.
mydatafix.com 