Corpse! of! Yahoo! drags! emails! of! the! dead! case! to! US! Supreme! Court! Should a court-appointed lawyer be allowed to rifle through your email account after you die? The artist formerly known as Yahoo! has asked the US Supreme Court to answer that question for users in the United States. The court, which is located in the country’s capital city of Washington, DC, on the eastern side of the US, has …
This assumes that the email was left on the mail provider's servers. Why? It's just open to abuse by anyone with access, legal or otherwise to the server. Download, delete from server, delete or save locally as appropriate. Backup as appropriate.
You want it on multiple devices? Copy it to multiple devices.
@DoctorSyntax
That's quite an old-fashioned view of email, though, nowadays. For the vast majority, email means webmail, and the concept of downloading a local copy will be quite foreign to them.
I'm a dinosaur, and therefore I use discrete email clients, and fetch my mail down to my local devices using POP3 or IMAP as appropriate, but I'm sure I'm in the minority.
If I pop my clogs tomorrow, my family will be able to get to my emails, but they don't actually know my email account passwords, and they aren't stored anywhere except in my head.
"I'm a dinosaur, and therefore I use discrete email clients"
Thee & me alike. But getting access shouldn't be impossible for nearest & dearest providing you didn't encrypt the hard drive. Just take it out & mount it in another box. It doesn't require a trip to court. There's always a downside to "convenience". Security is one. Inconvenience when you need something out of the ordinary is another.
Not a minority, most phone email clients download the email as far as I know and if you configure POP on them then it will sit there for ever until you delete it from that specific device. I do still also use POP mail with Yahoo because that was one of my earlier accounts and I never closed it down. I am probably one of the few people left in the world that still regularly makes use of Yahoo mail.
I also download to my local device, and then back up to an external HD. This is unreadable until it is powered up. My family know where it is, and how to read it if necessary. Then I delete everything on the provider's server. Nothing is stored in the cloudscape, ever. Job done!
EXCEPT THAT..... What do I actually know about what happens when I delete emails on the server? Deleting files on most systems merely deletes the address, not the data. And that is easily enough recovered. And what about backups? I'd like to think (hope?) that my provider backs up my data until I tell it to stop doing so, but how thorough is that deletion process?
What with software revisions, corporate takeovers and defunct companies, there are probably hundreds of copies of all my old emails lying around somewhere. Somewhere........
Why have you set up Thunderbird or out look lately ? Unless you use advanced settings and manually set things up both set yahoo and gmail up for imap that's why. When you use both for the first time they ask you for your email address and password and thats it unless you use advance settings.
Welcome to the world of the multinationals. Tell me, what is your view of the Microsoft case?
Getting this stuff right, from a legal perspective, is hard. Personally, I would just as soon completely boycott China for their human rights & product safety issues. It angers me that the bigs have been so servile towards repressive governments. But then I remember that my idea of human rights is quite different than that of the management of the bigs--and I CERTAINLY don't want them manipulating the politics of MY governments in that direction.
Makes it significantly more difficult to figure out where to even start on some of these things.
"Tell me, what is your view of the Microsoft case?"
Microsoft have a security model that can require approval from a local data custodian to release data to offshore company entities and in Germany have even employed a third party for this function so that even if they loose the case in principal they will then have the fall back argument that they dont have access to the data. Not to mention that GDPR will likely be in effect before this case concludes and the penalties are potentially vast up to imprisonment of company officers.
In addition you can "bring your own keys" for Azure and O365 so that Microsoft cant get your data at all even locally. Those keys are stored in Thales HSMs that also dont permit cross region or even cross silo access.
As far as I am aware they are the only cloud provider with such a model.
This is also why the US are trying to create new laws to formalise a right to access such data. They know they will likely loose this case one way or the other. Of course the UK are going along with it under the usual excuses - think of the children, the terrorists, the money launders, etc, but the rest of the EU are unlikely to i think.
My ex wife died suddenly at the end of December. We had been divorced for some years but were still friends, and I am the legal guardian of our children, who have come to live with me.
Sorting out her effects has been a chore, as nobody knew her social media and email account credentials, and she didn't write them down.
She had a recent Windows 10 notebook, one of those with no discrete hard drive, just flash chips soldered to the motherboard, for which nobody knows the login, so I've been unable to access that at all - due to the EFI BIOS I can't even boot from a USB Drive or Flash stick so that's essentially useless now.
If she stored her various account details on there, we'll never know.
Thankfully all the banks etc have accepted other means of identification to allow us to close accounts, recover money, sort out her work pension and so on, but we have been unable to access her email, or close her social media accounts.
It's made me realise that I need to keep a written record of things in a place where everybody who needs to can get at them.
"She had a recent Windows 10 notebook, one of those with no discrete hard drive, just flash chips soldered to the motherboard, for which nobody knows the login, so I've been unable to access that at all - due to the EFI BIOS I can't even boot from a USB Drive or Flash stick so that's essentially useless now.
If she stored her various account details on there, we'll never know."
Sorry to hear that. Someone hot on windows might be able to help. EFI Bios doesn't stop you booting from USB. You just need to enable it. If its not encrypted as would likely be the case you can just do a fresh install of windows to access the disk. If it is encrypted then the key gets backed up to OneDrive by default if she logged in via an MS account.
Even if a Bios password is set you can get it cleared at a cost by replacing a chip on the mb in most cases.
Can i suggest you also check all her known emails on haveibeenpwned.com - you might well find some passwords are out there - people mostly use the same or similar everywhere. The underlying lists can be found on bit torrent etc.
And failing that then a company like Vogon (no relation!) will get the data off the disk at a cost.
Hope that helps.
"EFI Bios doesn't stop you booting from USB. You just need to enable it."
You can "DD" a copy of Microsoft DaRT on to a flash drive and you're in.
DaRT 10 supports BitLocker natively in case of encryption.
Also, (I'm not sure of this) but DaRT may be able to get past Secure Boot as it is a Microsoft product.
"DaRT 10 supports BitLocker natively in case of encryption."
Uhm thats great, IF you had the required Bitlocker keys...
"Also, (I'm not sure of this) but DaRT may be able to get past Secure Boot as it is a Microsoft product"
Im not sure how you propose that running a modified OS would help, or what you propose to run, but you can simply disable secure boot in the BIOS.
I suppose if you're using a password keeper (because you're using separate passwords for every login/site, right? Right???) you could put your password locker password in a secure location, where loved ones could get to it if needed. I suppose the ideal place to keep it would be on a metallic strip hidden someplace inside your body, retrievable at your autopsy, but even that one might be a bad solution.
My will is stored at my solicitor's office and I've put a sealed envelope with the master password to both my password managers in with it. The lawyer has the master key but not the password database and at home there's the programs and database but not the password, except in my head.
Yahoo says your loved ones should have no access to your emails when you die, so I think it's best not to tell Yahoo.
"Unfortunately, Yahoo cannot provide passwords or allow access to the deceased's account, including account content such as email. At the time of registration, all account holders agree to the Yahoo Terms (TOS). Pursuant to the Terms, neither the Yahoo account nor any of the content therein are transferable, even when the account owner is deceased."
https://help.yahoo.com/kb/SLN2021.html
"Unfortunately, Yahoo cannot provide passwords or allow access to the deceased's account, including account content such as email. At the time of registration, all account holders agree to the Yahoo Terms (TOS). Pursuant to the Terms, neither the Yahoo account nor any of the content therein are transferable, even when the account owner is deceased."
Account holders may agree. Their executors won't have agreed. Are the executors bound by the deceased's agreement? They'd have right of access to other restricted containers (for want of a better word) such as safe deposits; on what basis can Yahoo hold themselves above this right?
I'm suspicious of the wording "court-appointed estate administrators" who might not be working in the interests of the heirs. They might troll through e-mail accounts searching for words such as "download" (it takes only a second to go through years of e-mail) and counting on earning a commission from a rights-holder or rights-holders shell companies for some sort of out-of-court settlement against the deceased's estate. Illegal? If you can imagine a lawyer doing something, some lawyer has done it. I'd be more favourably inclined if the estate itself or the main heir were to have the access to the account.
I wonder why this is an issue only for Yahoo and not for other e-mail purveyors.
Finally, for other oldsters, do you remember Usenet groups? And how so many groups had FAQs? Every month an updated FAQ would be posted. I noticed in one group that the FAQ was continuing to get posted, but did not contain new info. It was not difficult to find out that the FAQ poster had in fact died more than a year earlier, and that his auto-mailer was continuing to send out the latest FAQ every month. A peculiar legacy.
I'm suspicious of the wording "court-appointed estate administrators" who might not be working in the interests of the heirs.
I'd expect it to mean that the deceased died intestate. In the absence of a Will appointing executors there'd need to be a court order to appoint them. They should work in the interests of the heirs, indeed, they may be the heirs themselves, but as this seems to be in the US, who knows?
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
