dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
974

antdude
Matrix Ant
Premium Member
join:2001-03-25
US

antdude

Premium Member

Apple security rules leave inherited iPad useless, say sons

»www.bbc.com/news/technol ··· 26448158 from »apple.slashdot.org/story ··· hed-ipad

What do you guys think? A good security design?

Blackbird
Built for Speed
Premium Member
join:2005-01-14
Fort Wayne, IN

2 recommendations

Blackbird

Premium Member

said by antdude:

... What do you guys think? A good security design?

Probably, yes. The problem in this particular case is that the heirs have not legally established that they are actually entitled to the password and unlocking... that has to be done by the executor of the estate through probate court (or equivalent), not by a person claiming to be an heir simply through sending a pile of copied papers (death cert, will, etc) to Apple. The unfortunate reality is that security/locking options and features are often provided to users who don't fully understand their implications in some situations (such as the owner's death) and have thus not made provision for that contingency with "trusted" relatives or friends. Then, when that unforeseen event does arise, the other people involved don't have the "keys" and further, don't understand the necessary legalities that will apply when trying to get them.

Put another way, the heirs' problem is not a security issue, it's a legal transfer-of-property issue... and those must be routed through executor/probate whenever they involve "outside" parties - in this case, Apple.

Kilroy
MVM
join:2002-11-21
Saint Paul, MN

Kilroy to antdude

MVM

to antdude
I don't even know why they are bothering with Apple. It wasn't in the article why they were, other than wanting to unlock it. I'm more worried that Apple can unlock it, rather than if they will.

Unless there is some important data on the iPad they should be able to wipe it and use it. I don't see why this is news.

GuruGuy
Premium Member
join:2002-12-16
Atlanta, GA

1 edit

GuruGuy

Premium Member

said by Kilroy:

I don't even know why they are bothering with Apple. It wasn't in the article why they were, other than wanting to unlock it. I'm more worried that Apple can unlock it, rather than if they will.

Unless there is some important data on the iPad they should be able to wipe it and use it. I don't see why this is news.

The article isn't really clear. You don't need an apple id and password to unlock the "device"; just the password/pin if you created one.

Edit: Read the article again.
GuruGuy

GuruGuy to antdude

Premium Member

to antdude
200 pounds per hour, what is that in US$? They're better off trashing it and just buying another one.

CCat
We're all quite mad here
MVM
join:2005-12-06
Wonderland

CCat

MVM

A lot.


pauldenton
join:2003-12-20
London

1 recommendation

pauldenton to Blackbird

Member

to Blackbird
the sons are the executors of the estate.......
quote:
Mr Grant became a co-executor of his mother Anthea Grant’s estate with his brother Patrick when she died from breast cancer at the age of 59 earlier this year.
.
.
The brothers then attempted to restore the factory settings on the device, but were told by Apple that they would need “written permission from Mum”. After they repeated to the tech firm that their mother was dead, Apple asked for a copy of her death certificate, will and a letter from their solicitor. Then Apple made even more demands, asking the family to provide a court order to unlock their mother’s tablet, invoking the Electronic Communications Privacy Act. The order, Mrs Grant’s family said, would cost an estimated £200 in solicitor’s fees and would represent what they described as a “false economy”.
.
.
In February, Apple updated its iCloud terms and conditions which now warn: “You agree that your Account is non-transferable and that any rights to your Apple ID or Content within your Account terminate upon your death. “Upon receipt of a copy of a death certificate your Account may be terminated and all Content within your Account deleted.'
»www.telegraph.co.uk/tech ··· son.html

this actually raises a very serious issue - if Apple's terms are that everything in your Cloud dies with you, then one is leaving one's executors with an insurmountable problem if any necessary financial information is stored in the Cloud on an Apple device

Kilroy
MVM
join:2002-11-21
Saint Paul, MN

1 recommendation

Kilroy

MVM

This IS NOT Apple's problem. If you have your data password protected, in any way, shape or form, it is up to you to ensure your heirs have the ability to access it should you die. LastPass for example has the ability to create one time use passwords. You could create a one time use password, place it in a sealed envelope, and store in a safe place for use in case of your demise. This is something that is going to become more and more common in the digital age. Consider how many of your bills and statements come to you electronically. How will your heirs know what accounts you have?

Blackbird
Built for Speed
Premium Member
join:2005-01-14
Fort Wayne, IN

Blackbird to pauldenton

Premium Member

to pauldenton
said by pauldenton:

the sons are the executors of the estate.......

quote:
Mr Grant became a co-executor of his mother Anthea Grant’s estate with his brother Patrick when she died from breast cancer at the age of 59 earlier this year.
.
.
...Then Apple made even more demands, asking the family to provide a court order to unlock their mother’s tablet, invoking the Electronic Communications Privacy Act. The order, Mrs Grant’s family said, would cost an estimated £200 in solicitor’s fees and would represent what they described as a “false economy” ...
...
this actually raises a very serious issue - if Apple's terms are that everything in your Cloud dies with you, then one is leaving one's executors with an insurmountable problem if any necessary financial information is stored in the Cloud on an Apple device

Indeed, if that story is accurate, the problem involves Apple lawyers' interpretation of the Electronic Comm Privacy Act, and that might escalate the legal sanction required for release above that which normally attends the actions of an executor. It all depends on what's actually in that ECP Act. However, the £200 seems rather "salty" for what should be required... and I wonder if it's really an accurate reflection of what it would actually cost to get the court order. Also, a legal question is raised as to what TOS applies in a case like this - the one in force at the time of death, or a later one Apple issued.
Shady Bimmer
Premium Member
join:2001-12-03

Shady Bimmer to antdude

Premium Member

to antdude
Out of curiosity. . .does anyone know how this would be handled in a physical rather than electronic case?

For instance, if the mother had kept everything in a high-quality safe at home, how would reputable locksmiths handle this?

Alternatively, how is this handled in the case of bank safety deposit boxes?
pauldenton
join:2003-12-20
London

pauldenton to Blackbird

Member

to Blackbird
no £200 is probably a reasonable estimate if one has to get a solicititor to do it

guideline hourly rates for a solicitor (dating from 2010) here (they live in london so the last set, for "london 3" would probably be the ones - £165 an hour for a solicitor with under 4 years...
»www.judiciary.gov.uk/Res ··· 0-v2.pdf

and then there would be some court fees on top

Blackbird
Built for Speed
Premium Member
join:2005-01-14
Fort Wayne, IN

Blackbird to antdude

Premium Member

to antdude
In cases I'm familiar with, it takes a probate court order for lock-boxes to be forced (plus the estate paying the bill for the drill-out of the lock). But in that case, there's no Electronic Privacy Act involved. With something like a national privacy regulation, it may be that the Act doesn't clearly mark out situations involving a device-owner's demise. Such regulations are usually written with other issues in mind, and if there's not a defined exception for death, those being regulated by the Act may demand the standard access legalities specified in the Act must be applied before they will make the protected material available. And because such acts usually exist at a higher legal level than "local" county courts, it may be that the court order required has to be issued at a higher court level as well. That could, indeed, require another round of lawyer involvement at that higher level.

In any event, it's not reasonable to blame Apple for their understanding of such a law, if what I've described is essentially correct. As we've seen countless times, a national-level bureaucracy can and will cause all manner of grief for those not following cautious jot-and-tittle interpretations of their regulations. In that case, Apple would get no consideration for merely having tried to be a "nice guy" and release the data without clear legal coverage.

Frankly, it may well be another example of the Law of Unintended Consequences at work here. Certainly folks ought to convey device access information to other "trusted" folks before their demise (assuming they have such "trusted" folks). But what average person would ever really think in advance that their death might drag in national regulations such as a Privacy Act or even grasp what those regulations might demand, particuarly if the person wrote their will years earlier and much later obtained such a device and was simply using it "ordinarily" at some point thereafter?

The problem is that the Act was probably crafted with one set of intentions in mind, but being an enforceable Act, those subject to its interpretation and enforcement will apply it in all related situations to avoid its sanctions - even in seemingly absurd situations. Hence: the Law of Unintended Consequences comes into play. This is a classic example why life increasingly filled by perhaps well-intended regulation has become a life increasingly filled with Catch 22's and bureaucratic persecution. Yet we continue to elect lawmakers with the express purpose of creating still more laws (laws the legislatures even believe at times they 'have to pass before they read')... and then we boggle at those "gotcha" Catch 22's as they inexorably arise.

GuruGuy
Premium Member
join:2002-12-16
Atlanta, GA

GuruGuy

Premium Member

said by Blackbird:

In cases I'm familiar with, it takes a probate court order for lock-boxes to be forced (plus the estate paying the bill for the drill-out of the lock). But in that case, there's no Electronic Privacy Act involved. With something like a national privacy regulation, it may be that the Act doesn't clearly mark out situations involving a device-owner's demise. Such regulations are usually written with other issues in mind, and if there's not a defined exception for death, those being regulated by the Act may demand the standard access legalities specified in the Act must be applied before they will make the protected material available. And because such acts usually exist at a higher legal level than "local" county courts, it may be that the court order required has to be issued at a higher court level as well. That could, indeed, require another round of lawyer involvement at that higher level.

In any event, it's not reasonable to blame Apple for their understanding of such a law, if what I've described is essentially correct. As we've seen countless times, a national-level bureaucracy can and will cause all manner of grief for those not following cautious jot-and-tittle interpretations of their regulations. In that case, Apple would get no consideration for merely having tried to be a "nice guy" and release the data without clear legal coverage.

Frankly, it may well be another example of the Law of Unintended Consequences at work here. Certainly folks ought to convey device access information to other "trusted" folks before their demise (assuming they have such "trusted" folks). But what average person would ever really think in advance that their death might drag in national regulations such as a Privacy Act or even grasp what those regulations might demand, particuarly if the person wrote their will years earlier and much later obtained such a device and was simply using it "ordinarily" at some point thereafter?

The problem is that the Act was probably crafted with one set of intentions in mind, but being an enforceable Act, those subject to its interpretation and enforcement will apply it in all related situations to avoid its sanctions - even in seemingly absurd situations. Hence: the Law of Unintended Consequences comes into play. This is a classic example why life increasingly filled by perhaps well-intended regulation has become a life increasingly filled with Catch 22's and bureaucratic persecution. Yet we continue to elect lawmakers with the express purpose of creating still more laws (laws the legislatures even believe at times they 'have to pass before they read')... and then we boggle at those "gotcha" Catch 22's as they inexorably arise.

Exactly. In my case, I do have a lockbox at the bank. I have my dad as a signatory on the account and he has a key. In the lockbox is an envelope specifically for him. It contains all banking account info and passwords, passwords for other things he might need, insurance info and phone numbers, etc. I planned ahead.
pauldenton
join:2003-12-20
London

pauldenton

Member

and this is simply not possible with the iCloud.....
said by iCloud T&Cs :
The Service is only available to individuals aged 13 years or older....
.
.
As a registered user of the Service, you may establish an Account. Don’t reveal your Account information to anyone else. You are solely responsible for maintaining the confidentiality and security of your Account and for all activities that occur on or through your Account, and you agree to immediately notify Apple of any security breach of your Account. You further acknowledge and agree that the Service is designed and intended for personal use on an individual basis and you should not share your Account and/or password details with another individual.
.
.
No Right of Survivorship

You agree that your Account is non-transferable and that any rights to your Apple ID or Content within your Account terminate upon your death. Upon receipt of a copy of a death certificate your Account may be terminated and all Content within your Account deleted.

.
.
....... If (a) you are not a U.S. citizen; (b) you do not reside in the U.S.; (c) you are not accessing the Service from the U.S.; and (d) you are a citizen of one of the countries identified below, you hereby agree that any dispute or claim arising from this Agreement shall be governed by the applicable law set forth below, without regard to any conflict of law provisions, and you hereby irrevocably submit to the non-exclusive jurisdiction of the courts located in the state, province or country identified below whose law governs:...........................If you are a citizen of: Governing law and forum: Any European Union country or Switzerland, Norway or Iceland The laws and courts of your usual place of residence
.
.
Last revised: September 18, 2013
hmm - the last part does rather raise the question as to why the Electronic Communications Privacy Act - a US law quoted by apple, has any relevance to this case which solely involves English individuals and apple therefore themselves demand that English law is the only one governing the agreement

Blackbird
Built for Speed
Premium Member
join:2005-01-14
Fort Wayne, IN

Blackbird to antdude

Premium Member

to antdude
Given all the squishiness of what seems to have transpired thus far, and given that Britain does indeed have its own "Privacy and Electronic Communications Act" (or PEC Regulations, as its more commonly described there), one might wonder if there's total confusion reigning between references to that and the US's "Electronic Communications Privacy Act". Or whether Apple has even yet tumbled to the reality that the folks involved are English, and what laws that entails. I get an impression that this kind of thing hasn't really occurred this way before, and everybody's groping their way as they go along. Most folks who actually thought about their possible deaths would probably have just given their passwords and particulars to some family member ahead of time, and the issue would never have entered the legal realm so directly.

There's an old question that comes to mind: "Do you want it done "legally" or do you want it done right?"

dib22
join:2002-01-27
Kansas City, MO

dib22 to Shady Bimmer

Member

to Shady Bimmer
said by Shady Bimmer:

how would reputable locksmiths handle this?

Since the son is now half owner of the safe, the locksmith would most likely open it for the owner at their request. The locksmith should get consent from both brothers... a locksmith can break into any property you own without much to worry about, when they are breaking into things you don't own is where they are liable.