Post-Suicide Account Cracking?

An anonymous reader writes "A good friend of mine had her younger brother apparently commit suicide last week. He was a young, promising CS major who was close to being accepted into a very prestigious school. He was very into Linux as well as PHP/MySQL coding. He left absolutely nothing behind for the family as far as a death note or explanation, and there is some possibility that this was all somehow a tragic accident. The family is in a situation where proof of accidental death would change how this was viewed in terms of paying for parts of the funeral. More importantly, some members of the family are hoping to find something, anything, that might explain why this all went down. Since I'm the most computer-skilled person the family knows, they have asked me if I could help them try to find some information. My possible approaches are: his Linux laptop, his university, Gmail And Hotmail email accounts, and a second MySpace profile that apparently has been tagged as private. How ethical would it be to, say, try to crack his root password in a situation like this? I wouldn't attempt to crack a man's account for his wife because she thinks he is cheating on her, as his life is his own business. In death, would you have the same respect for a person's private thoughts? Secondly, If I contacted places like Google, MSN, the university, and MySpace, what are the odds that they would give me access to any of his accounts? I have links to obituaries and such to prove that he is indeed gone. Would it be a matter of not giving it to me (maybe only to the family), or is this something that they would not do at all? Any opinions on if I should do this and if so, how I should go about it?"

I have said it before

[hansraj]

dead people don't really care, one way or another.

Re:

[Bondolon]

Indeed, ethics is generally about social relations between people. One could make a case (maybe) that it's immoral to do this, but the only question of ethics I can see here is that of assisting a grieving family.

Re:

[Atraxen]

True, but I'd take it one step further and say that ethics extends after death (in some ways) when someone's wishes are known. For example, consider organ donation; if the family knows that the person expressly wished for a certain type of burial, there's generally some consideration of their wishes in deciding whether to allow organ harvesting (and I'm not going into the ethics of when to override these wishes - too off-topic).

So, I'd say that if the person never specified his accounts were in a metaphori

Re:

[TheWanderingHermit]

Another example, which might be more germane to this situation, is Mark Twain. There are works of his that are still unpublished and are not to be published until 2010, 100 years after his death. Toward the end his writings became quite dark and his family held on to some with this request because they didn't want a slew of dark works to change his reputation.

In this case, though, he didn't leave any requests where they could be easily found or with a lawyer. It's possible this guy could have left docume

Re:

[electrictroy]

A dead person has no rights. None. All that exists, legally, is the will which the state executes to its best ability. Unless this teenager had a will that said, "All my computers must be destroyed/accounts erased," then what remains of those accounts becomes the property of the parents/guardians. The family can do whatever they want with those items, including asking a stranger to hack the passwords.

Re:I have said it before

[ScuzzMonkey]

Anyone familiar with the American legal system should understand that legal and ethical are not the same thing. The ability to do a thing does not make it the right thing.

Re:

[severoon]

Yes, but in this case, the person-in-question may not have been of sound mind enough to have his wishes respected even in a legal context. In some cases, it is the respect for privacy / individualism / freedom of expression / etc that makes some individuals feel cut off from the world and plays a part in their decision to shoot up a school or take their own life.

I'm not saying that we should do away with privacy or any of the things I mention above. However, sometimes between family members and friends t

Re:

[iamacat]

Dead person does indeed have specific rights. For example copyrights are (unfortunately) preserved after death and assigned to the next of kin or more commonly the employer. The body is protected by law from desecration or medical use which has not been explicitly agreed upon by the deceased.

But more importantly, this young man most probably used his computer and online accounts to communicate with living people. If he was having sex with some girl, she may not want that to be widely known. If he did a PHP

Re:

[sjames]

The personal property would go to whoever it's willed to or the next of kin if there's no will. That includes the laptop and everything on it.

If he has work related files on his personal computer, those naturally were the employer's property and remain so. In that case, his (now former) employer may appreciate having them. The only way that would happen is if the family accesses the system.

Overall, I'd say if the family wants access to the laptop that is fine to bypass the password unless the deceased l

Re:

[aliquis]

Exactly, to late to do or say something to him, to late for him to care about what happens with anything.

Personally I would be all ok if someone read all my notes, my e-mail, and whatever. Somehow I would actually be glad if someone took the time to look thru it.

And if I would go encrypted disk I'd probably store my password so it could be found somewhere.

But his computer is one thing, various services another. To get into his personal files may not be so hard and are probably possible to do, to get into va

Re:

[ckaminski]

If you have a death certificate and are next of kin and can reasonably prove the account belongs to who you say it does, they probably do not have a choice. A subpoena could probably compel them to provide you with access.

But that's a lot of "ifs".

Re:I have said it before

[Applekid]

A subpoena could probably compel them to provide you with access.

From the question it seems like it's related to a life insurance policy that doesn't pay on suicide, which is the norm. So, the family ought to do a cost-benefit analysis about renting lawyer time for said subpoenas versus getting what they stand to gain by proving it wasn't a premeditated suicide.

Re:I have said it before

[bryanp]

From the question it seems like it's related to a life insurance policy that doesn't pay on suicide, which is the norm

IANAL, but in many states life insurance still pays off on suicide as long as the policy has been in effect for a specific length of time (2 years in my state) and the death didn't involve a crime (OD on cocaine being a classic example).

Re:I have said it before

[bechamp1]

Unless there's evidence that a person purposely overdosed on cocaine, the death would probably be ruled "accidental".

I spent a morning on a coroner's jury hearing inquests a while back, and it was kinda interesting.

Here's a description someone wrote up of their experience, and it was pretty similar to how mine went:

http://www.omnux.com/kvandivo/jury/ [omnux.com]

Re:

[moderatorrater]

Just don't forget to factor in the additional peace of mind of knowing that he didn't kill himself, or even knowing for sure either way. That can be worth a lot of money, too.

Re:I have said it before

[rtb61]

The subpoenas should not be necessary. If you are the next of kin and heir to the deceased estate, the accounts are now yours, the computer is yours and all information there in is yours. So simply gain permission from the current owners and gain access. However if you are doing it for legal reasons be careful that your actions do not contaminate the evidence. It is most likely best for the family to seek the assistance of the police in further investigating the incident and ensuring any evidence uncovered remains valid.

Re:I have said it before

[casualsax3]

Doesn't anyone remember this? http://yro.slashdot.org/article.pl?sid=05/01/12/1513231&tid=158&tid=215&tid=123&tid=17 [slashdot.org]

Steal his identity

[KevMar]

Lots of options here.

first try to crack the passwords on his machine. If you can get any passwords in plain text write them down. He may have reused them. If you can get into his profile, its possible he set his cookies to auto login to his websites.

Next try to get into his email. Call the provider and ask about your situation and find out what the rules are with out ever telling the operator your name or the account name. If the info they give you will not help you, hang up and call back pretending to be the deceased. They dont know he is dead yet.

Get the birth cert, social security number, phone numbers and addresses (current and past), birthdate, drivers lic, mothers maiden name. Try calling from his home phone, or be near that phone when you make your call. Just pretend to be an average user that cant get into your email. Reset the password.

Once you have the email account under your control you can just request a password reset from most of the other services.

Basicly steal his identity, if they cant prove you are not him its hard for them to not let you in. Just play dumb. Dont say you forgot your password, tell them that your email is broken because your account won't work.

Re:I have said it before

[monkeySauce]

Not it isn't. Plenty of life insurance policies cover suicide, but usually not in the first 1-few years the policy is in effect.

My question is, why would a young unmarried person have a life insurance policy at all?

Re:I have said it before

[KillerBob]

And yet... for some reason... I have life insurance.

Funny thing, that. It's a matter of personal preference. I do have a reason to have it. Whether you agree with it or not doesn't matter, does it? It's my money, after all.

Besides which, how do you know that I'm the only signer for my student loan? It's possible to get a co-sign on something like that, if you go through a bank. Which, incidentally, you may have to do if the gov't won't approve you for it for one reason or another, like, say, you have too much wealth accumulated (material assets, specifically artwork, in my case), or you come from a family which is too wealthy (also the case).

If you have a co-sign on your debt, then they can most certainly be held accountable for it, even if you happen to die.

Re:

[msuarezalvarez]

You have probably never been in actual need.

Re:

[Bastard of Subhumani]

I know for a fact that Mutual of Omaha certainly does pay out on suicide

Presumably not from personal experience?

Re:I have said it before

[johndiii]

From what I've read about similar cases in the past, you would need a power of attorney from the individual in question to get access to things like gmail and hotmail accounts. If he had a will, his executor might be able to get in.

A subpoena would probably get you in, but a court is not going to issue one just because a person is dead and you want to make the family feel better. If there is some grounds to suspect some kind of criminal activity, or that his death might be murder, a subpoena might be issued - but it would get the police into those accounts, not his friend. If the friend could think of some grounds to sue his estate, discovery might require access to the accounts, and generate an appropriate court order. But for the case as stated, he's likely out of luck.

I've left passwords and relevant access information so that this is not an issue. I do not have a problem with my family getting into my mail accounts, for instance, and they might need to pay some final bills. Some people, on the other hand, would have a problem with this. The accounts should not just be open to anyone who can prove that they guy is dead.

I'm not a lawyer, of course. :-)

Tragic tragic waste

[Hognoxious]

I've heard of such arrangements, but they didn't involve burying it.

Re:

[PlatyPaul]

True, but you may choose to honor the person's wishes as you previously honored their corporeal being. Your legacy is still you.

Re:

[MightyYar]

Dear internet community:

If I should apparently commit suicide and anyone has any reason to believe that it was not in fact suicide, please feel free to root through my shit. My passwords are all 12345.

Now hold on while I go get me some autoerotic asphyxiation.

Re:I have said it before

[ProfessionalCookie]

It's all the other people that have email in his inbox, personal messages on his myspace etc. Breaking into someone's account, dead or not, doesn't just involve them- it involves everyone who trusts them.

Unethical.

file a petition with a judge

[thrillseeker]

a court order will streamline all this for you

Re:

[ari_j]

I agree. Once someone in the family is formally appointed as his personal representative (whether because that person is named executor in his will or because that person petitions a court under the appropriate laws of your jurisdiction), get a written agreement with the personal representative as to what you are to do and the means you are to employ in doing it. Present a copy of the appointment and the agreement. Nobody is going to let you in based on the URL of an obituary, but with a photocopied cour

Re:Bad idea

[Miseph]

It's actually a bit gray. If the deceased were not so then you would be entirely correct, as this would be unsolicited system intrusion. However, upon his death his possessions, including his various passwords and access to his accounts, became the responsibility of the executor (one would assume that either the mother or father took on this role, as it would be an exceptionally odd thing for a 21 year old to actually write up a will stating otherwise), who has since requested that the intrusion be done on what is, essentially, their property.

What shocks me is that this was ruled a suicide without an inquest going through all of this already. That is a very radical conclusion to come to, and one with (as stated in the story) some pretty serious legal and financial ramifications; happy successful people don't just off themselves for no reason and without any sort of note or indication that things were not going quite so peachy as believed i am surprised that no investigation has been done if only to rule the possibility that it's an accident.

Do it.

[sm62704]

Your friend is gone; he no longer owns anything. His worldly possessions, including his accounts and passwords, belong to those he left behind. They have asked you to open the locked box, open it.

There is no ethical delimma. You are being asked to open something by that something's owner. NOT cracking passwords would be wrong.

It's not that simple

[mario_grgic]

There is no evidence yet that the person didn't desire to make some things private and their wish should be respected even after death.

You are making a mistake that because someone is dead (and hence obviously can't care) implies that they didn't care when they were alive.

In absence of legal will it is hard to tell what the desire of the person was, but if someone wrote in their will that they want for example their laptop destroyed after their death, it would obviously make it un-ethical to ignore that wis

Re:

[Machtyn]

It is similar to if the person left a locked box behind, or an even better analogy, a bank deposit box. The next of kin would show up at the bank with the appropriate documents showing the deceased is dead and they are the next of kin and the bank would oblige to open the box.

Re:

[mpe]

Your friend is gone; he no longer owns anything. His worldly possessions, including his accounts and passwords, belong to those he left behind. They have asked you to open the locked box, open it.

They probably actually belong to his "estate". If he made a will then it will explicitally list who the executors of his will are. Executors of a will have something similar to "power of attorney" when it comes to distributing a person's estate. Even if someone died "intestate" their estate still exists, where th

Cracking root password not necessary

[pipatron]

If you have physical access to his laptop, you can just boot with any linux live cd and mount the partitions without any access control. This will not work if he is using encryption, but unfortunately, few people do.

Re:Cracking root password not necessary

[usermilk]

Also, once you have access to his laptop files it is highly likely that he is already logged in to his social networking sites, gmail, hotmail, etc. If you're lucky he might have even saved the password.

Re:

[Shadow Wrought]

Google also tracks all sorts of web usage statistics for a logged in user, as well as from an IP standpoint. If you can get to the web the way he did you can probably find a lot of information on his previous searching habits, too.

Re:Cracking root password not necessary

[matt me]

Passwords in Firefox and Thunderbird are not encrypted, merely obfuscated. in edit / preferences / security / saved passwords in firefox it will display all passwords saved.

Re:

[tgatliff]

Exactly... I doubt he encrypted the partition, so if you just bring up the OS in single user mode you can pretty much get whatever you want. You can even reset the password if you choose.

Even if he did encrypt his partitions, chances are he put the master key on a USB key somewhere. I suspect in his irrationally condition he was not thinking about proper security protection...

Finally, I probably would try to brute force his root password just to find out what it was. It might help give you insight into h

Possible account access from laptop

[Digital_Quartz]

As the parent said, booting the system from a live CD will let you in. If this person used Firefox's password manager (and assuming he didn't set a master password), you can reset his account's password from the live CD, then log into the laptop as him, and use Firefox to connect to hotmail, gmail, etc... You could even use Firefox's "Show Passwords" to recover the passwords, if needed.

No need to crack root...

[Nutria]

Just boot it with a LiveCD, and it's all yours.

Re:

[martijnd]

Then try to get Firefox to start up with the original profile. You might be able to automatically login to his Gmail/Hotmail etc accounts.

It's illegal

[ta bu shi da yu]

I'd not try to crack online services. His Linux laptop is fair game though. In fact, probably not that hard to crack. Just boot it in runlevel 1, then change the password.

Re:

[tgatliff]

I agree... Also, why try to "crack" his online accounts, as a simple court order can give you easy access to these. And I dont think that getting a judge to do this for you would be very difficult unless the guy specifically expressed he didn't want this to happen...

Don't bother

[bconway]

How ethical would it be to, say, try to crack his root password in a situation like this?

Take 5 seconds to boot into single-user mode, or mount the disk elsewhere sans password.

yes, but with conditions

[whitroth]

I'd say yes... but with sharp conditions: the *only* thing you look for are his words that might relate to his death. No just wandering around, looking for pr0n, or anything else. Intimate talk with someone... that's a *very* gray area, since loosing someone could have pushed this... or not.

You, personally, should you take this job, should *only* tell *anyone* what you found that was relevant, and nothing else.

Ever.

            mark

Re:yes, but with conditions

[eln]

If this guy was any kind of good person at all, I'm sure he would have wanted to share his porn collection with the world after he was gone. Sure, maybe you shouldn't tell anyone where it came from if it's got porn featuring midgets, grannies, horses, or especially all three at once, but you should still post it on Slashdot^W^W^W^Wgive it to his close friends.

Re:

[jafiwam]

I would think the same code that applies to dealing with a child's computer when you are helping the parent would apply here.

In that situation, I always ask "how much do you want to know?" and let them decide if they want me to reveal the particular flavor of porn or whatever else they were in into.

I've never had a parent say "i want to know", it's always "fix it and let them keep their privacy".

That said, the goal is not just to recover a 1099 form or something, the goal is a peek into what someone was thi

Providers providing passwords posthumously

[ArcherB]

, If I contacted places like Google, MSN, the university, and MySpace, what are the odds that they would give me access to any of his accounts?

There was a situation similar to this where a soldier died in Iraq or Afghanistan and had emails to his parents on his Yahoo Mail account that were not sent yet. His parents wanted access to those emails but Yahoo refused to give the password up. I'm not sure how that one ended, but I believe that Yahoo gave in once the press got involved. Maybe google will help me out here.

Re:Providers providing passwords posthumously

[ArcherB]

Google is your friend! Here are some links to the story:

Slashdot [slashdot.org]

Another [slashdot.org] Slashdot.

The Conclusion [detnews.com] to the story.

I've often wondered about this myself

[AbRASiON]

What if I were to die in an accident or by my own hand or someone else?
So many of us have our thoughts, feelings and memories digitally tied up in text, chat logs, emails etc.

Is it ethical for someone else to have it? Yes it was meant to be private but that person is now gone, you could lose valuble memories for the rest of the family if pictures are not found.

Example, I'm 30 and obviously a dork / geek (look where I'm posting) - the number of analogue photos of me after the age of 10 are slim at best, the

Go for it.

[Rob T Firefly]

As I see things, continuing to keep his secrets would not help anyone, while revealing them has a chance of helping those he left behind. I say, go for it.

One document that's left for my family should something happen to me contains all my logins and passwords, as well as contact info for my most computer-able friends who will know what to do with it all. Your unfortunate situation would not have occurred had that person done something similar.

Authorities

[Mushdot]

If the family don't think it was a suicide, surely the authorities would be brought in to investigate further, or have they already closed the case as a suicide?

As for accessing his online accounts, again probably only the police would be able (if at all) to access that information.

If you saw your friend again

[Unlikely_Hero]

If you saw your friend again, would you be able to explain why you did it? Would he agree with your reasoning or would he feel you had violated his sovereignty? You can still respect him in death, what would he say?

Re:If you saw your friend again

[Nimey]

If he saw his friend again, he'd be more worried about protecting his braiiiins.

Re:

[account_deleted]

Comment removed based on user account deletion

Two possibilities

[GlobalEcho]

Well, if it was suicide, and there was anything he didn't want people seeing, then he had his chance to delete it. If it was not suicide then I think you have to tread more carefully, but in the end the dead have no right to privacy (or reason to care).

For FSM's sake, though, take a moment to "accidentally" delete his porn and such while you are going about this. That's just basic courtesy.

IANAL...

[gbrandt]

...but...

The belongings of the deceased become part of the estate. The estate, with a lack of a will, can go either to the 'state' or to the next of kin (depending where you live). The 'state' usually takes its taxes and give the rest to the next of kin. This means that the laptop and accounts now belong to the family (barring the EULA on myspace and google which, correct me if I'm wrong, state that the ownership resides with them). This means that you are cracking a laptop for an OWNER that no longer has a password (forgotten it, so to speak). There is no ethical issue here.

Gregor

simple

[DragonTHC]

mail or fax a copy of the death certificate along with the police report to whomever he had an account with. Explain the situation and I'm sure they will release the account to his parents.

Getting rid of passwords

[ScepticOne]

Boot Linux with init=/bin/sh, remount the root partition to readwrite, edit /etc/shadow to change the root password to be blank, remount / to readonly, reboot. If you login as him (similar method to blank his password), you might find that firefox (or konqueror if he used that) is remembering his passwords and logins.

This reads like a sociology experiment..

[Tominva1045]

This reads as if it were an attempt by a person working a maters's thesis to determine if a pro-linux, pro-privacy crowd would stick with their principles or instead defer to the humanity of helping a family get over a tagedy. Facinating...

Good qestion

[broothal]

I don't have a good answer to your dilemma. However, it made me think. What is the best way to implement a Dead Man's Switch [wikipedia.org] on personal data (laptop, online accounts etc). I for sure have some stuff that I wouldn't want anyone to see - even if I was dead (I was young and needed the money).

BTW - Am I the only one having problems with the new Reply box? The nifty ajax based "preview post" always hangs and I'm forced to use the old one.

Do it

[RiffRafff]

...this kind of stuff happens all the time (maybe not the suicide aspect of it). People die and their spouse has no idea how to access their financial records, etc. I've been called upon to dig that stuff out, too. I have no problem with it.

I mean, after all, they're dead.

Everything in Writing

[necro81]

If you do contact Google, MSN, etc., don't do it through electronic means. Don't even do it over the phone. Do it in writing. Yes, actual letters on paper sent via (registered) snail mail. Include copies of the death certificate, obituaries, etc. Don't use your name and address - you are nobody as far as legal standing is concerned. Channel all the communications through one of the parents - have them sign the letters, use their name and address.

Not to be indelicate...

[syntap]

A good friend of mine had her younger brother apparently commit suicide last week.

... but that sounds like a lot of words to describe a hit job. The political correctness is awesome though!

sanitize his history and records

[jollyreaper]

In the military, there's the tradition of cleaning up a dead guy's locker before sending it home to his next of kin. Remove all skin mags, letters from local girlfriends if he has a wife back home, that sort of thing. Get rid of anything that might make them think less of the dead, they're already broken up about it as is. I'm sure the last thing this kid's family would want to find out about is his furry porn collection.

Re:

[mckinnsb]

I would agree with the parent post.

Understand that if your going to crack into his laptop or recover his account information for his online services, you will be acting as an arbiter of knowledge (granted that you have permission) concerning the final moments before this person's death.

A year ago my aunt committed suicide, and my mother asked me to crack into her laptop so that she could feel closer to her sister and understand more of what she was thinking before she died. I thought about it for a lon

Re:

[Schnapple]

Should everyone think less of JFK if he was a furry porn freak?

Should they? No. Would they? Uhh... yeah. J. Edgar Hoover has been rumored [straightdope.com] to have been a cross-dresser and it basically ruined his image forever. Nevermind that apparently it's not true, people just accept it to be true and that's basically the same thing (especially since people tend to take Wikipedia as gospel these days). It was even featured in one of the Naked Gun movies (people tend to take what's in a movie as the gospel as well).

Re:

[Bob The Cowboy]

Absolutely.

Go read "Speaker for the Dead", by OSC.

The truth of who someone was is important, and every scrap of that truth matters and will help you better understand them.

The Executor fo the estate...

[penguinbrat]

Someone should have been made the "executor" of the estate or what not, when I had to do something very similar with my Uncle that passed away - for those that had the keys that were needed, a simple explanation of the situation *AND* the executor waiting in the wings to write a letter/etc.. is all it took. The most I had to go was one time actually having to get a letter - most places took my word on it, including a FRY's electronics store that switched the warranty and everything to my name on an expensiv

is police investigation active?

[Anonymous Coward]

Its not legal to meddle with evidence.

I call BS

[haakondahl]

I don't believe you. If this is actually a questionable case, the Police certainly know people who can do this, and they have legal advice. If you are on the level, you're going to need more than a lawyer.

Gmail, Yahoo, etc shouldn't tell you

[adam613]

The problem is, with free email services, there's no real proof that any given account belongs to a certain person. There are some interesting social engineering implications here...I'm envisioning calling up the Gmail people and claiming to be attempting to retrieve the account of someone who recently died ("I have the death certificate and everything!") when said account really belongs to someone else...

Rainbow Tables

[JumboMessiah]

First off, sorry about the loss. Even if the person isn't close to you personally, seeing how it affects the family is bad enough.

My advice would be to start with the laptop. Boot it off a rescue cd or USB stick and grab all the personal account (including root) md5 hashes out of the /etc/shadow file.

Then run those hashes through a rainbow crack to try and get some clear text representations of the hashes. Info on Rainbow Tables, here [wikipedia.org], here [lwn.net], and here [ethicalhacker.net].

Boot the laptop to a prompt and try all the clear text re

Potential can of worms.

[PeanutButterBreath]

Would snooping around on your laptop or rifling through your e-mail accounts allow someone to "understand" you? Are you confident that it would portray the facet of your personality that you wanted others to see?

Obviously, this is a sad situation. I lost a sibling to suicide and the bottom line is that I don't think that any satisfactory answers can be had in a situation like this.

Whether or not the privacy of the deceased should be respected might be an ethical dilemma. But I think that if we are realistic about our own selves and what we choose to share with friends, family or no-one at all, we have to admit that breaking into this mans files would almost certainly be a violation of his wishes, and likely raise more questions than it answers.

Absent some purely administrative function like settling his accounts, I would not go this route.

Gmail and all others have a process

[RobbieCrash]

Gmail has a process for this, as do all other freemail services. Gmail's is Here [google.com] Googling for the others policies will yield results for the others as well.

What Google requires for this:

[whoda]

1. Your full name and contact information, including a verifiable email address.
2. The Gmail address of the individual who passed away.
3a. The full header from an email message that you have received at your verifiable email address, from the Gmail account in question. (To obtain the header from a message in Gmail, open the message, click 'More options,' then click 'Show original.' Copy everything from 'Delivered- To:' through the 'References:' line. To obtain headers from other webmail or email providers, please refer to http://www.spamcop.com/help_with_headers/ [spamcop.com])
3b. The entire contents of the message.
4. A copy of the death certificate of the deceased.
5. A copy of the document that gives you Power of Attorney over the Gmail account.
6. If you are the parent of the individual, please send us a copy of the Birth Certificate if the Gmail account owner was under the age of 18. In this case, Power of Attorney is not required.

Speak to a lawyer.

[Carik]

Seriously. Speak to a lawyer, and then recommend a professional data recovery company to the family. You do not want to get involved with this. Best case, it turns out there's proof it was accidental. I'm not sure how that could be proved, but let's assume it was.

Worst case, you find evidence of... something. Drug use, criminal activity, involvement with a cult, something like that. Whatever it was, it drove him to suicide. Now you're in the position of telling the family that their son/brother was doing something they wouldn't have approved of. Yes, they may be glad to know what really happened, but you'd better believe that things are going to be awkward with the family from now on.

Or, possibly even worse than that... what if it turns out it was something the family did? Even if it wasn't anything illegal or even dishonest... do you want to be in the position of telling the parents that something they did caused their son to kill himself? I wouldn't. I wouldn't want to do that to my worst enemy, let alone people I liked.

Speak to a lawyer to find out the legal issues and what is needed to get information from various hosting services, then suggest that the family contact a good data recovery firm. Have them hire a lawyer to get the data from the hosting services. No matter how much you want to help, restrict it to helping them find professionals to get the data, don't try to do it yourself.

More Crime...

[Maljin Jolt]

Dear anonymous reader,

Your "good" friend may have murdered her brother as well. From what you say, a suicide is unlikely without some strong reason and without death note. If some information related to such crime is to be found on his account, not only you could be involved in murder case, but you may be in life danger yourself knowing some key information about it, just in case your "good" friend wants to clean up all traces.

Don't contact GMail, Yahoo, etc.

[rjamestaylor]

You'll just invite delay and trouble by contacting service providers. Instead, change his laptop's root password (it's easy: at grub edit the default stanza and set init=/bin/bash and then boot; once in, use "passwd" to change the root passwd; next use "passwd username" to change his user's password; using the rescue environment is slightly more complicated). This assumes he is not using an encrypted FS, which is likely.

Once you can boot into his user account, run the mail client(s) he has setup. They likely have the passwords stored. Voila, no need to contact the service providers.

Ethical? Well, you'll want to check with his heirs, first, but assuming there is no resistance on that front, go for it. It's called archeology when we do it to the Pharaohs.

Re:

[PhotoGuy]

Just another tip; before overwriting any password, save the old /etc/passwd and /etc/shadow, in case you do want to brute-force the password later. His login password might be the same as the password he uses for email or other accounts that you otherwise couldn't crack easily. (It's easier to brute force a local /etc/shadow than a remote web site.)

No victim, no crime

[ClientNine]

Your ethics in this case extend to the living, not the dead. "First, do no harm..." might be a good motto here. You are going to be mucking about in some content that might not be what anyone is expecting, but there is a story there and the living want it told-- at least to them.

So long as you are discreet and have the consent of the family, do what you need to do to bring them closure.

I've lost a child. I can assure you that it is important to the family that the tragedy not be a pointless one. A tragedy happened, and at the very least they want to know that they handled it well, that perhaps they are wiser for it, SOMETHING. It's called closure, and it doesn't ease the loss but it does help with the frustration.

After my best friend killed himself

[Orion Blastar]

his wife and family asked me to get into his Yahoo account and ICQ account. There was a secret answer that either resets the password or reveals the password. This was in 1999 so maybe security has changed. The user sets the secret answer. His was the original middle name of his mother. His family gave me a copy of his birth certificate and I got the answer off of it and got into his account on Yahoo and gave the password to his wife and reset his ICQ password and gave it to his wife as well. We couldn't find anything that triggered the suicide. But on his computer the police found in his web cache that he visited web sites about suicide and got an idea from one of them to use a shotgun on himself. He bought the shotgun, and left a credit card receipt in the box, according to his wife who told me what the police found.

He was a brilliant C++ programmer and I had forwarded emails to him about jobs, and found that a year's worth of job possibilities and recruiter email hadn't been opened up and looked at by him. He just moved it to a different folder. Had he responded to any of them, his chances of finding another job would have been better.

I'd explain more but it is too painful to talk about. There were alcohol and drug related abuses as well in his life. He drank a whole bottle of vodka before killing himself. He ignored phone calls and emails for months, and I couldn't contact him.

Oh yeah if he uses Firefox, there is a reveal passwords option in the tools/options/security/show passwords box. You might be able to see what passwords he used, unless he wiped them out and also cleared his password history.

Thoughts...

[Bert64]

I doubt that gmail/hotmail/myspace etc will give you anything, tho if the death is suspicious the police could contact them.

You wouldn't need to crack his root pass, you could just mount his drive in another machine and read his data from it, or change the password, assuming he hasn't encrypted the drive.

You might be able to get into some of his accounts using information pulled from his laptop, and once you have one of his email accounts you might be able to get into other things using reset password links etc..

Also, since you're working for his family, if he's used typically lame "security questions" like mothers maiden name and first pet etc, you should be able to get that information trivially.

In military service...

[Deadstick]

...when someone is killed in action or dies in any other manner while away from home, his personal effects are examined by an officer before being sent to the next of kin. The official purpose of this, and the legal justification for it, is to recover whatever government property the decedent had issued to him -- but the officer, in a totally off-the-books manner, also removes the things his survivors wouldn't want to get back. And in an overseas military environment, there are lots of those.

I'd suggest something similar. Ask the probate judge to release the computers to a designated consultant, maybe a family friend, who has the technical chops to bypass the passwords (which, as others mention here, is not that big a job) and whose judgment they trust to preserve the decedent's privacy while he digs out anything that might help them.

rj

when my daughter was murdered

[drew30319]

My daughter was murdered by her ex-boyfriend two years ago. I had recently given her a laptop in preparation for college and after the police were finished inspecting it for clues it was returned to me.

Fortunately she had stayed logged in to her myspace account and I was able to use the "reveal asterisks" hack to reveal her password. That password led to other accounts & email accounts which then led to more passwords.

Eventually I could access everything - to include the killer's accounts. It was very helpful for me to be able to know that my daughter was exactly who I thought she was and at the same time gain insight into the punk that murdered her.

If there is the opportunity to give your friend some closure then I don't feel that a moral dilemma exists. The dead are just that... dead. The ones that are grieving and in pain are the living. If you can do something that may assuage their grief I feel you should.

Just be aware that what might be revealed has the potential to cause more pain - but that's really your friend's decision.

Good luck, and my condolences to your friend.

Thoughts from a coroner

[Pobjoy]

After reading the post and some of the replies I wanted to try and provide some insight on a few things. First of all I should mention that I'm a coroner in British Columbia, Canada, so not everything that applies here will apply in other jurisdictions. However I hope I can still be of some help. In regard to suicide vs. accident, there is typically a presumption against suicide and the coroner or medical examiner should have some substantial evidence if they are going to rule the death a suicide. Having said that, suicide is a lot more common than most people believe. For example, British Columbia has a population of a little over 4 million and we see approximately 500 suicides per year. Contrary to what some people are suggesting there is usualy no suicide note. Also, the person is not always known to be suicidal or even depressed. Sometimes a suicide comes as a complete surprise to family and friends. I would not say that this is the norm but it definitely happens. Evidence of a suicide can take several forms. Ideally there should be a history of some kind to support that the death was a suicide but I have had cases in which the circumstances of the death were such that it was unreasonable to conclude that the death was anything other than a suicide, even though the person had no history of depression, suicidal ideation or behaviour that suggested they might harm themselves. As far as the information on the computer, I have taken information from people's computers and in one case seized a computer to get further info from it. I do not see an ethical issue with this if it will help to determine the manner of death. My only suggestion is that the coroner or medical examiner should perhaps be contacted to see if they are willing to do this. They may not be willing to get involved if they feel that they already have sufficient evidence to classify the death. Also, I do not know if the coroner/ME in your area has the legal authority to do this. Still, if the family strongly believes that the death is an accident and not a suicide they should talk to the coroner/ME about their concerns. When family members have raised such concerns with me I have found that sometimes they have very useful information or insight that can have a significant impact on my investigation. Other times it is clear that they are just not willing or able to accept the truth. As far as legalities, I can tell you that here in BC (and I suspect in most cases) it is the same as most people have stated - the things that belonged to the decedent now belong to the estate. The executor or legal next of kin will likely have the legal authority to give you permission to do what you are talking about. Having said that, I will give the standard IANAL disclaimer along with a reminder that laws can of course vary from one jurisdiction to another. NOTE: sorry about the wall of text. This is my first Slashdot post and I haven't yet figured out how to make it appear in paragraphs the way I wrote it.

Re:

[ta bu shi da yu]

I would have thought the executor of his estate would have access to this sort of information.

Re:Gmail, Hotmail, MySpace

[tgatliff]

I disagree... A simple court order would open up any account they want. Why people go to these companies and ask "permission" is beyond me... That is why our legal system is there, and it is quite good at getting what it wants...

Re:

[greenfield]

A simple court order would open up any account they want. Why people go to these companies and ask "permission" is beyond me...

Asking permission => Free

A "simple" court order => Not free

Re:Gmail, Hotmail, MySpace

[ThirdPrize]

A friend of mine died last year and, as long as you can provide the proper paperwork, his family got access to his hotmail account. i guess as long as they can tie the death certificate to the person in the e-mails then its not a problem.

Re:Gmail, Hotmail, MySpace

[rijrunner]

http://mail.google.com/support/bin/answer.py?answer=14300

Re:Death certificate

[smooth wombat]

You beat me to the punch. Having worked in the financial sector for a time, a death certificate should do the trick.

The catch will be is if the person signed up for accounts but didn't use his real name, address, etc. Then you may have a problem. Otherwise, submitting the certificate (more than likely official copies) should suffice to prove to the various places that the person is truly dead and you are doing a port mortem of his accounts.

The family should be the ones contacting these places as they are next of kin.

I know it's asking for trouble, but this is why all your accounts including username and password should be written down and stored in a separate location. Regardless if it's suicide or getting run over by a wildebeast, someone, somewhere, will need to be able to get into your accounts to clear things up.

Re:

[smooth wombat]

You could always entrust that process to someone who you believe would carry out your wishes.

Then again, that doesn't take care of your online accounts. They would need to take care of those as well. Which goes back to what I previously said: write down your information so someone can get to your stuff. In your case, the person would log onto your accounts, delete the information then close the accounts.

Re:

[Jaqenn]

There were a few previous ask slashdots on this:

http://ask.slashdot.org/article.pl?sid=07/01/10/0014220 [slashdot.org]
http://ask.slashdot.org/article.pl?sid=06/09/23/2334218 [slashdot.org]

If I recall the consensus was that anything you can hack together in software has a good chance of failing. Plus, honestly, do you really want to have tons of personal information waiting to go out any day that you forget to push the 'I'm not dead' button before you fall asleep?

Go get a safe deposit box, fill it with stuff, and leave the key

Re:

[JustinOpinion]

My condolences to the family.

I would say that a death certificate is a necessary, but by no means sufficient, piece of evidence.

There was recently a death in my extended family. I have seen how, even with a death certificate and all official documents (police reports, etc.), it still took literally years to finalize routine things (closing accounts, transferring assets, dealing with insurance, etc.). So it turns out its quite long and complicated to even just do the "normal" things (that must be done

Re:

[evilandi]

A death certificate from the next of kin opens many doors.

Correct answer. ISPs will serve up almost anything when presented with correct, verifiable death certificate and a letter from the correct, verifiable next of kin stating that person X is authorised to take over the deceased's logins.

It is, sadly, a very slow process.

I was in the unfortunate situation of having to re-establish control over a number of friends and family's domains when their registrant, a friend of mine from uni, died quite expectedly

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[djones101]

I've experienced something similar, and all I can say is that your privacy dies with you. Anything and everything you ever wrote, thought, or believed is now the property of your heirs (along with your other assets and debts).

That is true if no will was prepared in advance. Wills do grant the power to transfer your assets, debts, and other such physical items to someone other than your heirs (look at all the trust funds setup after someone dies for starving children and the like). Also, should a will exist, it will still need to pass through probate, at which time someone (both creditors and heirs) can dispute the contents of the will and carve up the remains of the estate to their heart's content.

Re:

[diskis]

Simply image the disk, and toy around with the copy. If you fail, make a new copy. That's how you learn data recovery.