What happens to your accounts when you die? OpenID calls for digital estate action

When people die, the fate of their digital accounts depends on a series of fragmented policies and legal systems rife with gaps, according to the OpenID Foundation. A new white paper from OIDF calls for governments, technology providers and international standards bodies to come together with coordinated steps to protect these digital estates and make them accessible to the right people.

In “The Unfinished Digital Estate,” co-authors Dean H. Saxe, Mike Kiser and Heather Flanagan, along with contributor Eve Maler, examine the gaps that not just bank accounts, but also emails, photos, creative work and social media profiles can fall into. The importance of properly managing this content has only increased as advances in deepfake technology have made it possible to impersonate deceased people for manipulation or fraud.

Saxe and Maler are co-chairs of OIDF’s Death and Digital Estate (DADE) Working Group, and Maler is well-known in the digital identity industry as the CTO of ForgeRock during its rise to IAM prominence.

“This issue affects every internet user eventually, yet platforms treat death as an edge case. We have standards for authentication, authorization, and digital consent,” Saxe says. “We need the same coordinated approach for what happens when users die, before AI deepfakes make this even more complicated.”

The 43-page white paper notes that while some tools for managing digital estates are available, they are not widely adopted.

OIDF makes the case for lawmakers to formally recognize digital assets under inheritance law, clarify what rights and privacy protections continue after death and establish frameworks for handling cross-border digital property.

Tech platforms can move past credential sharing to adopt “on-behalf-of” delegation, put verifiable processes in place for dead and incapacitated people, give users control of how their data will be used after they die in advance and improve clarity around consent, revocation and auditability.

Standards bodies will need to work on the delegation protocols, verifiable triggers and trust frameworks involved while respecting cultural diversity. Some promising candidates are out there, OIDF says, including Sovrin’s guardianship credentials, Kantara’s delegation frameworks and MOSIP’s death registration integration.

But a lot more work is needed. To that end, the DADE Community Group is currently seeking stakeholder contributions.

Article Topics

AI fraud  |  deepfakes  |  digital estates  |  digital identity  |  OpenID Foundation