I’m working towards a new type of an Inactive Account Manager app, that would assume control of my accounts when I become inactive. But I want to build it with a decentralized smart contract on Ethereum, so no entity will control my data when I leave.
That way I can be assured that my music and writing, photos and personal things that I cherish will be left to my children or whomever I choose. There are however some “locker-room” chatrooms between pals, that I don’t need my kids to read out loud in my wake. Further, I have some accounts that my wife might need in order to get to some documents and legal stuff.
I contacted accomplished IT friends to help with the development and they right away asked me this question. “But why should everyone trust you manage their data.” Naive I thought I was trustworthy, but I realized that this was a major problem. Not only due to the fact that customers would not want to give the company access to all its accounts, but also that the centralization of data is not a good thing and this would definitely make the company vulnerable to attacks.
After digging further down the blockchain rabbit hole, a lightbulb came on in my head. A decentralized app, effectively an on-chain smart contract that interacts with off-chain databases could be the perfect solution.
How would works?
- A user enters the policy into the smart contract´s intuitive dashboard. Each account needs to be verified with the service providers.
- The smart contract monitors user status at regular intervals. When the user is still active, the smart contract is “dormant” and does not prompt any activity.
- If inactivity is detected, a verification process starts. Validators on the network communicate with each other and collect data from databases according to protocol.
- If inactivity is confirmed the smart contract prompts execution of the policy that the user has set and communicates with the respective services, to collect, to delete or to leave data, as per the deceased user’s request.
- Files are delivered, deleted and accounts closed.
For technical people, this diagram shows the process a little bit better.
Claiming data is a major pain for everyone:
In my research, I had already spent a lot of time contacting service reps of online account providers and through various portals. It didn’t take long to realize, that the verification process is a headache for everyone involved. For each one, I’d need to prove that the individual had died, and sometimes mailing in hard copies of death certificates, proof of attorney and each service needed to verify the status according to their own standards.
It’s a lengthy and painstaking process. It’s hard for the relative, complex and bureaucratic for the service and liability risk is huge. Essentially the relative is trying to claim data from a system that is designed to protect it. I can’t imagine service reps enjoy this particularly much either, as I can imagine there is a lot of frustration and emotions. Understandably, the companies also have their policies to adhere to and care more about existing users, so in some cases is easiest for the companies to deny access to inactive user’s data.
We can solve this problem, simply, elegantly and once and for all. If we create a smart contract that stores your will, what will happen to the data and the network ensures that your will is fulfilled.
The smart contract would store all policies in a secure manner, and then monitor a user's status via public records and databases, allowing all parties to reach a consensus about that status of the user, active or inactive. Doing so, the will of the user to be executed in a simple manner. At the same time, security would be increased for user and services providers immediately and decreasing the likelihood of false reporting and the network witnesses that the files are delivered to the rightful recipients.
Inactive account managers exist today and the most advanced is Google’s IAM that allows users to set policies for their accounts and services they have signed up, should they become inactive. However, Google IAM only works with services that are owned or operated by Google. In Google’s IAM case, you can choose recipients that will receive as much or as little of documents you want and an intuitive interface. Facebook offers you to appoint a legacy contact, that can assume some control of your Facebook if you pass away. So what’s the problem?
The problem is real and will only grow BIGGER!
The problem is that regular users have signed up with multiple online services. Not all services offer an “IAM” solution, and often it’s hard to set up or has limited functions. Secondly, often a relative would need to contact the service, provide a death certificate and proof of attorney that shows that the relative has permission to access the data. The respective service might reject or allow the request after review.
The second layer of the problem is also that your data, that under GDPR law is your property, is in the custody of a centralized party. This party does not share your interest in death, that is, they are more concerned with protecting your data than giving access to it. But the problem is simply put, the service provider decides what happens to your data if you have not set up a policy.
The third and perhaps the biggest problem on a macro scale is the accumulation of data stored online is increasingly getting bigger, more people are signing up, and we haven’t yet reached the cusp of when the first true online generation will age off.
To sum up:
- Managing your post mortem data rights is complex.
- The process of claiming or closing accounts is lengthy and stifling.
- It is costly for services to manage these requests and they are disincentivized to outperform the current state.
- The liability risk is huge for services.
- There are no witnesses that data is delivered due to limited visibility.
What are the benefits?
- The User: Simple and secure way to manage your data policies and provides a clear overview. The will is followed.
- The Relative: Saves time and energy in the stages of grieving and is assured that the will of the deceased is being followed.
- The Service provider: Most likely the one who saves the most money over time. The service provider will save on legal fees, customer support and reduce risk of liability by having the contract outsourced.
- There are Witnesses: The network will witness that the data gets delivered.
The sitting duck:
If you are a dev, investor, entrepreneur or a fan, please get in touch, you can contact me via Keybase or here on medium.
If you want to donate towards the project you can send it to the addresses below.
I would also love to hear your comments.