The Authentic and the Dead

I’ve seen some discussion, as at this NPR Digital Afterlife story, about the issues that arise when a digital account holder dies or becomes incapacitated.  This is perhaps the ultimate “boundary condition”, and isn’t a case that’s likely to be top-of-mind for a subscriber or provider when a live account is established, but is probably an area where legal and technical practice will need to evolve in tandem.  Security professionals generally discourage sharing of passwords or accounts, but is it appropriate to inherit them?  If not, what should their disposition be?  Is a court’s approval required before an inherited password becomes acceptable for use?  In technical terms, some of these cases could be modeled by delegating authorization from a prior account holder to a new successor, thus maintaining a distinction about who’s authenticating and acting at what time, but comprehensive delegation technologies haven’t become pervasive. As it stands, we may find ourselves in the position of authenticating with the identities of those who no longer can, which may prove anomalous both in terms of technical security models and in terms of the legal and societal context in which those identities existed.