1

You Cant Take It With You: Planning for the

Disposition of Digital Assets After Death

Nakia D. Hansen, JD

Every day, each new innovation in technology and data makes our world seem a
bit smaller and navigating it all the more faster and easier. Increasingly, the
business of living our lives is conducted via high-speed, highly connected networks
with digital transactions for managing our identities, relationships, and affairs,
taking the place of physical, one-on-one interactions. As such, new concerns have
arisen relating to the unprecedented and unique challenges of our digital lives. One
such challenge is what to do about our digital remains the lives we leave online
after we die. Its said that nothing is ever really gone from the Internet. If thats so,
we must seriously consider the question of what happens to our all of the data,
information, photos, videos, etc. that we share on a daily basis after were gone.
This paper first explores the scope of the issue, considering what counts as
digital assets and the problems they could pose after we die if left unplanned for.
What follows is a look at some current approaches to digital asset management and
an examination of their potential limitations. Finally, this paper will summarize
some legal approaches to the problem of digital asset management and consider the
ability of federal legislation to standardize the process. Omitted from this discussion
are the estate planning issues that might affect children, copyright claims, Internet
gaming, privately hosted email and blogs, and employers interests in digital assets.

2
OUR DIGITAL LIVES
Because the ways in which one can interact and transact affairs online are so
numerous and varied, it makes sense to set out a definition of digital assets as the
term will be used in this paper. Digital assets include information stored and used
by computers (as well as mobile devices and digital storage devices) such as email,
word processing documents, images, audio and video files, Internet accounts, and
other data.
i

Law professor Naomi Cahn divides digital assets into four different
categories: Personal, Social Media, Financial and Business.
ii
Personal assets include
those typically stored on a computer or smart-phone or uploaded onto a website.
Social media assets involve interactions with other people they also can serve as
storage for photos, videos, and other assets. The financial category typically
includes bank accounts, accounts with shopping sites, subscriptions and online
payment systems. Finally, business assets take into account information such as
customer addresses and preferences, client files, and patient information.
iii

A further assets/accounts distinction can be made which is helpful in
clarifying the meaning of digital assets. Digital assets are the actual files and digital
accounts are the access rights to files found in email, social media accounts,
domain registration accounts, etc.
iv
In short, digital assets shall be understood as
any digital file on a persons computer as well as online accounts and
memberships.
v

These digital assets hold both real and sentimental value. Indeed, 50 percent
of Americans would sacrifice all of their vacation time for an entire year rather than
3
lose the files on their computer and 38 percent are willing to lose their wedding
rings as opposed to losing their digital data.
vi
Because we place such a high value on
these assets, there ought to be significant interest in determining what happens to
them after we die. Instead, most of us fail to even consider the disposition of these
prized possessions.
The lack of a clear plan or policy for the disposition of digital assets has
implications for the decedent, her estate, as well as surviving family members. For
example, family may be denied access to a loved ones Facebook page after theyve
died making it impossible to retrieve content, delete content, or close the page
altogether. Trouble accessing a deceased family members online bill payment
information may complicate the tying up of financial loose ends. Additionally,
online accounts left unattended are susceptible to identity theft and fraud. The
Federal Trade Commission estimates that there are more than 9 million victims of
identity theft in the U.S. every year.
vii
The unattended online accounts of the
deceased provide criminals with an enhanced opportunity to hack these accounts,
open new credit cards, apply for jobs, and even procure state identification cards.
viii

Without access to the deceaseds account information or at the very least, an ability
to shutter accounts, it would prove difficult to guard against such threats.
Another important concern is the protection of ones legacy and being able to
dictate the story that one wants told about their life. This means controlling the
ability to share items like photographs, emails, blog posts, recipes, etc. that have
emotional value. Equally as important, the interest one may have to prevent loved
ones or unintended audiences from accessing private messages, pictures, or other
4
secrets. The disposition of digital assets upon death is crucial to how one wants to
be remembered
ix
but theres a greater societal interest involved as well. Because we
are keeping fewer physical copies of letters, photographs, diaries, etc., our digital
files and accounts might be the principal or even the only source that future
generations use in order to find out about people who lived before them.
x
Indeed,
the decision by the Library of Congress to archive all public tweets
xi
indicates that
theres some archival value in social networking posts. Policies that frustrate access
to digital assets may therefore have implications beyond our personal interest and
individual legacies.
In the not so distant past, the majority of people kept important documents
and valuable assets in safe, tangible places such as lockboxes or file cabinets. The
contents of our safes and files were usually revealed to trusted loved ones or
executors but even when they were not, it didnt take much sleuthing to locate
photo albums, storage boxes, bank ledgers, etc. Now that many of us rely primarily
on digital transactions, finding the information necessary to facilitate the proper
disposition of financial and personal assets complicates things. Most of our
important documents and valuable files are scattered across a number of different
devices, in several folders, and backup drives. Additionally, information is often
stored in online accounts such as email, cloud-computing networks, or the websites
of financial institutions.
xii

Presently, there is no federal standard to deal with digital assets after death
and only seven states have passed legislation to deal with some aspect of digital
asset management. In the absence of specific state and/or federal laws, the current
5
process of planning for and managing digital assets relies on a patchwork of tactics
such as the shoe-horning of traditional estate planning methods onto digital assets
including handing over the logins and passwords to ones accounts (the functional
equivalent of stuffing dollar bills in a mattress) service provider policies, and
digital planning services.

CURRENT APPROACHES TO DIGITAL ASSET MANAGEMENT
Traditional Estate Planning
Traditional estate planning is concerned with the settling of financial affairs
and the disposition of personal property. These are governed by the laws of
intestacy the default rules determining what happens to property if a person dies
without a will or a will prepared in advance of death that designates the
distribution of an estate.
xiii
Whereas a will would suffice in most cases to direct the
affairs of the deceased, it can be risky to reduce digital account information to
writing since including the passwords and account access information for digital
assets seems to go against every recommendation for good security practices.
xiv

Notwithstanding the fact that half of Americans dont have any of the most
basic estate planning documents, including a will, a living will and financial and
medical powers of attorney,
xv
those with a will know that it is not a very nimble
instrument. Information changes quickly new accounts are created and best
practice suggests that users have multiple passwords that are updated frequently. It
would be too cumbersome and therefore a deterrent to require that individuals
constantly update their wills to reflect the latest account and access information.
xvi

6
Attorney resource website DigitalEstateResource.com, provides sample language for
lawyers assisting clients with planning for the disposition of digital assets.
At the very least a will should include specific powers to handle digital
assets and a definition of digital assets.
Digital Assets. My executor shall have the power to access,
handle, distribute and dispose of my digital assets.
xvii


However, depending on the terms of service governing the users relationship with
each site and the laws of his state, such language may have little to no impact
despite its inclusion in a will.
Service Provider Agreements
Besides the difficulty in inventorying and maintaining up to date records of
digital assets, traditional estate planning methods are further frustrated because
the prohibitions on disclosure of private information make it nearly impossible for
executors to access electronic communications and financial information.
xviii

Indeed, service providers like social networks and email services have erred on the
side of protecting privacy, even after death,
xix
so even when one has the foresight to
pass on their online account access information in a will, trust or other document,
the resulting access may be a violation of the various service provider agreements to
which the deceased was a party.
xx

New networks and services emerge seemingly on a daily basis and users are
quick to enter into agreements with those services that are rarely read and hardly
understood. When a user signs up for a personal email account like Gmail or a social
network such as Facebook, they usually must agree to a clickwrap
xxi
privacy
agreement as a prerequisite to using the site, which provides that under no
circumstances will the website release the persons personal information and in
7
some cases even go as far to say that any information (pictures, videos, etc.)
uploaded onto their website becomes the property of the website.
xxii
Typically,
these agreements are licenses that terminate after the death of the account-
holder,
xxiii
depriving anyone else (including surviving family members and estate
planners) of the legal rights to access the account and the information contained
therein, regardless of whether the deceased account-holder left behind her access
information in a will or other document.
xxiv

One notable example is that of the late, well-known movie critic Roger Ebert.
Earlier this year it was reported that Eberts Twitter account continued to post
updates after his passing in April 2013. According to Eberts wife Chaz, Ebert had
given her the secret codes to his social media accounts with the intent that she
keep his social presences alive.
xxv
Although Eberts wishes have been carried out and
Twitter has not shuttered the account, the sites Terms of Service do state that
Twitter gives you a personal, worldwide, royalty-free, non-assignable and non-
exclusive license to use the software that is provided to you by Twitter as part of the
Services, (emphasis mine)
xxvi
and therefore his wifes assumption of the account is
likely a violation that could of Twitters TOS. Twitter would be acting in accord with
its own TOS if it were to deny Chaz Ebert access to her husbands account but it is
my opinion that the accounts popularity (826,473 followers as of 10/30/2013)
coupled with Eberts status as a beloved celebrity figure has stayed Twitters hand
in this matter.
Increasingly, service providers are adopting privacy policies and so-called
deceased-user policies that deal with digital asset management upon death.
xxvii
In
8
a complex balancing act in which the privacy rights of the deceased user are
weighed against loved ones desire for closure. So as not to run afoul of state and
federal regulations regarding digital files i.e. the Computer Fraud and Abuse Act, the
Electronic Communications Privacy Act, and the Stored Communications Act, service
providers usually come down on the side of protecting the interests of the user with
whom they are in privity. Thus, the service providers priorities are sometimes at
odds with the interests of the user and the users estate, even when adhering to laws
enacted to protect them.
Facebook, the largest social network with 1.15 billion monthly active
users,
xxviii
recently adopted a deceased-user policy that offers verified family of the
deceased the option of having the profile deleted
xxix
whereas anybody can request to
have the page memorialized
xxx
. According to the Facebook Help Center,
When a person passes away, we memorialize their account to protect
their privacy. Here are some of the key features of memorialized
accounts:
No one can log into a memorialized account and no new friends
can be accepted
Depending on the privacy settings of the deceased person's
account, friends can share memories on the memorialized timeline
Anyone can send private messages to the deceased person
Content the deceased person shared (ex: photos, posts) remains
on Facebook and is visible to the audience it was shared with
Memorialized timelines don't appear in People You May Know and
other suggestions
xxxi


While Facebooks current approach to deceased user pages is an
improvement over its past policy of simply deleting the accounts of deceased users
after 30 days,
xxxii
concerns with the sites handling of such accounts remain. Most
notably, unless a user makes specific declarations regarding social networks in her
9
will there is no role for her to play whilst she is alive. This is because a Facebook
user cannot specify that his or her account should be deleted, that certain content
should be removed, or that a designated person should be entrusted to manage the
account
xxxiii
through the sites settings, leaving decisions about the account in the
hands of friends and/or family.
Additionally, the bar to request memorialization of a page is quite low.
xxxiv

Anyone can do it unilaterally without having to consult others else who might have
an interest in keeping the page as is or deleting it altogether, causing further hurt
and confusion when loved ones are abruptly cut off from the deceaseds page or
when potentially offensive posts continue to populate the Wall of the page.
Ultimately, Facebooks deceased user policy falls short of adequately protecting the
interests of the deceased and their loved ones who are connected to them both on
and offline, therefore exposing one of the weaknesses in allowing social sites to
dictate their own divergent policies.
Twitters 218 million monthly active users
xxxv
do not have a memorialization
option but the site does have an inactive account policy providing that accounts
inactive for at least six months are subject to removal.
xxxvi
Regarding deceased users
specifically, the sites Terms of Service says it will work with a person authorized to
act on behalf of the estate or with a verified immediate family member of the
deceased to have an account deactivated.
xxxvii
Alternatively, family may obtain a
permanent backup of the deceased users public tweets
xxxviii
and the micro-blogging
platform will remove the decedents account from its Who to Follow suggestions
upon request.
xxxix
Like Facebook, Twitters policy has the potential to vest the
10
decision for what happens with the account in the hands of family and friends who
may not make the best decisions but it is a step in the right direction that theyre
providing some recourse for the disposition of accounts of deceased users.
The service agreements of email service providers tend to be even more
complicated and committed to preserving the privacy of its users than social
network policies. Not only does email function as a vast archive of correspondence
(who we talk to and what we talk about), it is basically the skeleton key that unlocks
a number of accounts. In most cases, if you know the email account access
information, you can get access information for electronic bank accounts, social
media accounts, and other web services sent directly to you. This is simply a matter
of how most sites password retrieval functions operate. We have all had a moment
when weve needed to click the forgot username/password button to gain access
to an account. Usually, the account access information or reset links are sent via
email. Therefore access to ones email means potential access to numerous
protected accounts.
The number one and number two email service providers in the U.S. Yahoo!
and Gmail, respectively
xl
take different approaches to decedents accounts, adding
to the overall lack of uniformity in how service provider agreements handle
decedents accounts. When one agrees to Yahoo!s terms, you agree that your
Yahoo! account is non-transferable and any rights to your Yahoo! ID or contents
within your account terminate upon your death. Upon receipt of a copy of a death
certificate, your account may be terminated and all contents therein permanently
deleted.
xli

11
One of the most cited cases dealing with digital asset management and email
involved the Yahoo! account of Justin M. Ellsworth, a U.S. Marine killed in Iraq.
xlii

When Ellsworths family attempted to retrieve his emails from Yahoo! for the
purposes of creating a memorial, it took the order of a probate judge to gain access.
Initially, Yahoo! refused to release Ellsworths emails and argued that they needed
to enforce the privacy rights of their account holders
xliii
as outlined in their Terms
of Service.
In April of 2013, Google launched an innovative program called Inactive
Account Manager, where users of Google services (including Gmail) can dictate
what happens to their account if they become inactive after a specified period of
three, six, nine, or twelve months as chosen by the user. In the event of death, any
named account beneficiaries can access emails, photographs, videos, documents, or
other data left to them.
xliv
The Inactive Account Manager is the first offering from a
major service provider to proactively ask users to specify their wishes before
death.
xlv

However, for those who have not activated the Inactive Account Manager or
has not designated a person to access their accounts, Gmails terms state, in rare
cases we may be able to provide the contents of the Gmail account to an authorized
representative of the deceased person
xlvi
[emphasis in original]. The service
provider explains that it takes this approach because,
At Google, were keenly aware of the trust users place in us, and we
take our responsibility to protect the privacy of people who use
Google services very seriously. Any decision to provide the contents of
a deceased person's email will be made only after a careful review.
xlvii


12
The terms continue on with a warning that the process to gain access to a deceased
users account is both lengthy and without guarantee. The two-part process requires
the submission of a death certificate and a court order.
xlviii
While it is commendable
and a positive step forward for Google to put some control into the hands of the user
while he or she is still alive, there still remains some significant hurdles to accessing
a deceased persons account if he or she failed to take proactive steps.
Other service providers have instituted policies regarding deceased user
accounts as well. Instagram, the fast-growing photo-sharing app with more than 150
million members,
xlix
states, it is our policy to remove the account of a deceased
person from Instagram. To protect the privacy of people on Instagram, we are
unable to provide anyone with login information to an account.
l
LinkedIn, a
professional networking site, says, we can close that person's account and remove
their profile on your behalf,
li
but only after a colleague, classmate, or loved one
fills out the required form. Even then, the result is not guaranteed.
In the absence of clear and universal regulation, service providers are likely
to continue to dictate how deceased user accounts are handled leaving users to
accept them or look for alternative methods of digital asset management. These
examples of different approaches to digital asset management illustrate, in my view,
the absence of clear and universal standards. While self-regulation is usually
preferable, it is unlikely that service providers will do so on this issue, at least not
without the serious threat of outside regulation. Theres little motivation on behalf
of the service providers to align on digital asset management when weighed against
their privacy and digital storage obligations.
13
Digital Planning Sites and Services
As more people have become aware and concerned about the disposition of
their digital assets and neither traditional estate planning nor service provider
agreements provide ideal protections, the market has sprung forth its own
solutions. A slew of digital legacy sites and services have emerged. The Digital
Beyond, a digital afterlife blog and resource, maintains a Digital Death and Afterlife
Online Services List that includes 49 digital estate services, posthumous email
services and online memorials.
lii

One such service, Deathswitch, bills itself as information insurance
liii
that
works by releasing a users account information to named beneficiaries upon
notification of death triggered by the users lack of response to an are you still alive
message.
liv
Legacy Locker, another service, is a safe, secure repository for your vital
digital property that lets you grant access to online assets for friends and loved ones
in the event of loss, death, or disability.
lv
The service acts as a digital locker of sorts
by storing passwords, backing up documents, and managing so-called Legacy
Letters (and videos) that can be transmitted to designated individuals once the site
learns of a users death. In describing its service, SecureSafe, a digital legacy service
based in Switzerland, says, its like having a Swiss Bank for your digital
information
lvi
that provides the same account deletion and/or digital storage
functions as the services above yet is larger and offers mobile app capabilities.
SecureSafe allows users to store account information and files while its
DataInherit feature will transfer users information to designated beneficiaries
who activate a special code after the users death.
14
While potentially a good solution for those looking for a way to inventory
and store their growing cache of online account information, the problem with these
legacy services is that for service providers with terms of service like Facebook, for
example, all it takes is one person to report the death of a user for the account to be
memorialized, making access unavailable even to those with a password.
lvii

Additionally, sites like Legacy Locker that include PayPal, eBay stores, and iTunes
credits in the digital assets theyll store and transfer on users behalf complicate
matters even further. Simply signing up for the service may not be sufficient to meet
the users needs since using these services to transfer online accounts with actual
financial worth, [], could lead to litigation, as a decedent cannot simply use a
website to give assets to a beneficiary following his or her death without a
correctly executed estate planning document.
lviii

The fact remains that these services will continue to operate in a vacuum in
the absence of uniform legislation and without the cooperation of digital asset
providers such as social networking sites and email services. Not only do they lack
the legal authority to grant access or use of digital assets but unless the legacy
service is working with the online asset providers, it may be a violation of the users
agreement to allow a third party to access an individuals account.
lix
Users
interested in engaging one of these legacy services to manage their digital assets
after death would be well-served to remember that simply giving someone access
to information about an asset is not the same as giving that asset to that
individual.
lx


15
LEGAL APPROACHES TO DIGITAL ASSET MANAGEMENT
The proliferation of state legislation is a step in the right direction, but if
every state has their own approach to digital asset management, then the question
of whether survivors will be able to access the decedents accounts could depend on
where they live. To date, seven states have passed legislation addressing the issue of
digital asset management Connecticut, Idaho, Indiana, Nevada, Oklahoma, Rhode
Island, and Virginia. Its helpful to think of these state laws in terms of generations
the first generation covering email accounts, the second generation is broader,
covering records stored electronically, and the third generation expanded to
include social media.
lxi
A number of other states including Massachusetts, Nebraska,
New York, North Carolina, and Oregon have considered laws of various scope to deal
with the disposition of a decedents digital assets but have yet to successfully pass
any such legislation.
lxii

First Generation
The State of Connecticut was the first to enact such? legislation in 2005,
lxiii

covering electronic mail accounts and requiring service providers to release
copies of all emails, both sent and received, to the executor or administrator of a
decedents estate.
lxiv
Rhode Island followed Connecticuts lead by enacting a similar
law in 2007
lxv
and adding in the requirement of obtaining a written request and
court order before emails are released.
Second Generation
Indiana also enacted legislation in 2007
lxvi
building off of both Connecticuts
and Rhode Islands email-centric laws and further adding that custodians are
16
forbidden from destroying or disposing of the electronically stored documents or
information of the deceased person for two (2) years after the custodian receives a
request or order
lxvii
In covering the broader category of records stored
electronically, the statute may remain relevant as new technologies are invented
and new types of digital assets gain prominence, [but] its generality may also create
confusion and uncertainty
lxviii

Third Generation
The executor or administrator of an estate shall have the power,
where otherwise authorized, to take control of, conduct, continue, or
terminate any accounts of a deceased person on any social
networking website, any microblogging or short message service
website or any email service websites.
lxix


So states Oklahomas 2010 statute, which, while the most comprehensive of all the
others recognizing social networking and empowering the decedents estate to
take control of, conduct, continue, or terminate any accounts of the deceased
person
lxx
still might not overcome claims that the accounts belong to the service
provider (as per its Terms of Service), not the user-decedent. In an interview, the
laws co-author, Rep. Ryan Kiesel acknowledged the possible conflict with service
agreements, but said the law is intended to get people thinking seriously about what
they leave behind on Facebook and other websites.
lxxi

Motivated by the same factors as Oklahomas lawmakers,
lxxii
Idaho amended
its Uniform Probate Code in 2011 to revise the powers granted to conservators and
personal representatives so that they might take control of, conduct, continue or
terminate any accounts of the decedent on any social networking website, any
microblogging or short message service website or any e-mail service website.
lxxiii

17
The two most recently enacted laws Nevadas and Virginias fall within the third
generation grouping but are rather limited in scope. Nevadas statute provides that
a personal representative has the power to direct the termination of any account of
the decedent,
lxxiv
including social networking, microblogging, short message, and
email services. The law is clear to exclude any financial account of the decedent and
interestingly notes that it does not invalidate or abrogate any conditions, terms of
service or contractual obligations the holder of such an account or asset has with the
provider or administrator of the account, asset or Internet website. Considering
that service provider agreements often preclude users from sharing passwords or
assigning their accounts, it would thus appear that Nevadas law is rather toothless
in the face of such agreements prohibiting anyone other than the original user from
controlling the account.
Finally, Virginias law is novel because it only applies to the Internet service
accounts of minors. Section 64.2-110 of the Virginia Code empowers a personal
representative of a deceased minor to assume the minors Terms of Service
agreement for a digital account for purposes of consenting to and obtaining the
disclosure of the contents of the deceased minor's communications and subscriber
records pursuant to 18 U.S.C. 2702
lxxv
(the Stored Communications Act). The
narrow scope of Virginias statute reflects the feeling that it is particularly
important for parents to access [social media accounts] whenever their children die
for whatever reason or commit suicide.
lxxvi


FEDERAL APPROACHES TO DIGITAL ASSET MANAGEMENT
18
The lack of uniformity in the way we approach digital asset management has
caused many to consider whether a federal law might be the answer to filling in the
gaps between existing methods. Theres no question as to whether federal law has
the proper authority to regulate service providers; Congress clearly has the power
to regulate the Internet, as it does other instrumentalities and channels of interstate
commerce.
lxxvii
Indeed, all 50 states and the federal government already have
criminal laws that penalize unauthorized access to different types of private or
protected personal data.
lxxviii
These laws generally regulate when, what, and how
service providers can divulge information from or grant access to online accounts in
order to provide consumer protection against fraud and identity theft. However,
these criminal laws may also have a chilling effect on fiduciaries trying to carry out
their duties of gathering a deceased persons assets, paying debts and expenses, and
distributing the remainder.
lxxix

For example the Computer Fraud and Abuse Act (CFPAA)
lxxx
permits the
government to charge a person with violating the Act when that person has
exceeded his access by violating the access rules put in place by the computer owner
and then commits fraud or obtains information. The Department of Justice asserts
that violation of a sites Terms of Service is considered within the phrasing of
exceeds authorized access.
lxxxi
Theres also the 1986 Electronic Communications
Privacy Act (ECPA)
lxxxii
that prohibits companies that process, handle, and intercept
electronic communications from knowingly divulging the contents of the
communications.
lxxxiii

19
The Stored Communications Act (SCA)
lxxxiv
(first enacted as part of the
ECPA)
lxxxv
bars service providers from disclosing account information without a
court order. The Daftary case
lxxxvi
offers a real-life example of a service provider
citing the SCA as reason why it could not disclose account information. Following
her daughter Sahars death, Anisa Daftary sought access to Sahars Facebook page in
hopes of discovering information that would illuminate her daughters last days.
Facebook declined to provide access, claiming the SCA applied to the contents of
Sahars account and no exception under the Act could compel them to disclose.
When Daftary asserted that as executor of her daughters estate she was
empowered to consent to a release of information. Facebook stood firm, arguing
that, given the number of jurisdictions their users span, it would be far too
burdensome to require them to review the law of each jurisdiction in order to
confirm the extent of the powers vested in administrators and confirm if they
included the power to consent in such a situation.
lxxxvii
According to the Court, case
law confirms that civil subpoenas may not compel production of records from
providers like Facebook
lxxxviii
as to do so would be contrary to the SCA.
In the absence of a clear mandate from Congress in the form of amendments
or exceptions to the CFPAA, ECPA, and SCA, or the passage of another act altogether,
those who seek access to decedents accounts are at risk of running afoul of laws
intended to prevent cyber-crime and protect privacy. Such individuals will have a
difficult time getting service providers to assist them through granting access.
In an effort to bring some order to this muddled landscape, the Uniform Law
Commission (ULC) created a Fiduciary Access to Digital Assets (FADA) Committee in
20
2012 to study and draft potential uniform digital asset planning legislation.
lxxxix
The
ULC states that its purpose is to study and review the law of the states to determine
which areas of law should be uniform. The commissioners promote the principle of
uniformity by drafting and proposing specific statutes in areas of the law where
uniformity between the states is desirable.
xc
The primary aims of the FADA
committee are to address uncertainties with respect to accessing a decedents
digital assets and accounts, particularly in relation to possible criminal sanctions
and breaches of privacy laws.
Earlier work by the FADA committee has focused on possible amendments to
existing laws such as the Uniform Probate Code but the most recent working draft as
of October 2013 proposes a stand alone Fiduciary Access to Digital Assets Act. The
draft proposes that a personal representative or conservator shall be granted the
same authority over digital property as the account holder had while alive.
Unless prohibited by the will of the decedent, a court, or law of this
state other than this [act], a personal representative of the decedent
may obtain:

(1) the digital assets of a decedent;
(2) records of the electronic communications of the decedent
controlled by an electronic communication service or a remote
computing service, including a log of the electronic address of
each party with whom the decedent communicated; and
(3) the contents of each electronic communication controlled
by an electronic communication service or a remote
computing service sent or received by the decedent, to the
extent consistent with 18 U.S.C. Section 2702(b).
(b) Once obtained, a personal representative may
access, manage, deactivate, and delete the digital assets
and the records and contents of the electronic
communications of a decedent.
xci


21
Additionally, the draft language bestows upon a trustee or an agent under
power of attorney the authority to access, manage, deactivate, and delete the digital
assets and electronic communications.
xcii
These provisions would ensure that a
personal representative could step into the shoes of a decedent without fear of
running afoul of the SCA or the CFAA. The draft also includes protections for service
providers that look to laws like the SCA. According to the proposed uniform
legislation, A custodian and its officers, employees, and agents are immune from
liability for any action done in compliance with this [act].
xciii
The ULC plans to have
a final set of rules available by 2014.
xciv

A diverse slate of stakeholders have? been invited to review and comment on
the Committees drafts. After the 2013 Annual Meeting Draft
xcv
was published,
several stakeholders provided comment. The American Civil Liberties Union (ACLU)
expressed substantial privacy concerns with giving fiduciaries nearly unfettered
access to online accounts or online content [] both for the individual whose
information is shared and for individuals with whom he or she communicated
online.
xcvi
The State Privacy and Security Coalition wrote to the Committee to
express concern with potential conflicts with federal law and creating false-
expectations for account holders and fiduciaries with respect to a fiduciarys level of
access and control over electronic communications.
xcvii
Diane and Richard Rash, a
couple who was denied access to their deceased sons Facebook account because of
privacy reasons
xcviii
have also weighed in on the Committees draft. Predictably, the
Rash family listed expedited access to minor childrens accounts upon proof of
death with a death certificate among their suggestions for the draft.
xcix

22
Of course any federal law, whether resulting from the ULC Committees work
or not, must balance the various interests involved such as decedents privacy, the
privacy of the people he or she communicated with, intellectual property rights, the
grieving process for survivors, and the archival interests associated with certain
digital materials. As the ACLU expressed in relation to the earlier ULC draft, allowing
access the online accounts of deceased users could pose significant privacy issues.
However, not allowing access could also mean complicating the disposition of ones
assets and accounts as well as barring what might be a source of comfort for
surviving friends and family.

RECOMMENDATIONS & CONCLUSION
Confusion surrounding digital asset management would likely wane upon the
adoption of uniform laws or policies. We would no longer be at the mercy of
companies varying terms of service. A uniform law could work the existence of
the Uniform Probate Code and the Health Insurance Portability and Accountability
Act (HIPAA) is proof that these types of laws can succeed. However, the existing
state laws and the ULC draft both take a heavy estate law-centric stance, assuming
that individuals will take proactive steps to name representatives and commit their
wishes for the disposition of digital assets to a will or similar instrument.
While greater attention to the issue of digital asset management will encourage
people to take the necessary measures, half of all Americans already lack a will or
similar estate planning document.
c
This reality, combined with the fact that existing
laws vest power in others after the user/owner is already dead leaves little room for
23
those of us who would like a say in what happens to our digital assets but for one
reason or another have not or will not draft a will.
Another attractive option does not involve legislation and therefore may be
more attractive to the Internet community who would no doubt support less
regulation is to have the providers add a proactive step to the account sign-up
process. In order to be successful, such a step would have to be separate from the
clickwrap agreement. Using Facebook as an example, users could be permitted to
select in advance which portions of the Facebook page would remain visible and to
whom, and whether or not friends could post to the page.
ci
This solution could help
service providers adhere to their internal privacy policies and prevent others from
accessing information that the deceased never intended to see the light of day.
Additionally, these steps would need to be presented to users for review at regular
intervals. Just as most people neglect to keep retirement beneficiary information up
to date, it is easy to imagine many users forgetting to keep their digital asset
designations current.
cii
At a minimum, the access rules in the ULC draft could be set
aside when the user of a service designates such wishes upon account sign up,
allowing both provider-initiated solutions and federal law to coexist.
Regardless of whether service providers take it upon themselves to institute
change or bodies like the ULC are successful in establishing uniform legislation, its
clear that measures need to be taken to protect the various stakeholders affected
when an owner of digital assets passes away. State laws may be limited in scope,
toothless, out of date, or all of the above. Digital legacy management services often
24
do not possess the authority to deliver on the claims they make and are better
suited to being digital storage lockers as opposed to true estate planning solutions.
Gone are the days when everything you needed to know about a deceased loved
one was discoverable by opening a diary or locating a bankbook. The law hasnt
always been good at keeping up with the pace of technology but as nearly all of our
transactions and archiving occurs online, we will soon find that simply applying old
ways of thinking about estate, legacy and even privacy will result in potential fraud,
unnecessary litigation, and worst of all the extended grief of those suffering the loss
of a loved one.

i
Evan Carroll. Digital Assets: A Clearer Definition. Digital Estate Resources. Jan. 30,
2012. http://www.digitalestateresource.com/2012/01/digital-assets-a-clearer-
definition/
ii
Naomi Cahn. Postmortem Life On-Line. 25 Prob. & Prop. 36, 36-37 (2011).
iii
Id.
iv
Maria Perrone. What Happens When we Die: Estate Planning of Digital Assets. 21
CommLaw Conspectus 185 (2012/2013).
v
John Conner. Digital Life After Death: The Issue of Planning for a Persons Digital
Assets After Death. Estate Planning & Community Property Law Journal. Vol. 3, No.
301 (Spring, 2011).
vi
Mark Raby. Americans value their digital data more than... TGDaily.com. Nov. 2,
2011. http://www.tgdaily.com/security-brief/59399-americans-value-their-digital-
data-more-than#h0LTTJGhpFkR9Awl.99
vii
Synovate. Federal Trade Commission Identity Theft Report. September 2003.
http://www.ftc.gov/os/2003/09/synovatereport.pdf
viii
Gerry W. Beyer & Naomi Cahn. When You Pass on, Don't Leave the Passwords
Behind: Planning for Digital Assets. ABA Probate & Property Magazine. 26.1
(Jan/Feb. 2012).
ix
Id.
x
Jason Mazzone. Facebooks Afterlife. N.C. L. Rev. (2012).
xi
Id.
xii
Molly Wilkens. Privacy and Security During Life, Access After Death: Are They
Mutually Exclusive? Hastings L.J. 62:1037 (March 2011).
xiii
Jesse Dukeminer et al. Wills Trusts and Estates. 8
th
ed. (2009).
xiv
Dennis Kennedy. Estate Planning for Your Digital Assets. Law Practice Today.
March 2010. http://apps.americanbar.org/lpm/lpt/articles/ftr03103.shtml.
25

xv
Ashlea Ebeling. Americans Lack Basic Estate Plans. Forbes.com. Mar. 1, 2010.
http://www.forbes.com/2010/03/01/estate-tax-living-will-schiavo-personal-
finance-no-estate-plans.html.
xvi
Gerry W. Beyer, & Naomi Cahn. Digital Planning: The Future of Elder Law. NAELA
Journal. 9:1 (2013).
xvii
Sample Language. Digital Estate Resource.
http://www.digitalestateresource.com/sample-language/
xviii
Wilkens, supra note 11.
xix
Id.
xx
Cahn, supra note 2.
xxi
Rachel Cormier Anderson. Enforcement of Contractual Terms in Clickwrap
Agreements. 3 Shidler J. L. Com. & Tech. 11 (Feb. 14, 2007).
xxii
Conner, supra, note 5.
xxiii
Perrone, supra, note 4.
xxiv
Id.
xxv
Zach Schonfeld. How Roger Ebert Managed His Digital Afterlife. The Atlantic
Wire Aug. 5, 2013. http://www.theatlanticwire.com/technology/2013/08/how-
roger-ebert-managed-his-digital-afterlife/67986/
xxvi
Twitter. Your License To Use the Services Terms of Service.
https://twitter.com/tos
xxvii
Id.
xxviii
Facebook. Facebook Reports Second Quarter 2013 Results. Facebook.com. July
24, 2013. http://investor.fb.com/releasedetail.cfm?ReleaseID=780093
xxix
Facebook. How do I submit a special request for a deceased user's account on
the site? https://www.facebook.com/help/www/265593773453448
xxx
Facebook. What happens when a deceased person's account is memorialized?
https://www.facebook.com/help/103897939701143
xxxi
Id.
xxxii
Kristina Kelleher. Facebook Profiles Become Makeshift Memorials. Brown Daily
Herald. http://www.browndailyherald.com/2007/02/22/facebook-profiles-
become-makeshift-memorials/#.TxLqXc317Ec
xxxiii
Mazzone, supra note 9.
xxxiv
Facebook. Memorialization Request Form
https://www.facebook.com/help/contact/305593649477238
xxxv
Shea Bennett. Twitter IPO: 218 Million Active Users, 500 Million Tweets/Day,
75% Mobile Use (Still Unprofitable). AllTwitter.com. Oct. 4, 2013.
https://www.mediabistro.com/alltwitter/twitter-ipo-filing_b50130
xxxvi
Twitter. Inactive Account Policy. https://support.twitter.com/articles/15362-
inactive-account-policy.
xxxvii
Twitter. Contacting Twitter about a deceased user
https://support.twitter.com/articles/87894-how-to-contact-twitter-about-a-
deceased-user.
xxxviii
Josie ODell. What Happens to Your Twitter Account When You Die?
Mashable.com. (Aug. 10, 2010). http://mashable.com/2010/08/10/twitter-
deceased-account/
26

xxxix
Id.
xl
Yahoo! General Corporate Questions. Yahoo! Pressroom.
http://pressroom.yahoo.net/pr/ycorp/faq.aspx
xli
Yahoo! Terms of Service. Yahoo.com.
http://info.yahoo.com/legal/us/yahoo/utos/utos-173.html
xlii
Richard Magnone. The Ellsworth Case with Yahoo! Illinois Attorney Blog. Nov. 9,
2010. http://illinoisattorneyblog.blogspot.com/2010/11/ellsworth-case-with-
yahoo.html
xliii
Id.
xliv
Andrea Tuerk. Plan Your Digital Afterlife with Inactive Account Manager.
Google Public Policy Blog. April 11, 2013.
http://googlepublicpolicy.blogspot.com/2013/04/plan-your-digital-afterlife-
with.html
xlv
Evan Carroll. Google Announces Digital Account Manager. The Digital Beyond.
April 11, 2013. http://www.thedigitalbeyond.com/2013/04/google-announces-
inactive-account-manager/
xlvi
Gmail. Accessing a Deceased Persons Mail.
https://support.google.com/mail/answer/14300?hl=en
xlvii
Id.
xlviii
Id.
xlix
Jordan Crook. Topping 150M Users, Instagram Promises Ads Within The Next
Year. Techcrunch.com. Sept. 8, 2013. http://techcrunch.com/2013/09/08/topping-
150m-users-instagram-promises-ads-within-the-next-year/
l
Instagram. How do I report a deceased person's account on Instagram?
http://help.instagram.com/264154560391256/
li
LinkedIn. Deceased LinkedIn Member - Removing Profile: How do I close the
account of a LinkedIn member who passed away?
http://help.linkedin.com/app/answers/detail/a_id/2842
lii
Digital Beyond. Digital Death and Afterlife Online Services List.
http://www.thedigitalbeyond.com/online-services-list/
liii
Deathswitch.com. http://deathswitch.com/
liv
Id.
lv
Legacy Locker. http://legacylocker.com/
lvi
SecureSafe. http://securesafe.com
lvii
Mazzone, supra note 9.
lviii
Perrone, supra note 22.
lix
Cahn, supra note 2.
lx
Perrone, supra note 22, quoting Michael Walker and Victoria D. Blachly, Virtual
Assets, ST003 A.L.I.-A.B.A. 175, 177 (2011).
lxi
Beyer and Cahn, supra note 15.
lxii
Jim Lamm. August 2013 List of State Laws and Proposals Regarding Fiduciary
Access to Digital Property During Incapacity or After Death. DigitalPassing.com.
Aug. 30, 2013. http://www.digitalpassing.com/2013/08/30/august-2013-list-state-
laws-proposals-fiduciary-access-digital-property-incapacity-death/
lxiii
Conn. Gen. Stat. 45a-334a
27

lxiv
Id.
lxv
R.I. Gen. Laws 33-27-1
lxvi
Ind. Code 29-1-13-1.1
lxvii
Id.
lxviii
Beyer and Cahn, supra note 15.
lxix
58 Okla. Stat. Ann. 269
lxx
Id.
lxxi
International Business Times. New Oklahoma Law Puts control of Deceaseds
Social Media Accounts in Estate Executors. International Business Times. Dec. 2,
2010. http://www.ibtimes.com/new-oklahama-law-puts-control-deceaseds-social-
media-accounts-estate-executors-249266
lxxii
Statement of Purpose (RS20153), Idaho Sen. 1044, 61
st
Legis., 1
st
Reg. Sess.,
http://legislature.idaho.gov/legislation/2011/S1044SOP.pdf
lxxiii
Idaho Code Ann. 15-3-715
lxxiv
Nev. Rev. Stat. 143.188 (2013)
lxxv
Va. Code Ann. 64.2-110 (2013).
lxxvi
Frederick Kunkle. Virginia General Assembly approves measure easing parental
access to Facebook accounts of deceased child. Washington Post. Feb. 18, 2013.
http://articles.washingtonpost.com/2013-02-18/local/37159056_1_facebook-
accounts-digital-assets-access
lxxvii
U.S. v. Hornaday, 392 F.3d 1306 (11
th
Cir. 2004).
lxxviii
Jim Lamm. Planning Ahead for Access to Contents of a Decedents Online
Accounts. Feb. 9, 2012. DigitalPassing.com.
http://www.digitalpassing.com/2012/02/09/planning-ahead-access-contents-
decedent-online-accounts/
lxxix
Id.
lxxx
18 U.S.C. 1030 (2006)
lxxxi
Richard W. Downing. Cyber Security: Protecting Americas New Frontier.
Hearing before the Subcommittee on Crime, Terrorism, and National Security. Nov. 15,
2011. http://judiciary.house.gov/hearings/pdf/Downing%2011152011.pdf
lxxxii
18 U.S.C. 2510-2522
lxxxiii
Wilkens, supra note 11.
lxxxiv
18 U.S.C 2701-2711
lxxxv
Orin Kerr. A Users Guide to the Stored Communications Act, and a Legislators
Guide to Amending It. Geo. Wash. L. Rev. 72 (2004).
lxxxvi
In re Request for Order Requiring Facebook, Inc. to Produce Documents and
Things, Case No C 12-80171 LHK (PSG) (N.D. California, 20 September 2012).
lxxxvii
Id.
lxxxviii
Id.
lxxxix
Uniform Law Commission. Committees: Fiduciary Access to Digital Assets.
http://www.uniformlaws.org/Committee.aspx?title=Fiduciary%20Access%20to%2
0Digital%20Assets
xc
Uniform Law Commission. About the ULC
http://www.uniformlaws.org/Narrative.aspx?title=About%20the%20ULC
28

xci
Uniform Law Commission. Draft for discussion only: Fiduciary Access to Digital
Assets Act (Oct. 22, 2013).
http://www.uniformlaws.org/shared/docs/Fiduciary%20Access%20to%20Digital
%20Assets/2013nov_FADA_Mtg_Draft.pdf
xcii
Id.
xciii
Id.
xciv
KSE Focus. States Examine Laws Governing Digital Accounts After Death.
Congress.org. June 13, 2013. http://congress.org/2013/06/13/states-examine-
laws-governing-digital-accounts-after-death/#sthash.QxxQGDWF.dpuf
xcv
Uniform Law Commission. 2013 Annual Meeting Draft.
http://www.uniformlaws.org/shared/docs/Fiduciary%20Access%20to%20Digital
%20Assets/2013AM_FADA_Draft.pdf
xcvi
Letter from Allison S. Bohm, ACLU Advocacy & Policy Strategist, to Suzanne
Brown Walsh, Chair and Professor Naomi Cahn, Reporter, Uniform Law
Commission. July 3, 2013.
http://www.uniformlaws.org/shared/docs/Fiduciary%20Access%20to%20Digital
%20Assets/2013jul3_FADA_Comments_ACLU.pdf
xcvii
Letter from James Halpert, et. al. to Suzanne Walsh, Chair, Uniform Law
Commission. July 8, 2013.
http://www.uniformlaws.org/shared/docs/Fiduciary%20Access%20to%20Digital
%20Assets/2013jul_FADA_NetChoice_Szabo%20et%20al_Comments.pdf
xcviii
Tracy Sears. Facebook sends family information about sons page before his
suicide. WTVR.com. Nov. 4, 2011. http://wtvr.com/2011/11/04/facebook-sends-
family-information-about-sons-page-before-his-suicide/
xcix
Letter from Richard O. Rash and Diane Rash to Suzanne Brown Walsh, Chair,
Uniform Law Commission. July 5, 2013.
http://www.uniformlaws.org/shared/docs/Fiduciary%20Access%20to%20Digital
%20Assets/2013jul5_FADA_Comments_Rash.pdf
c
Ebeling, supra note 15.
ci
Mazzone, supra note 9.
cii
Carolyn T. Greer. Beware the Beneficiary Form. WSJ.com. July 6, 2011.
http://online.wsj.com/news/articles/SB100014240527023037147045763835234
41136038