0 Bewertungen0% fanden dieses Dokument nützlich (0 Abstimmungen)
261 Ansichten28 Seiten
This paper first explores the scope of the issue, considering what counts as digital assets and the problems they could pose after we die if left unplanned for. What follows is a look at some current approaches to digital asset management and an examination of their potential limitations. Finally, this paper will summarize some legal approaches to the problem of digital asset management and consider the ability of federal legislation to standardize the process.
Originaltitel
You Can’t Take It With You: Planning for the Disposition of Digital Assets After Death
This paper first explores the scope of the issue, considering what counts as digital assets and the problems they could pose after we die if left unplanned for. What follows is a look at some current approaches to digital asset management and an examination of their potential limitations. Finally, this paper will summarize some legal approaches to the problem of digital asset management and consider the ability of federal legislation to standardize the process.
This paper first explores the scope of the issue, considering what counts as digital assets and the problems they could pose after we die if left unplanned for. What follows is a look at some current approaches to digital asset management and an examination of their potential limitations. Finally, this paper will summarize some legal approaches to the problem of digital asset management and consider the ability of federal legislation to standardize the process.
Every day, each new innovation in technology and data makes our world seem a bit smaller and navigating it all the more faster and easier. Increasingly, the business of living our lives is conducted via high-speed, highly connected networks with digital transactions for managing our identities, relationships, and affairs, taking the place of physical, one-on-one interactions. As such, new concerns have arisen relating to the unprecedented and unique challenges of our digital lives. One such challenge is what to do about our digital remains the lives we leave online after we die. Its said that nothing is ever really gone from the Internet. If thats so, we must seriously consider the question of what happens to our all of the data, information, photos, videos, etc. that we share on a daily basis after were gone. This paper first explores the scope of the issue, considering what counts as digital assets and the problems they could pose after we die if left unplanned for. What follows is a look at some current approaches to digital asset management and an examination of their potential limitations. Finally, this paper will summarize some legal approaches to the problem of digital asset management and consider the ability of federal legislation to standardize the process. Omitted from this discussion are the estate planning issues that might affect children, copyright claims, Internet gaming, privately hosted email and blogs, and employers interests in digital assets.
2 OUR DIGITAL LIVES Because the ways in which one can interact and transact affairs online are so numerous and varied, it makes sense to set out a definition of digital assets as the term will be used in this paper. Digital assets include information stored and used by computers (as well as mobile devices and digital storage devices) such as email, word processing documents, images, audio and video files, Internet accounts, and other data. i
Law professor Naomi Cahn divides digital assets into four different categories: Personal, Social Media, Financial and Business. ii Personal assets include those typically stored on a computer or smart-phone or uploaded onto a website. Social media assets involve interactions with other people they also can serve as storage for photos, videos, and other assets. The financial category typically includes bank accounts, accounts with shopping sites, subscriptions and online payment systems. Finally, business assets take into account information such as customer addresses and preferences, client files, and patient information. iii
A further assets/accounts distinction can be made which is helpful in clarifying the meaning of digital assets. Digital assets are the actual files and digital accounts are the access rights to files found in email, social media accounts, domain registration accounts, etc. iv In short, digital assets shall be understood as any digital file on a persons computer as well as online accounts and memberships. v
These digital assets hold both real and sentimental value. Indeed, 50 percent of Americans would sacrifice all of their vacation time for an entire year rather than 3 lose the files on their computer and 38 percent are willing to lose their wedding rings as opposed to losing their digital data. vi Because we place such a high value on these assets, there ought to be significant interest in determining what happens to them after we die. Instead, most of us fail to even consider the disposition of these prized possessions. The lack of a clear plan or policy for the disposition of digital assets has implications for the decedent, her estate, as well as surviving family members. For example, family may be denied access to a loved ones Facebook page after theyve died making it impossible to retrieve content, delete content, or close the page altogether. Trouble accessing a deceased family members online bill payment information may complicate the tying up of financial loose ends. Additionally, online accounts left unattended are susceptible to identity theft and fraud. The Federal Trade Commission estimates that there are more than 9 million victims of identity theft in the U.S. every year. vii The unattended online accounts of the deceased provide criminals with an enhanced opportunity to hack these accounts, open new credit cards, apply for jobs, and even procure state identification cards. viii
Without access to the deceaseds account information or at the very least, an ability to shutter accounts, it would prove difficult to guard against such threats. Another important concern is the protection of ones legacy and being able to dictate the story that one wants told about their life. This means controlling the ability to share items like photographs, emails, blog posts, recipes, etc. that have emotional value. Equally as important, the interest one may have to prevent loved ones or unintended audiences from accessing private messages, pictures, or other 4 secrets. The disposition of digital assets upon death is crucial to how one wants to be remembered ix but theres a greater societal interest involved as well. Because we are keeping fewer physical copies of letters, photographs, diaries, etc., our digital files and accounts might be the principal or even the only source that future generations use in order to find out about people who lived before them. x Indeed, the decision by the Library of Congress to archive all public tweets xi indicates that theres some archival value in social networking posts. Policies that frustrate access to digital assets may therefore have implications beyond our personal interest and individual legacies. In the not so distant past, the majority of people kept important documents and valuable assets in safe, tangible places such as lockboxes or file cabinets. The contents of our safes and files were usually revealed to trusted loved ones or executors but even when they were not, it didnt take much sleuthing to locate photo albums, storage boxes, bank ledgers, etc. Now that many of us rely primarily on digital transactions, finding the information necessary to facilitate the proper disposition of financial and personal assets complicates things. Most of our important documents and valuable files are scattered across a number of different devices, in several folders, and backup drives. Additionally, information is often stored in online accounts such as email, cloud-computing networks, or the websites of financial institutions. xii
Presently, there is no federal standard to deal with digital assets after death and only seven states have passed legislation to deal with some aspect of digital asset management. In the absence of specific state and/or federal laws, the current 5 process of planning for and managing digital assets relies on a patchwork of tactics such as the shoe-horning of traditional estate planning methods onto digital assets including handing over the logins and passwords to ones accounts (the functional equivalent of stuffing dollar bills in a mattress) service provider policies, and digital planning services.
CURRENT APPROACHES TO DIGITAL ASSET MANAGEMENT Traditional Estate Planning Traditional estate planning is concerned with the settling of financial affairs and the disposition of personal property. These are governed by the laws of intestacy the default rules determining what happens to property if a person dies without a will or a will prepared in advance of death that designates the distribution of an estate. xiii Whereas a will would suffice in most cases to direct the affairs of the deceased, it can be risky to reduce digital account information to writing since including the passwords and account access information for digital assets seems to go against every recommendation for good security practices. xiv
Notwithstanding the fact that half of Americans dont have any of the most basic estate planning documents, including a will, a living will and financial and medical powers of attorney, xv those with a will know that it is not a very nimble instrument. Information changes quickly new accounts are created and best practice suggests that users have multiple passwords that are updated frequently. It would be too cumbersome and therefore a deterrent to require that individuals constantly update their wills to reflect the latest account and access information. xvi
6 Attorney resource website DigitalEstateResource.com, provides sample language for lawyers assisting clients with planning for the disposition of digital assets. At the very least a will should include specific powers to handle digital assets and a definition of digital assets. Digital Assets. My executor shall have the power to access, handle, distribute and dispose of my digital assets. xvii
However, depending on the terms of service governing the users relationship with each site and the laws of his state, such language may have little to no impact despite its inclusion in a will. Service Provider Agreements Besides the difficulty in inventorying and maintaining up to date records of digital assets, traditional estate planning methods are further frustrated because the prohibitions on disclosure of private information make it nearly impossible for executors to access electronic communications and financial information. xviii
Indeed, service providers like social networks and email services have erred on the side of protecting privacy, even after death, xix so even when one has the foresight to pass on their online account access information in a will, trust or other document, the resulting access may be a violation of the various service provider agreements to which the deceased was a party. xx
New networks and services emerge seemingly on a daily basis and users are quick to enter into agreements with those services that are rarely read and hardly understood. When a user signs up for a personal email account like Gmail or a social network such as Facebook, they usually must agree to a clickwrap xxi privacy agreement as a prerequisite to using the site, which provides that under no circumstances will the website release the persons personal information and in 7 some cases even go as far to say that any information (pictures, videos, etc.) uploaded onto their website becomes the property of the website. xxii Typically, these agreements are licenses that terminate after the death of the account- holder, xxiii depriving anyone else (including surviving family members and estate planners) of the legal rights to access the account and the information contained therein, regardless of whether the deceased account-holder left behind her access information in a will or other document. xxiv
One notable example is that of the late, well-known movie critic Roger Ebert. Earlier this year it was reported that Eberts Twitter account continued to post updates after his passing in April 2013. According to Eberts wife Chaz, Ebert had given her the secret codes to his social media accounts with the intent that she keep his social presences alive. xxv Although Eberts wishes have been carried out and Twitter has not shuttered the account, the sites Terms of Service do state that Twitter gives you a personal, worldwide, royalty-free, non-assignable and non- exclusive license to use the software that is provided to you by Twitter as part of the Services, (emphasis mine) xxvi and therefore his wifes assumption of the account is likely a violation that could of Twitters TOS. Twitter would be acting in accord with its own TOS if it were to deny Chaz Ebert access to her husbands account but it is my opinion that the accounts popularity (826,473 followers as of 10/30/2013) coupled with Eberts status as a beloved celebrity figure has stayed Twitters hand in this matter. Increasingly, service providers are adopting privacy policies and so-called deceased-user policies that deal with digital asset management upon death. xxvii In 8 a complex balancing act in which the privacy rights of the deceased user are weighed against loved ones desire for closure. So as not to run afoul of state and federal regulations regarding digital files i.e. the Computer Fraud and Abuse Act, the Electronic Communications Privacy Act, and the Stored Communications Act, service providers usually come down on the side of protecting the interests of the user with whom they are in privity. Thus, the service providers priorities are sometimes at odds with the interests of the user and the users estate, even when adhering to laws enacted to protect them. Facebook, the largest social network with 1.15 billion monthly active users, xxviii recently adopted a deceased-user policy that offers verified family of the deceased the option of having the profile deleted xxix whereas anybody can request to have the page memorialized xxx . According to the Facebook Help Center, When a person passes away, we memorialize their account to protect their privacy. Here are some of the key features of memorialized accounts: No one can log into a memorialized account and no new friends can be accepted Depending on the privacy settings of the deceased person's account, friends can share memories on the memorialized timeline Anyone can send private messages to the deceased person Content the deceased person shared (ex: photos, posts) remains on Facebook and is visible to the audience it was shared with Memorialized timelines don't appear in People You May Know and other suggestions xxxi
While Facebooks current approach to deceased user pages is an improvement over its past policy of simply deleting the accounts of deceased users after 30 days, xxxii concerns with the sites handling of such accounts remain. Most notably, unless a user makes specific declarations regarding social networks in her 9 will there is no role for her to play whilst she is alive. This is because a Facebook user cannot specify that his or her account should be deleted, that certain content should be removed, or that a designated person should be entrusted to manage the account xxxiii through the sites settings, leaving decisions about the account in the hands of friends and/or family. Additionally, the bar to request memorialization of a page is quite low. xxxiv
Anyone can do it unilaterally without having to consult others else who might have an interest in keeping the page as is or deleting it altogether, causing further hurt and confusion when loved ones are abruptly cut off from the deceaseds page or when potentially offensive posts continue to populate the Wall of the page. Ultimately, Facebooks deceased user policy falls short of adequately protecting the interests of the deceased and their loved ones who are connected to them both on and offline, therefore exposing one of the weaknesses in allowing social sites to dictate their own divergent policies. Twitters 218 million monthly active users xxxv do not have a memorialization option but the site does have an inactive account policy providing that accounts inactive for at least six months are subject to removal. xxxvi Regarding deceased users specifically, the sites Terms of Service says it will work with a person authorized to act on behalf of the estate or with a verified immediate family member of the deceased to have an account deactivated. xxxvii Alternatively, family may obtain a permanent backup of the deceased users public tweets xxxviii and the micro-blogging platform will remove the decedents account from its Who to Follow suggestions upon request. xxxix Like Facebook, Twitters policy has the potential to vest the 10 decision for what happens with the account in the hands of family and friends who may not make the best decisions but it is a step in the right direction that theyre providing some recourse for the disposition of accounts of deceased users. The service agreements of email service providers tend to be even more complicated and committed to preserving the privacy of its users than social network policies. Not only does email function as a vast archive of correspondence (who we talk to and what we talk about), it is basically the skeleton key that unlocks a number of accounts. In most cases, if you know the email account access information, you can get access information for electronic bank accounts, social media accounts, and other web services sent directly to you. This is simply a matter of how most sites password retrieval functions operate. We have all had a moment when weve needed to click the forgot username/password button to gain access to an account. Usually, the account access information or reset links are sent via email. Therefore access to ones email means potential access to numerous protected accounts. The number one and number two email service providers in the U.S. Yahoo! and Gmail, respectively xl take different approaches to decedents accounts, adding to the overall lack of uniformity in how service provider agreements handle decedents accounts. When one agrees to Yahoo!s terms, you agree that your Yahoo! account is non-transferable and any rights to your Yahoo! ID or contents within your account terminate upon your death. Upon receipt of a copy of a death certificate, your account may be terminated and all contents therein permanently deleted. xli
11 One of the most cited cases dealing with digital asset management and email involved the Yahoo! account of Justin M. Ellsworth, a U.S. Marine killed in Iraq. xlii
When Ellsworths family attempted to retrieve his emails from Yahoo! for the purposes of creating a memorial, it took the order of a probate judge to gain access. Initially, Yahoo! refused to release Ellsworths emails and argued that they needed to enforce the privacy rights of their account holders xliii as outlined in their Terms of Service. In April of 2013, Google launched an innovative program called Inactive Account Manager, where users of Google services (including Gmail) can dictate what happens to their account if they become inactive after a specified period of three, six, nine, or twelve months as chosen by the user. In the event of death, any named account beneficiaries can access emails, photographs, videos, documents, or other data left to them. xliv The Inactive Account Manager is the first offering from a major service provider to proactively ask users to specify their wishes before death. xlv
However, for those who have not activated the Inactive Account Manager or has not designated a person to access their accounts, Gmails terms state, in rare cases we may be able to provide the contents of the Gmail account to an authorized representative of the deceased person xlvi [emphasis in original]. The service provider explains that it takes this approach because, At Google, were keenly aware of the trust users place in us, and we take our responsibility to protect the privacy of people who use Google services very seriously. Any decision to provide the contents of a deceased person's email will be made only after a careful review. xlvii
12 The terms continue on with a warning that the process to gain access to a deceased users account is both lengthy and without guarantee. The two-part process requires the submission of a death certificate and a court order. xlviii While it is commendable and a positive step forward for Google to put some control into the hands of the user while he or she is still alive, there still remains some significant hurdles to accessing a deceased persons account if he or she failed to take proactive steps. Other service providers have instituted policies regarding deceased user accounts as well. Instagram, the fast-growing photo-sharing app with more than 150 million members, xlix states, it is our policy to remove the account of a deceased person from Instagram. To protect the privacy of people on Instagram, we are unable to provide anyone with login information to an account. l LinkedIn, a professional networking site, says, we can close that person's account and remove their profile on your behalf, li but only after a colleague, classmate, or loved one fills out the required form. Even then, the result is not guaranteed. In the absence of clear and universal regulation, service providers are likely to continue to dictate how deceased user accounts are handled leaving users to accept them or look for alternative methods of digital asset management. These examples of different approaches to digital asset management illustrate, in my view, the absence of clear and universal standards. While self-regulation is usually preferable, it is unlikely that service providers will do so on this issue, at least not without the serious threat of outside regulation. Theres little motivation on behalf of the service providers to align on digital asset management when weighed against their privacy and digital storage obligations. 13 Digital Planning Sites and Services As more people have become aware and concerned about the disposition of their digital assets and neither traditional estate planning nor service provider agreements provide ideal protections, the market has sprung forth its own solutions. A slew of digital legacy sites and services have emerged. The Digital Beyond, a digital afterlife blog and resource, maintains a Digital Death and Afterlife Online Services List that includes 49 digital estate services, posthumous email services and online memorials. lii
One such service, Deathswitch, bills itself as information insurance liii that works by releasing a users account information to named beneficiaries upon notification of death triggered by the users lack of response to an are you still alive message. liv Legacy Locker, another service, is a safe, secure repository for your vital digital property that lets you grant access to online assets for friends and loved ones in the event of loss, death, or disability. lv The service acts as a digital locker of sorts by storing passwords, backing up documents, and managing so-called Legacy Letters (and videos) that can be transmitted to designated individuals once the site learns of a users death. In describing its service, SecureSafe, a digital legacy service based in Switzerland, says, its like having a Swiss Bank for your digital information lvi that provides the same account deletion and/or digital storage functions as the services above yet is larger and offers mobile app capabilities. SecureSafe allows users to store account information and files while its DataInherit feature will transfer users information to designated beneficiaries who activate a special code after the users death. 14 While potentially a good solution for those looking for a way to inventory and store their growing cache of online account information, the problem with these legacy services is that for service providers with terms of service like Facebook, for example, all it takes is one person to report the death of a user for the account to be memorialized, making access unavailable even to those with a password. lvii
Additionally, sites like Legacy Locker that include PayPal, eBay stores, and iTunes credits in the digital assets theyll store and transfer on users behalf complicate matters even further. Simply signing up for the service may not be sufficient to meet the users needs since using these services to transfer online accounts with actual financial worth, [], could lead to litigation, as a decedent cannot simply use a website to give assets to a beneficiary following his or her death without a correctly executed estate planning document. lviii
The fact remains that these services will continue to operate in a vacuum in the absence of uniform legislation and without the cooperation of digital asset providers such as social networking sites and email services. Not only do they lack the legal authority to grant access or use of digital assets but unless the legacy service is working with the online asset providers, it may be a violation of the users agreement to allow a third party to access an individuals account. lix Users interested in engaging one of these legacy services to manage their digital assets after death would be well-served to remember that simply giving someone access to information about an asset is not the same as giving that asset to that individual. lx
15 LEGAL APPROACHES TO DIGITAL ASSET MANAGEMENT The proliferation of state legislation is a step in the right direction, but if every state has their own approach to digital asset management, then the question of whether survivors will be able to access the decedents accounts could depend on where they live. To date, seven states have passed legislation addressing the issue of digital asset management Connecticut, Idaho, Indiana, Nevada, Oklahoma, Rhode Island, and Virginia. Its helpful to think of these state laws in terms of generations the first generation covering email accounts, the second generation is broader, covering records stored electronically, and the third generation expanded to include social media. lxi A number of other states including Massachusetts, Nebraska, New York, North Carolina, and Oregon have considered laws of various scope to deal with the disposition of a decedents digital assets but have yet to successfully pass any such legislation. lxii
First Generation The State of Connecticut was the first to enact such? legislation in 2005, lxiii
covering electronic mail accounts and requiring service providers to release copies of all emails, both sent and received, to the executor or administrator of a decedents estate. lxiv Rhode Island followed Connecticuts lead by enacting a similar law in 2007 lxv and adding in the requirement of obtaining a written request and court order before emails are released. Second Generation Indiana also enacted legislation in 2007 lxvi building off of both Connecticuts and Rhode Islands email-centric laws and further adding that custodians are 16 forbidden from destroying or disposing of the electronically stored documents or information of the deceased person for two (2) years after the custodian receives a request or order lxvii In covering the broader category of records stored electronically, the statute may remain relevant as new technologies are invented and new types of digital assets gain prominence, [but] its generality may also create confusion and uncertainty lxviii
Third Generation The executor or administrator of an estate shall have the power, where otherwise authorized, to take control of, conduct, continue, or terminate any accounts of a deceased person on any social networking website, any microblogging or short message service website or any email service websites. lxix
So states Oklahomas 2010 statute, which, while the most comprehensive of all the others recognizing social networking and empowering the decedents estate to take control of, conduct, continue, or terminate any accounts of the deceased person lxx still might not overcome claims that the accounts belong to the service provider (as per its Terms of Service), not the user-decedent. In an interview, the laws co-author, Rep. Ryan Kiesel acknowledged the possible conflict with service agreements, but said the law is intended to get people thinking seriously about what they leave behind on Facebook and other websites. lxxi
Motivated by the same factors as Oklahomas lawmakers, lxxii Idaho amended its Uniform Probate Code in 2011 to revise the powers granted to conservators and personal representatives so that they might take control of, conduct, continue or terminate any accounts of the decedent on any social networking website, any microblogging or short message service website or any e-mail service website. lxxiii
17 The two most recently enacted laws Nevadas and Virginias fall within the third generation grouping but are rather limited in scope. Nevadas statute provides that a personal representative has the power to direct the termination of any account of the decedent, lxxiv including social networking, microblogging, short message, and email services. The law is clear to exclude any financial account of the decedent and interestingly notes that it does not invalidate or abrogate any conditions, terms of service or contractual obligations the holder of such an account or asset has with the provider or administrator of the account, asset or Internet website. Considering that service provider agreements often preclude users from sharing passwords or assigning their accounts, it would thus appear that Nevadas law is rather toothless in the face of such agreements prohibiting anyone other than the original user from controlling the account. Finally, Virginias law is novel because it only applies to the Internet service accounts of minors. Section 64.2-110 of the Virginia Code empowers a personal representative of a deceased minor to assume the minors Terms of Service agreement for a digital account for purposes of consenting to and obtaining the disclosure of the contents of the deceased minor's communications and subscriber records pursuant to 18 U.S.C. 2702 lxxv (the Stored Communications Act). The narrow scope of Virginias statute reflects the feeling that it is particularly important for parents to access [social media accounts] whenever their children die for whatever reason or commit suicide. lxxvi
FEDERAL APPROACHES TO DIGITAL ASSET MANAGEMENT 18 The lack of uniformity in the way we approach digital asset management has caused many to consider whether a federal law might be the answer to filling in the gaps between existing methods. Theres no question as to whether federal law has the proper authority to regulate service providers; Congress clearly has the power to regulate the Internet, as it does other instrumentalities and channels of interstate commerce. lxxvii Indeed, all 50 states and the federal government already have criminal laws that penalize unauthorized access to different types of private or protected personal data. lxxviii These laws generally regulate when, what, and how service providers can divulge information from or grant access to online accounts in order to provide consumer protection against fraud and identity theft. However, these criminal laws may also have a chilling effect on fiduciaries trying to carry out their duties of gathering a deceased persons assets, paying debts and expenses, and distributing the remainder. lxxix
For example the Computer Fraud and Abuse Act (CFPAA) lxxx permits the government to charge a person with violating the Act when that person has exceeded his access by violating the access rules put in place by the computer owner and then commits fraud or obtains information. The Department of Justice asserts that violation of a sites Terms of Service is considered within the phrasing of exceeds authorized access. lxxxi Theres also the 1986 Electronic Communications Privacy Act (ECPA) lxxxii that prohibits companies that process, handle, and intercept electronic communications from knowingly divulging the contents of the communications. lxxxiii
19 The Stored Communications Act (SCA) lxxxiv (first enacted as part of the ECPA) lxxxv bars service providers from disclosing account information without a court order. The Daftary case lxxxvi offers a real-life example of a service provider citing the SCA as reason why it could not disclose account information. Following her daughter Sahars death, Anisa Daftary sought access to Sahars Facebook page in hopes of discovering information that would illuminate her daughters last days. Facebook declined to provide access, claiming the SCA applied to the contents of Sahars account and no exception under the Act could compel them to disclose. When Daftary asserted that as executor of her daughters estate she was empowered to consent to a release of information. Facebook stood firm, arguing that, given the number of jurisdictions their users span, it would be far too burdensome to require them to review the law of each jurisdiction in order to confirm the extent of the powers vested in administrators and confirm if they included the power to consent in such a situation. lxxxvii According to the Court, case law confirms that civil subpoenas may not compel production of records from providers like Facebook lxxxviii as to do so would be contrary to the SCA. In the absence of a clear mandate from Congress in the form of amendments or exceptions to the CFPAA, ECPA, and SCA, or the passage of another act altogether, those who seek access to decedents accounts are at risk of running afoul of laws intended to prevent cyber-crime and protect privacy. Such individuals will have a difficult time getting service providers to assist them through granting access. In an effort to bring some order to this muddled landscape, the Uniform Law Commission (ULC) created a Fiduciary Access to Digital Assets (FADA) Committee in 20 2012 to study and draft potential uniform digital asset planning legislation. lxxxix The ULC states that its purpose is to study and review the law of the states to determine which areas of law should be uniform. The commissioners promote the principle of uniformity by drafting and proposing specific statutes in areas of the law where uniformity between the states is desirable. xc The primary aims of the FADA committee are to address uncertainties with respect to accessing a decedents digital assets and accounts, particularly in relation to possible criminal sanctions and breaches of privacy laws. Earlier work by the FADA committee has focused on possible amendments to existing laws such as the Uniform Probate Code but the most recent working draft as of October 2013 proposes a stand alone Fiduciary Access to Digital Assets Act. The draft proposes that a personal representative or conservator shall be granted the same authority over digital property as the account holder had while alive. Unless prohibited by the will of the decedent, a court, or law of this state other than this [act], a personal representative of the decedent may obtain:
(1) the digital assets of a decedent; (2) records of the electronic communications of the decedent controlled by an electronic communication service or a remote computing service, including a log of the electronic address of each party with whom the decedent communicated; and (3) the contents of each electronic communication controlled by an electronic communication service or a remote computing service sent or received by the decedent, to the extent consistent with 18 U.S.C. Section 2702(b). (b) Once obtained, a personal representative may access, manage, deactivate, and delete the digital assets and the records and contents of the electronic communications of a decedent. xci
21 Additionally, the draft language bestows upon a trustee or an agent under power of attorney the authority to access, manage, deactivate, and delete the digital assets and electronic communications. xcii These provisions would ensure that a personal representative could step into the shoes of a decedent without fear of running afoul of the SCA or the CFAA. The draft also includes protections for service providers that look to laws like the SCA. According to the proposed uniform legislation, A custodian and its officers, employees, and agents are immune from liability for any action done in compliance with this [act]. xciii The ULC plans to have a final set of rules available by 2014. xciv
A diverse slate of stakeholders have? been invited to review and comment on the Committees drafts. After the 2013 Annual Meeting Draft xcv was published, several stakeholders provided comment. The American Civil Liberties Union (ACLU) expressed substantial privacy concerns with giving fiduciaries nearly unfettered access to online accounts or online content [] both for the individual whose information is shared and for individuals with whom he or she communicated online. xcvi The State Privacy and Security Coalition wrote to the Committee to express concern with potential conflicts with federal law and creating false- expectations for account holders and fiduciaries with respect to a fiduciarys level of access and control over electronic communications. xcvii Diane and Richard Rash, a couple who was denied access to their deceased sons Facebook account because of privacy reasons xcviii have also weighed in on the Committees draft. Predictably, the Rash family listed expedited access to minor childrens accounts upon proof of death with a death certificate among their suggestions for the draft. xcix
22 Of course any federal law, whether resulting from the ULC Committees work or not, must balance the various interests involved such as decedents privacy, the privacy of the people he or she communicated with, intellectual property rights, the grieving process for survivors, and the archival interests associated with certain digital materials. As the ACLU expressed in relation to the earlier ULC draft, allowing access the online accounts of deceased users could pose significant privacy issues. However, not allowing access could also mean complicating the disposition of ones assets and accounts as well as barring what might be a source of comfort for surviving friends and family.
RECOMMENDATIONS & CONCLUSION Confusion surrounding digital asset management would likely wane upon the adoption of uniform laws or policies. We would no longer be at the mercy of companies varying terms of service. A uniform law could work the existence of the Uniform Probate Code and the Health Insurance Portability and Accountability Act (HIPAA) is proof that these types of laws can succeed. However, the existing state laws and the ULC draft both take a heavy estate law-centric stance, assuming that individuals will take proactive steps to name representatives and commit their wishes for the disposition of digital assets to a will or similar instrument. While greater attention to the issue of digital asset management will encourage people to take the necessary measures, half of all Americans already lack a will or similar estate planning document. c This reality, combined with the fact that existing laws vest power in others after the user/owner is already dead leaves little room for 23 those of us who would like a say in what happens to our digital assets but for one reason or another have not or will not draft a will. Another attractive option does not involve legislation and therefore may be more attractive to the Internet community who would no doubt support less regulation is to have the providers add a proactive step to the account sign-up process. In order to be successful, such a step would have to be separate from the clickwrap agreement. Using Facebook as an example, users could be permitted to select in advance which portions of the Facebook page would remain visible and to whom, and whether or not friends could post to the page. ci This solution could help service providers adhere to their internal privacy policies and prevent others from accessing information that the deceased never intended to see the light of day. Additionally, these steps would need to be presented to users for review at regular intervals. Just as most people neglect to keep retirement beneficiary information up to date, it is easy to imagine many users forgetting to keep their digital asset designations current. cii At a minimum, the access rules in the ULC draft could be set aside when the user of a service designates such wishes upon account sign up, allowing both provider-initiated solutions and federal law to coexist. Regardless of whether service providers take it upon themselves to institute change or bodies like the ULC are successful in establishing uniform legislation, its clear that measures need to be taken to protect the various stakeholders affected when an owner of digital assets passes away. State laws may be limited in scope, toothless, out of date, or all of the above. Digital legacy management services often 24 do not possess the authority to deliver on the claims they make and are better suited to being digital storage lockers as opposed to true estate planning solutions. Gone are the days when everything you needed to know about a deceased loved one was discoverable by opening a diary or locating a bankbook. The law hasnt always been good at keeping up with the pace of technology but as nearly all of our transactions and archiving occurs online, we will soon find that simply applying old ways of thinking about estate, legacy and even privacy will result in potential fraud, unnecessary litigation, and worst of all the extended grief of those suffering the loss of a loved one.
i Evan Carroll. Digital Assets: A Clearer Definition. Digital Estate Resources. Jan. 30, 2012. http://www.digitalestateresource.com/2012/01/digital-assets-a-clearer- definition/ ii Naomi Cahn. Postmortem Life On-Line. 25 Prob. & Prop. 36, 36-37 (2011). iii Id. iv Maria Perrone. What Happens When we Die: Estate Planning of Digital Assets. 21 CommLaw Conspectus 185 (2012/2013). v John Conner. Digital Life After Death: The Issue of Planning for a Persons Digital Assets After Death. Estate Planning & Community Property Law Journal. Vol. 3, No. 301 (Spring, 2011). vi Mark Raby. Americans value their digital data more than... TGDaily.com. Nov. 2, 2011. http://www.tgdaily.com/security-brief/59399-americans-value-their-digital- data-more-than#h0LTTJGhpFkR9Awl.99 vii Synovate. Federal Trade Commission Identity Theft Report. September 2003. http://www.ftc.gov/os/2003/09/synovatereport.pdf viii Gerry W. Beyer & Naomi Cahn. When You Pass on, Don't Leave the Passwords Behind: Planning for Digital Assets. ABA Probate & Property Magazine. 26.1 (Jan/Feb. 2012). ix Id. x Jason Mazzone. Facebooks Afterlife. N.C. L. Rev. (2012). xi Id. xii Molly Wilkens. Privacy and Security During Life, Access After Death: Are They Mutually Exclusive? Hastings L.J. 62:1037 (March 2011). xiii Jesse Dukeminer et al. Wills Trusts and Estates. 8 th ed. (2009). xiv Dennis Kennedy. Estate Planning for Your Digital Assets. Law Practice Today. March 2010. http://apps.americanbar.org/lpm/lpt/articles/ftr03103.shtml. 25
xv Ashlea Ebeling. Americans Lack Basic Estate Plans. Forbes.com. Mar. 1, 2010. http://www.forbes.com/2010/03/01/estate-tax-living-will-schiavo-personal- finance-no-estate-plans.html. xvi Gerry W. Beyer, & Naomi Cahn. Digital Planning: The Future of Elder Law. NAELA Journal. 9:1 (2013). xvii Sample Language. Digital Estate Resource. http://www.digitalestateresource.com/sample-language/ xviii Wilkens, supra note 11. xix Id. xx Cahn, supra note 2. xxi Rachel Cormier Anderson. Enforcement of Contractual Terms in Clickwrap Agreements. 3 Shidler J. L. Com. & Tech. 11 (Feb. 14, 2007). xxii Conner, supra, note 5. xxiii Perrone, supra, note 4. xxiv Id. xxv Zach Schonfeld. How Roger Ebert Managed His Digital Afterlife. The Atlantic Wire Aug. 5, 2013. http://www.theatlanticwire.com/technology/2013/08/how- roger-ebert-managed-his-digital-afterlife/67986/ xxvi Twitter. Your License To Use the Services Terms of Service. https://twitter.com/tos xxvii Id. xxviii Facebook. Facebook Reports Second Quarter 2013 Results. Facebook.com. July 24, 2013. http://investor.fb.com/releasedetail.cfm?ReleaseID=780093 xxix Facebook. How do I submit a special request for a deceased user's account on the site? https://www.facebook.com/help/www/265593773453448 xxx Facebook. What happens when a deceased person's account is memorialized? https://www.facebook.com/help/103897939701143 xxxi Id. xxxii Kristina Kelleher. Facebook Profiles Become Makeshift Memorials. Brown Daily Herald. http://www.browndailyherald.com/2007/02/22/facebook-profiles- become-makeshift-memorials/#.TxLqXc317Ec xxxiii Mazzone, supra note 9. xxxiv Facebook. Memorialization Request Form https://www.facebook.com/help/contact/305593649477238 xxxv Shea Bennett. Twitter IPO: 218 Million Active Users, 500 Million Tweets/Day, 75% Mobile Use (Still Unprofitable). AllTwitter.com. Oct. 4, 2013. https://www.mediabistro.com/alltwitter/twitter-ipo-filing_b50130 xxxvi Twitter. Inactive Account Policy. https://support.twitter.com/articles/15362- inactive-account-policy. xxxvii Twitter. Contacting Twitter about a deceased user https://support.twitter.com/articles/87894-how-to-contact-twitter-about-a- deceased-user. xxxviii Josie ODell. What Happens to Your Twitter Account When You Die? Mashable.com. (Aug. 10, 2010). http://mashable.com/2010/08/10/twitter- deceased-account/ 26
xxxix Id. xl Yahoo! General Corporate Questions. Yahoo! Pressroom. http://pressroom.yahoo.net/pr/ycorp/faq.aspx xli Yahoo! Terms of Service. Yahoo.com. http://info.yahoo.com/legal/us/yahoo/utos/utos-173.html xlii Richard Magnone. The Ellsworth Case with Yahoo! Illinois Attorney Blog. Nov. 9, 2010. http://illinoisattorneyblog.blogspot.com/2010/11/ellsworth-case-with- yahoo.html xliii Id. xliv Andrea Tuerk. Plan Your Digital Afterlife with Inactive Account Manager. Google Public Policy Blog. April 11, 2013. http://googlepublicpolicy.blogspot.com/2013/04/plan-your-digital-afterlife- with.html xlv Evan Carroll. Google Announces Digital Account Manager. The Digital Beyond. April 11, 2013. http://www.thedigitalbeyond.com/2013/04/google-announces- inactive-account-manager/ xlvi Gmail. Accessing a Deceased Persons Mail. https://support.google.com/mail/answer/14300?hl=en xlvii Id. xlviii Id. xlix Jordan Crook. Topping 150M Users, Instagram Promises Ads Within The Next Year. Techcrunch.com. Sept. 8, 2013. http://techcrunch.com/2013/09/08/topping- 150m-users-instagram-promises-ads-within-the-next-year/ l Instagram. How do I report a deceased person's account on Instagram? http://help.instagram.com/264154560391256/ li LinkedIn. Deceased LinkedIn Member - Removing Profile: How do I close the account of a LinkedIn member who passed away? http://help.linkedin.com/app/answers/detail/a_id/2842 lii Digital Beyond. Digital Death and Afterlife Online Services List. http://www.thedigitalbeyond.com/online-services-list/ liii Deathswitch.com. http://deathswitch.com/ liv Id. lv Legacy Locker. http://legacylocker.com/ lvi SecureSafe. http://securesafe.com lvii Mazzone, supra note 9. lviii Perrone, supra note 22. lix Cahn, supra note 2. lx Perrone, supra note 22, quoting Michael Walker and Victoria D. Blachly, Virtual Assets, ST003 A.L.I.-A.B.A. 175, 177 (2011). lxi Beyer and Cahn, supra note 15. lxii Jim Lamm. August 2013 List of State Laws and Proposals Regarding Fiduciary Access to Digital Property During Incapacity or After Death. DigitalPassing.com. Aug. 30, 2013. http://www.digitalpassing.com/2013/08/30/august-2013-list-state- laws-proposals-fiduciary-access-digital-property-incapacity-death/ lxiii Conn. Gen. Stat. 45a-334a 27
lxiv Id. lxv R.I. Gen. Laws 33-27-1 lxvi Ind. Code 29-1-13-1.1 lxvii Id. lxviii Beyer and Cahn, supra note 15. lxix 58 Okla. Stat. Ann. 269 lxx Id. lxxi International Business Times. New Oklahoma Law Puts control of Deceaseds Social Media Accounts in Estate Executors. International Business Times. Dec. 2, 2010. http://www.ibtimes.com/new-oklahama-law-puts-control-deceaseds-social- media-accounts-estate-executors-249266 lxxii Statement of Purpose (RS20153), Idaho Sen. 1044, 61 st Legis., 1 st Reg. Sess., http://legislature.idaho.gov/legislation/2011/S1044SOP.pdf lxxiii Idaho Code Ann. 15-3-715 lxxiv Nev. Rev. Stat. 143.188 (2013) lxxv Va. Code Ann. 64.2-110 (2013). lxxvi Frederick Kunkle. Virginia General Assembly approves measure easing parental access to Facebook accounts of deceased child. Washington Post. Feb. 18, 2013. http://articles.washingtonpost.com/2013-02-18/local/37159056_1_facebook- accounts-digital-assets-access lxxvii U.S. v. Hornaday, 392 F.3d 1306 (11 th Cir. 2004). lxxviii Jim Lamm. Planning Ahead for Access to Contents of a Decedents Online Accounts. Feb. 9, 2012. DigitalPassing.com. http://www.digitalpassing.com/2012/02/09/planning-ahead-access-contents- decedent-online-accounts/ lxxix Id. lxxx 18 U.S.C. 1030 (2006) lxxxi Richard W. Downing. Cyber Security: Protecting Americas New Frontier. Hearing before the Subcommittee on Crime, Terrorism, and National Security. Nov. 15, 2011. http://judiciary.house.gov/hearings/pdf/Downing%2011152011.pdf lxxxii 18 U.S.C. 2510-2522 lxxxiii Wilkens, supra note 11. lxxxiv 18 U.S.C 2701-2711 lxxxv Orin Kerr. A Users Guide to the Stored Communications Act, and a Legislators Guide to Amending It. Geo. Wash. L. Rev. 72 (2004). lxxxvi In re Request for Order Requiring Facebook, Inc. to Produce Documents and Things, Case No C 12-80171 LHK (PSG) (N.D. California, 20 September 2012). lxxxvii Id. lxxxviii Id. lxxxix Uniform Law Commission. Committees: Fiduciary Access to Digital Assets. http://www.uniformlaws.org/Committee.aspx?title=Fiduciary%20Access%20to%2 0Digital%20Assets xc Uniform Law Commission. About the ULC http://www.uniformlaws.org/Narrative.aspx?title=About%20the%20ULC 28
xci Uniform Law Commission. Draft for discussion only: Fiduciary Access to Digital Assets Act (Oct. 22, 2013). http://www.uniformlaws.org/shared/docs/Fiduciary%20Access%20to%20Digital %20Assets/2013nov_FADA_Mtg_Draft.pdf xcii Id. xciii Id. xciv KSE Focus. States Examine Laws Governing Digital Accounts After Death. Congress.org. June 13, 2013. http://congress.org/2013/06/13/states-examine- laws-governing-digital-accounts-after-death/#sthash.QxxQGDWF.dpuf xcv Uniform Law Commission. 2013 Annual Meeting Draft. http://www.uniformlaws.org/shared/docs/Fiduciary%20Access%20to%20Digital %20Assets/2013AM_FADA_Draft.pdf xcvi Letter from Allison S. Bohm, ACLU Advocacy & Policy Strategist, to Suzanne Brown Walsh, Chair and Professor Naomi Cahn, Reporter, Uniform Law Commission. July 3, 2013. http://www.uniformlaws.org/shared/docs/Fiduciary%20Access%20to%20Digital %20Assets/2013jul3_FADA_Comments_ACLU.pdf xcvii Letter from James Halpert, et. al. to Suzanne Walsh, Chair, Uniform Law Commission. July 8, 2013. http://www.uniformlaws.org/shared/docs/Fiduciary%20Access%20to%20Digital %20Assets/2013jul_FADA_NetChoice_Szabo%20et%20al_Comments.pdf xcviii Tracy Sears. Facebook sends family information about sons page before his suicide. WTVR.com. Nov. 4, 2011. http://wtvr.com/2011/11/04/facebook-sends- family-information-about-sons-page-before-his-suicide/ xcix Letter from Richard O. Rash and Diane Rash to Suzanne Brown Walsh, Chair, Uniform Law Commission. July 5, 2013. http://www.uniformlaws.org/shared/docs/Fiduciary%20Access%20to%20Digital %20Assets/2013jul5_FADA_Comments_Rash.pdf c Ebeling, supra note 15. ci Mazzone, supra note 9. cii Carolyn T. Greer. Beware the Beneficiary Form. WSJ.com. July 6, 2011. http://online.wsj.com/news/articles/SB100014240527023037147045763835234 41136038