Planning For Your Digital Assets – Summer 2015
In the last decade, advances in technology have completely changed the way we live our lives. We communicate through e-mails and text messages rather than phone calls or handwritten letters. We store our financial records online instead of in file cabinets. We keep our family photos and other items of intrinsic value on social media sites like Facebook, Twitter, and Instagram, and file storage services such as Dropbox or iCloud. Some of us conduct business and make money solely from the use of the Internet, such as those who create ad-supported blogs whose revenue is generated by the number of individuals who visit their page. We no longer buy our music from the record store, but from services like iTunes and Spotify.
Today’s world is a digital one, and all of the above items are digital assets. In 2013, the research firm MSI International conducted a global study in which it found that the average American’s digital assets have a perceived value of approximately $37,000.1 The question then becomes, what happens to your digital assets if you become incapacitated or die?
- The Computer Fraud and Abuse Act (CFAA)
- The Stored Communications Act (SCA)
- Subpoena the Records or Ask for Them Nicely
- Terms of Service Agreements
- State laws are Attempting to Fill in the Gaps
- Digital Asset
- So What can You Do
The Computer Fraud and Abuse Act (CFAA)
The questions of estate planning and technology are now inextricably tied together. Two U.S. Federal statutes regulate much of what an executor can and cannot do with a decedent’s assets. Those statutes are the Computer Fraud and Abuse Act (CFAA) of 1986 (18 U.S.C. §1030) and the Stored Communications Act (SCA), also of 1986 (18 U.S.C. §§2701-2712). Additionally, the Terms of Service (TOS) agreements of individual companies restrict executors and fiduciaries from being able to perform their duties.
The first problem executors face is one raised by the CFAA, which fines or even imprisons anyone who “intentionally accesses a computer without authorization or exceeds authorized access . . .”2 The CFAA contains no specific provisions or exemptions for executors attempting to access a decedent’s digital assets. As a consequence, it is foreseeable that using a decedent’s computer could result in a well-meaning executor being fined or possibly even imprisoned. This obviously provides a huge stumbling block to anyone wishing to perform his or her fiduciary duties.
Richard Downing, Deputy Section Chief of the Department of Justice, stated in 2011 before the House Judiciary Subcommittee on Crime, Terrorism and Homeland Security that the definition of “exceeds authorized access” in the context of the CFAA “permits the government to charge a person with violating the CFAA when that person has exceeded his access by violating the access rules put in place by the computer owner and then commits fraud or obtains information.”3 This position was taken to deter insider threats such as fraud or identity theft, however, it has had an unintended yet seriously detrimental effect on estate planning.
The Stored Communications Act (SCA)
The SCA “added new statutory provisions, 18 U.S.C. §§2701-2710, to protect the privacy of stored electronic communications, either before such a communication is transmitted to the recipient, or, if a copy of the message is kept, after it is delivered.”4 Section 2701(a) of the SCA “makes it an offense to either (a) intentionally access, without authorization, a facility through which an electronic communication service is provided; or (b) intentionally exceed the authorization of such facility; and as a result of this conduct, obtain, alter, or prevent authorized access to a wire or electronic communication while it is in electronic storage in such a system.”5 How, then, can an executor obtain access to digital assets without running afoul of the SCA?
Subpoena the Records or Ask For Them Nicely?
Subpoenaing records which are protected by the SCA will not necessarily be successful. In the case In re Request for Order Requiring Facebook, Inc. to Produce Documents and Things, Facebook successfully quashed a subpoena which sought access to a deceased user’s Facebook account. The deceased died “after falling from the twelfth floor of an apartment building located in Manchester, England.”6 Her executor, who believed that her death was not a suicide, wanted access to her Facebook account to try to obtain information regarding the deceased’s “ . . . actual state of mind in the days leading up to her death.”7 A hearing was held in the United States District Court of the Northern District of California, San Jose Division. The venue in this case is relevant because the TOS agreement of Facebook requires that disputes be resolved in Santa Clara County, CA (which is within the boundaries of the aforementioned court). Notably, the TOS agreements for Apple, Google, LinkedIn, Twitter, Yahoo, and YouTube all require that disputes over their TOS agreements be resolved in a court under the jurisdiction of the United States District Court of the Northern District of California;8 therefore, this case could have quite an impact on what happens to our digital assets after we die or become disabled.
The applicants in this case were trying to compel Facebook through the use of a subpoena, to produce the records of the deceased’s account, but the court denied them the power to do so, as “[t]o rule otherwise would run afoul of the ‘specific [privacy] interests that the [SCA] seeks to protect.’”9 As the Court pointed out, a civil action seeking to force the provider to disclose the records will not be successful under the SCA. The Court looked for an exception under the SCA which would allow Facebook to voluntarily disclose the records. The Court stated, “[u]nder the plain language of Section 2702, while consent may permit production by a provider, it may not require such a production.”10 The Court seized upon the relevant “lawful consent” exception contained in the SCA, at 18 U.S.C. §2702(b) when the Court stated, that “a provider . . . may divulge the contents of a communication— . . . with the lawful consent of the originator or an addressee or intended recipient of such communication . . .”11 The Court clearly left the door open for Facebook to voluntarily disclose the requested records when it stated “[t]he court lacks jurisdiction to address whether the Applicants may offer consent on Sahar’s [the decedent’s] behalf so that Facebook may disclose the records voluntarily.”12
Terms of Service Agreements
As previously discussed, companies such as Facebook, Apple, Yahoo, and Google hold dominion over much of our digital assets. Such companies are known as “custodians,” and their TOS agreements and various policies regarding what happens to a deceased person’s account must be understood if a prudent executor is to fulfill his or her fiduciary duties.
Consider Apple, whose iCloud TOS agreement states that “any rights to your Apple ID or content within your account terminate upon your death.”13 Indeed, upon receipt of a death certificate, all content within your account may be permanently deleted. Yahoo’s TOS agreement contains the same provision, with almost identical phrasing, and of course changes “Apple” to “Yahoo”.14 Since Yahoo is an e-mail provider, loss of an account upon death would make things like paying or canceling bills, many of which are arranged through e-mail, much more difficult. E-mail accounts may also give clues to other digital assets a decedent may possess, such as an online blog with ad revenue or a Bitcoin or PayPal account.
Google was the first large company to truly create an official policy for dealing with the data of its deceased users. It allows for the appointment of an account manager, who, upon death of the account owner, may fill out a form to request data or shut the account down,15 but again, it does not allow full, unrestricted access to any and all information which a fiduciary might need.
Returning to the provisions set out by the SCA, however, offers a passable solution. Recall from the previously discussed case of In re Facebook that Section 2702(b) states, in part, “A person or entity may divulge the contents of a communication . . . with the lawful consent of the originator or an addressee or intended recipient of such communication . . . ”16 Therefore, your estate planning documents should be updated to give your lawful consent to authorize your fiduciaries to access your digital assets. Recall that the use of a decedent’s passwords and encryption data by an executor without the decedent’s express written permission may very well be interpreted as “unauthorized access” under federal laws.
State Laws Are Attempting to Fill in the Gaps
The law generally lags behind technological advances; however, it is finally making some progress regarding digital assets. Delaware was the first state to enact a law called the Fiduciary Access to Digital Assets and Digital Accounts Act,17 which attempts to clarify the ambiguity that the CFAA and the SCA present with regards to estate planning. By filling in the gaps in these statutes, this new law aims to allow fiduciaries to access a decedent’s accounts as allowed by the SCA.18 Ten other states are expected to pass a similar version of that act this year.19 Missouri has not yet passed a digital assets law, but does have a draft of one in a Missouri Bar subcommittee. These laws allow an executor to step into a decedent’s shoes only to the extent necessary to do the executor’s job, such as look for contracts, pay bills, and obtain access to information. Companies like Apple, Yahoo, and Facebook, are opposed to this new legislation due to the considerable compliance burdens which it will cause,20 but the hope is that as more and more states ratify it, those companies’ various TOS agreements will be amended to reflect the changing laws. We encourage you to discuss your digital assets in greater detail by contacting us at your convenience.
The scope of what constitutes a “digital asset” is constantly expanding. Examples include Facebook, iTunes, or email accounts, photo storage sites, online banking accounts, and brokerage records.
So What Can You Do?
Digital assets are assets which need to be protected in the event of disability or death. In order to allow your agent to access your digital assets, your power of attorney should include language granting your agent your lawful consent under the SCA to access your digital assets on your behalf.
Your trust and will should also be amended to grant your fiduciary your lawful consent and authority to access your digital assets. Missouri law is clear regarding the duty of a trustee to “take reasonable steps to take control of and protect trust property” (RSMo §456.8-809). Granting your fiduciary your lawful consent will assist him or her in the administration of
Your trust may even include a “trust protector,” who could be a tech-savvy individual that will assist the trustee in matters relating to digital assets. Finally, you might consider making an inventory of the entirety of your digital assets, along with their various locations and the passwords to access them. Store this in a safe-deposit box and reference it in your will.
“Laws and institutions must go hand in hand with the progress of the human mind. As that becomes more developed, more enlightened, as new discoveries are made, new truths disclosed, and manners and opinions change with the change of circumstances, institutions must advance also, and keep pace with the times.”
1. McAfee Reveals Average Global Internet User Has More Than $37,000 In Unprotected Digital Assets (2011).
2. Computer Fraud and Abuse Act, 18 U.S.C. §1030(a)(2)(2008).
3. Statement of Deputy Section Chief Richard Downing Before the House Judiciary Subcommittee on Crime, Terrorism, and Homeland Security. Washington, D.C., November 15, 2011.
4. USAM 9-60.200. CRM 1061. Unlawful Access to Stored Communications—18 U.S.C. §2701.
5. Id. Referencing 18 U.S.C. §2701(a).
6. In re Request for Order Requiring Facebook, Inc. to Produce Documents and Things, No. C 12-80171 LHK (PSG), 2012 WL 7071331 (N.D. Cal. Sept. 20, 2012).