Clear rules needed for managing digital afterlife

A topo of digital assets versus tangible assets

A regular definition of a digital asset can be “Anything that is stored digitally, in the cloud or on local media, that might have financial, personal or emotional value”.

Your digital and online assets can be classified in two categories. On the one hand, accounts, which are keys that lead to the digital vaults like iTunes, twitter, facebook, … . On the other hand, you do have digital goods like emails, photos, tweets, music, ebooks, movies, and so on. Apart from these, you can also have digital currency, in the form of money sitting on paypal, bitcoins, online games accounts.

 People start recognizing the value of their digital assets. Take Facebook. It appears that around 10% of Britons leave their facebook password in their will# — and amongst the reasons are the fact that our photo albums do not sit at home.. but in the cloud.

 Lastly, it’s not because it’s a in game that a digital asset will have no value. They are auction websites specialized in trading items or local currencies for online games. A sword in a game (was Age of Wulin) can be sold 16k$ — and World of Warcraft fans can sell their characters from 500 to 800$ for characters on which some time was spent, to 5000$ for some well equipped warriors.

 You can consider as well your eBook library, songs and electronic movie catalog (all of them being legal and paid for, I’m sure), as well as, let’s say, your apps, for which you’ll be spending around 10$ a month# in average. Whatever the support digital assets rely on, they still represent prized possessions, with a clear financial value, but also a nice sentimental and personal value.

 A washington estate attorney took the example of one client having a complete activity and business online. A photograph today can have pictures that are published or licensed, thousands of pictures stored digitally, instructional videos and tutorials, etc.

Now imagine her heirs going into her house after her departure: there may be no trace of her business, save for the camera and set-ups. But the products would not be there, maybe no negatives, or prints, even less film rolls. Contracts, licenses, all accounts could be stored as well in the cloud. Without a proper planning, her whole life work could be done: no more publishing or licensing.

What Makes up Your Digital Estate?

Digital death laws

As per today, laws are not uniform around the globe, even in a single country like the US. Connecticut, Idaho, Oklahoma, Rhode Island, and Indiana are the only states so far to have laws concerning post mortem digital asset management. And even within this group, assets are not classified evenly : for example, 2005 Connecticut only considered an email address in its text.

However, the common point is that the aim of passing laws is to grant access to the digital executor of the dead person.

Clear rules needed for managing digital afterlife

Rights and licenses for digital assets

You will have to be extremely cautious when discussing about your rights on the digital goods that you are using. Sometimes you own your assets, but in some other cases, you do not really own them. For example, you may not own an ebook the same way you own a hardcover, paper-based, physical book — or music they same way you have CDs at home. If we take the example of the Mac App Store, we might see in the Terms of purchase (which of course you had carefully and thoughtfully read) that you buy a license to use, not a good that you own — and the public realized this after an outburst of actor Bruce Willis.

Some other services, like trusts, can be used to transfer the license to a .. trust. That’s what, for example, a Digital Asset Protection Trust# “can manage these assets and allow those who you pre select to access them without violations of the license terms and without potential liability to others”.

We’re of course not advising you to try to break the law, but you can make it easier for your beneficiaries to access the files that you once “had”. With a proper planning, you can make sure they will have all the cards in hands to receive what you wanted them to have. But having access is different from having the rights to listen to your former favorite songs!.

Is Your Digital Life Ready for Your Death?

Legal Framework and Limitations

                  Federal Criminal Legislation. The Federal Government enacted the Computer Fraud and Abuse Act (CFAA”) in part to criminalize internet theft, data theft, computer hacking, and other forms of internet crime. As written, CFAA criminalizes the unauthorized access to any computer, online service or online account. Unfortunately, to determine who may and may not access a specific account, even with the explicit permission of the account holder, you must read the service or account provider’s Terms of Service contract. As an example, Facebook’s Terms of Service Agreement prohibits anyone from logging into a user’s Facebook account, other than the user themself, even with the permission of the user. Therefore, a family member, friend, or even a fiduciary that logs into a Facebook account, using the password provided to them by the user themself, has violated the Terms of Service contract and is now committing a federal crime under the CFAA. Fortunately, the Department of justice has made it clear that they are not looking to enforce the CFAA when dealing with simple violations of online Terms of Service contracts, unless there are other more criminal factors involved. However, as advisors to our clients, and to fiduciaries such as Power of Attorneys, Executors, and Trustees, can we ethically advise clients to access digital assets and accounts where we know that they will be committing a crime under the CFAA? Further, if our fiduciaries do decide to access such accounts and commit a crime, how will we respond to a challenge from an unhappy beneficiary who is aware of the access and its violation of the CFAA?

B.                  Federal Privacy Legislation. In addition to the criminalization of unauthorized access of digital assets and online accounts, the Federal Government has also passed the Stored Communications Act (“SCA”) which creates a right to privacy for data and information stored online. Similar in nature to the federal health information privacy act (often referred to as HIPAA), the SCA creates specific guidelines as to whether, and when, providers of electronic communication services and holders of online data can release the information. As you will see below, these protections can create significant hurdles for family members and fiduciaries who attempt to access information stored online with these service providers and content holders.

1)                  Law Enforcement Agencies may compel the release of the information otherwise protected by the SCA through the use of subpoenas and other legal procedures.

2)                  Service providers are prohibited from disclosing information, or granting access to accounts, to non-Law Enforcement individuals (family and fiduciaries), unless one of the statutory exemptions are met. While there are exemptions for specific situations such and employment related emails being released to an employer or being disclosed during a lawsuit against a business, the main exemption that we should be aware of and plan with is the “Lawful Consent” exemption found in Code Section 2701(b)(3) of the SCA. This exemption allows a service provider to voluntarily turn over (or grant access to) stored information if the recipient has the lawful consent of the creator of such digital asset to access such information. However, this exception only provides that the service provider MAY turn over the information, but does not require them to. In fact, there are several national cases where service providers have chosen not to disclose the information. In these situations where the recipient actually had lawful consent, the courts indicated that the SCA exemption does not mandate the disclosure of the stored information, and that the courts could not compel the distribution of the information under the SCA even through legal proceedings.

 

C.                        State Criminal Legislation. Every state in the United States has its own version of computer and online fraud statutes that it uses to be able to bring state law charges for online theft, fraud, hacking, and other internet and computer crimes. In Florida, we have Florida Statute §§ 815.01-815.07 (“Florida Computer Crimes Act” or “Florida CCA”), enacted in 1979, which provides our state legislation. Typical violations under the Florida CCA are

  • unauthorized access of another user’s account
  • unauthorized modification, deletion, copying of files, or programs
  • unauthorized modification or damage of computer equipment.

However, Florida-based businesses usually prefer to pursue cases under the federal CFAA for relief because the Florida CCA allows plaintiffs to bring the civil action against a hacker only after a criminal conviction is successful.

  1. State Fiduciary Powers. Given the lawful consent exemption to the SCA that was discussed above, several states have amended their state statutes to provide that fiduciaries in their state shall be deemed to have lawful consent to access online information under the SCA. This is intended to open the door to allow service providers to voluntarily disclose stored content without the fear of having to determine on a case by case basis whether the fiduciary of an account holder has been given lawful consent. Unfortunately, to date, only five states have enacted such laws (Connecticut, Idaho, Oklahoma, Rhode Island and Indiana), and another 18 states have a relevant bill introduced (California, Colorado, Maine, Maryland, Massachusetts, Michigan, Missouri, Nebraska, Nevada, New Hampshire, New Jersey, New York, North Carolina, North Dakota, Ohio, Oregon, Pennsylvania, Virginia), with the majority of the pending legislation introduced in the last 2 years. Unfortunately, even the enacted statutes provide little guidance in the form of definitions and procedure, and therefore while certainly a step in the right direction, these enacted and pending statutes have a long way to go to fully fix the access problems.
  2. Website and Service Provider Contracts. Online service providers mandate that all users agree to the provisions of a Terms of Service Contract (“TOSC’s”) which governs the actions of both the service provider and the user. Unfortunately, the TOSC’s are a take it or leave it situation, and can not be negotiated by the user. Can you imagine if each user could independently negotiate the terms of his or her contract with iTunes or their email service provider? Therefore we are relegated to accepting the often one-sided terms mandated by the service provider. These TOSC’s often restrict who may access a registered account or service to the individual that created the account, thereby eliminating any flexibility for fiduciaries or other authorized people from accessing the account. Likewise, such TOS’s will usually create restrictions on the ability of someone other than the user to reset or obtain password. In general, it’s the restrictions found in these TOCS’s that set up our fiduciaries for failure under the CFA and SCA.