Rest in Peace: Planning for Your Demise, Digitally

Rest in Peace: Planning for Your Demise, Digitally

Wharton emeritus finance professor Jack Guttentag is not a particularly morbid person, but he has given considerable thought to what he wants to happen to his personal and professional digital effects after his demise. Guttentag, 90, runs The Mortgage Professor, an online business that provides advice on home loan-related issues.

“I don’t have any intention of dying soon — I have a five-year business plan — but I need to approach this chore as if I have very little time left,” he says. “It isn’t easy.”

Upon his death, Guttentag has written instructions to his wife to put his website up for sale in consultation with his two partners and attorney. Over the years, he has had offers for it, but Guttentag says he never had the inclination to give it up or work for someone else. (He expects the value, which includes several trademarks and URLs connected to the business, to grow over time.)

On his desk, Guttentag has a manila folder containing a sheaf of papers that list user IDs, PIN numbers and passwords for various online services. He has also digitized almost all the photos he has taken over the years; they are in a file on his computer and also on Dropbox, the cloud storage provider. He has not, however, digitized family pictures inherited from other family members. “My son did some of them in developing a slideshow for my 90th birthday party, but most of them are still in boxes in my office, stoking my guilt,” Guttentag notes.

At a time when most people are spending more and more hours online – and, in the process, creating a legacy of data that will outlive them — the inevitability of death poses new challenges. Not only are there consumers who, like Guttentag, wish to tidy up their virtual effects before they die; there are also estate lawyers in the early process of establishing what constitutes digital ownership, technology firms clamoring to offer new services that deal with the remnants of digital life, and social media companies coming up with platforms that memorialize the dead.

“The norms are evolving,” says Andrea Matwyshyn, a professor of legal studies and business ethics at Wharton. “There will be a feedback loop over the next few years: Customer savvy and sophistication will increase, companies will begin to streamline their approaches and the legal industry will formalize estate planning.”

Death in the Digital Age

According to a report from digital research firm eMarketer, American adults spent more than five hours each day on the Internet last year, up from four hours and 31 minutes in 2012, and three hours and 50 minutes in 2011. Social media sites occupy a large portion of that online time: Data from research firm Ipsos Open Thinking Exchange shows that Americans between the ages of 18 and 64 who use social networks say they spend an average of 3.2 hours per day doing so. Nearly three-quarters of online American adults use social networking sites, and some 42% of online adults now use multiple social networking sites, says Pew Research Center.

“Customer savvy and sophistication will increase, companies will begin to streamline their approaches and the legal industry will formalize estate planning.”

“We have become progressively more reliant on digital communication and social media,” notes Matwyshyn. “To many people, their digital persona is equally — and in some cases, more — important [than their physical] identity.”

And yet very few people have made arrangements for what will happen to their digital persona and online possessions when they die. In 2012, the federal government added a “social media will” to its list of personal finance recommendations. The government suggests appointing an online executor to be responsible for the closure of email addresses, blogs and other online accounts. This person would also carry out the deceased’s wishes with regard to social media profiles, whether his or her desire is to completely cancel all profiles or keep them up as a memorial for friends and family to visit.

Most technology and social media companies have policies around what happens to users’ online content when they die. After all, our digital effects — the pictures we post, the emails we draft and the status updates we send — don’t solely belong to us in the first place. They belong, at least in part, to companies like Twitter and Yahoo that store the information on their servers.

“Companies are in a delicate position,” says Matwyshyn. “On one hand, there are resource constraints because they are dealing with a large number of unique requests, which is expensive and time-consuming. On the other hand, treating families of a deceased user with the sensitivity that the loss of a loved one requires is the ethical and correct thing to do. There is also a business opportunity here to build goodwill with the community of the deceased.”

Last year, for instance, Google launched an inactive account manager feature that lets users decide the fate of their accounts when they die. Twitter, meanwhile, will deactivate an account upon the request of an estate executor or an immediate family member once a copy of a death certificate is provided. Facebook either removes the account upon request by an executor or allows profiles to be turned into memorials so that friends may still post comments, photos and links to the deceased’s profile.

Flickr, which is owned by Yahoo, operates under its parent company’s terms of service agreement, which stipulates that the user ID and contents within an account terminate upon a person’s death. YouTube, which is owned by Google, operates under Google’s policy. Instagram, meanwhile, says on its site: “In the event of death of an Instagram User, please contact us.”

Users might, for example, post a remembrance on their deceased uncle’s page on his birthday. Or “visit” a friend on the anniversary of his or her death. “In the past, we gathered around the gravesite, but today we have new ways to communicate on social media,” says David Bell, professor of marketing at Wharton.

“[Mourning practices] vary person to person and culture to culture,” Bell notes. “But we will see new customs develop in terms of decorum and decency as well as an emergence of different platforms and tools for people to pay their respects. Families will be able to keep these things going in perpetuity.”

But online memorials are delicate entities. Who has custody of the profile? Who gets access? Who has the right to decide what’s appropriate to include, and what is involved in those decisions? Jed Brubaker, a PhD candidate in informatics at the University of California, Irvine who studies digital identity, social media and human centered computing, is immersed in questions of digital heirlooms. “In talking about things like Tumblr, Twitter, Facebook, Instagram and other quasi-public social media that are accessible to lots of people, there’s an unresolved question of ownership,” he notes. “Is our virtual ‘stuff’ always [considered] ‘property’?”

“Communication that historically has been ephemeral is now persistent. It sticks around — there’s a record, a data trail.”

If it’s not property, though, then what exactly is it? “It’s communication,” he says. “We’re talking about content on a Facebook wall or a Twitter feed. Communication that historically has been ephemeral is now persistent. It sticks around — there’s a record, a data trail.”

Monetizing Digital Heirlooms

The vast majority of our digital assets — such as digital photos or Facebook timelines — have little value beyond the sentimental. But even these require careful estate planning, according to Gerry W. Beyer, a professor at Texas Tech University School of Law. In the old days, he says, people passed down scrapbooks, memoirs, picture albums and musty files of old newspaper clippings. “But now, many of us don’t have physical property like that to transfer. So all that stuff will disappear.”

Of course, there are lots of ways to transform those digital assets into physical objects. You could download your e-mail messages and back up your computer files on a disk, for instance, or you could put them on a CD or flash drive. You could even print them to remove them from the digital realm. But how many people actually do this? Case in point: Whenever Beyer presents at a conference, he asks the audience: “How many of you have photographs that are valuable to you that you haven’t printed?” Nearly everyone in the room raises his or her hand, he says. “If you don’t plan for these, your loved ones may lose access…. If you care what happens to your digital belongings after you die — your photographs, your home movies, your e-mails — you have to plan.”

And certain digital assets have monetary value both today and in the future, such as domain names or a blog that generates income. Avatars or virtual property in online games such as World of Warcraft or Second Life also have quantifiable value, Beyer notes.

Digital assets — personal iTunes music libraries and Kindle books, for example — are in a different class, however. If you have, say, a large digital book collection, the transfer of usage rights is limited and closely monitored. “You don’t technically own those,” says Beyer. “You have a license to use them. That license dies with you. But if those are owned in a trust, your beneficiaries may be able to continue to use them.”

Frequent flyer miles or hotel points, while also part of your digital profile, present some tricky questions, too. These assets are governed by a contract with the company, according to Wharton’s Matwyshyn. Most contracts specify that the miles and points are personal and cannot be shared unless given explicit permission from the company. “It is possible that airlines and hotels would be willing to entertain a request to transfer, but they have a unilateral right to say: ‘I’m sorry for your loss but these points are no longer valid,’” she notes.

“If you care what happens to your digital belongings after you die — your photographs, your home movies, your e-mails — you have to plan.”

A growing number of companies are finding ways to monetize post-mortem digital effects. After all, just because most of our digital content is sentimental, it does not mean it is of no economic value. “Quite the opposite, actually,” says Pinar Yildirim, a professor of marketing at Wharton. “Say you upload photos today, and 100 years later, long after you are gone, your great-great grandson wants to have them. It represents an opportunity for any company that may want to justify its investment in storing that digital content.”

Some companies, including E-Z Safe, Estate++ and SecureSafe, act as repositories for your digital accounts. They serve as virtual safe deposit boxes, holding onto your usernames and passwords. When you die, that information gets forwarded to the person or people you specify.

“After a loved one dies, oftentimes a family member or friend needs to get access to their digital material — their social media, their e-mails or they just want to pay some bills from an online account,” says Texas Tech’s Beyer, who is a national expert in estate and trust issues. “But without planning, companies may take weeks, months or even years before they grant access.”

Other companies assist in efforts to locate digital assets of the deceased. Webcease, for instance, helps people find keepsake photographs on sites like Snapfish or Shutterfly; accumulated earned miles or points on travel, hotel or airline loyalty programs; personal interactions on social and professional sites like Facebook and LinkedIn, and personal accounts on sites like Amazon, PayPal, Netflix or eBay. “They are essentially search firms that will search all over the Internet to find what’s out there,” Beyer notes.

Other businesses in this market specialize in helping family members gain access to the computers and accounts of people who have died, according to John Sileo, a Denver-based expert on identity theft and privacy. “Say your spouse or parent passed away and you need to get into his or her account, but the company won’t let you because you weren’t listed on the account, or you didn’t have power of attorney. One of your options is to enlist the help of a so-called ’ethical hacker,’” who could infiltrate accounts you have a legitimate right to, says Sileo. “There are people who are making a lot of money doing this behind the scenes.”

But these are precisely the scenarios that Guttentag, the nonagenarian Mortgage Professor, hopes to avoid. This is why he is doing his best to organize his digital effects now. “I don’t want to leave a mess for my wife and children to clean up when I die,” he says. “If that were to happen tomorrow, that pledge would not be fully realized because of the still unfinished business I haven’t yet gotten around to. But 2014 is the year.”

What Makes up Your Digital Estate?

Digital death laws

As per today, laws are not uniform around the globe, even in a single country like the US. Connecticut, Idaho, Oklahoma, Rhode Island, and Indiana are the only states so far to have laws concerning post mortem digital asset management. And even within this group, assets are not classified evenly : for example, 2005 Connecticut only considered an email address in its text.

However, the common point is that the aim of passing laws is to grant access to the digital executor of the dead person.

Is Your Digital Life Ready for Your Death?

Legal Framework and Limitations

                  Federal Criminal Legislation. The Federal Government enacted the Computer Fraud and Abuse Act (CFAA”) in part to criminalize internet theft, data theft, computer hacking, and other forms of internet crime. As written, CFAA criminalizes the unauthorized access to any computer, online service or online account. Unfortunately, to determine who may and may not access a specific account, even with the explicit permission of the account holder, you must read the service or account provider’s Terms of Service contract. As an example, Facebook’s Terms of Service Agreement prohibits anyone from logging into a user’s Facebook account, other than the user themself, even with the permission of the user. Therefore, a family member, friend, or even a fiduciary that logs into a Facebook account, using the password provided to them by the user themself, has violated the Terms of Service contract and is now committing a federal crime under the CFAA. Fortunately, the Department of justice has made it clear that they are not looking to enforce the CFAA when dealing with simple violations of online Terms of Service contracts, unless there are other more criminal factors involved. However, as advisors to our clients, and to fiduciaries such as Power of Attorneys, Executors, and Trustees, can we ethically advise clients to access digital assets and accounts where we know that they will be committing a crime under the CFAA? Further, if our fiduciaries do decide to access such accounts and commit a crime, how will we respond to a challenge from an unhappy beneficiary who is aware of the access and its violation of the CFAA?

B.                  Federal Privacy Legislation. In addition to the criminalization of unauthorized access of digital assets and online accounts, the Federal Government has also passed the Stored Communications Act (“SCA”) which creates a right to privacy for data and information stored online. Similar in nature to the federal health information privacy act (often referred to as HIPAA), the SCA creates specific guidelines as to whether, and when, providers of electronic communication services and holders of online data can release the information. As you will see below, these protections can create significant hurdles for family members and fiduciaries who attempt to access information stored online with these service providers and content holders.

1)                  Law Enforcement Agencies may compel the release of the information otherwise protected by the SCA through the use of subpoenas and other legal procedures.

2)                  Service providers are prohibited from disclosing information, or granting access to accounts, to non-Law Enforcement individuals (family and fiduciaries), unless one of the statutory exemptions are met. While there are exemptions for specific situations such and employment related emails being released to an employer or being disclosed during a lawsuit against a business, the main exemption that we should be aware of and plan with is the “Lawful Consent” exemption found in Code Section 2701(b)(3) of the SCA. This exemption allows a service provider to voluntarily turn over (or grant access to) stored information if the recipient has the lawful consent of the creator of such digital asset to access such information. However, this exception only provides that the service provider MAY turn over the information, but does not require them to. In fact, there are several national cases where service providers have chosen not to disclose the information. In these situations where the recipient actually had lawful consent, the courts indicated that the SCA exemption does not mandate the disclosure of the stored information, and that the courts could not compel the distribution of the information under the SCA even through legal proceedings.

 

C.                        State Criminal Legislation. Every state in the United States has its own version of computer and online fraud statutes that it uses to be able to bring state law charges for online theft, fraud, hacking, and other internet and computer crimes. In Florida, we have Florida Statute §§ 815.01-815.07 (“Florida Computer Crimes Act” or “Florida CCA”), enacted in 1979, which provides our state legislation. Typical violations under the Florida CCA are

  • unauthorized access of another user’s account
  • unauthorized modification, deletion, copying of files, or programs
  • unauthorized modification or damage of computer equipment.

However, Florida-based businesses usually prefer to pursue cases under the federal CFAA for relief because the Florida CCA allows plaintiffs to bring the civil action against a hacker only after a criminal conviction is successful.

  1. State Fiduciary Powers. Given the lawful consent exemption to the SCA that was discussed above, several states have amended their state statutes to provide that fiduciaries in their state shall be deemed to have lawful consent to access online information under the SCA. This is intended to open the door to allow service providers to voluntarily disclose stored content without the fear of having to determine on a case by case basis whether the fiduciary of an account holder has been given lawful consent. Unfortunately, to date, only five states have enacted such laws (Connecticut, Idaho, Oklahoma, Rhode Island and Indiana), and another 18 states have a relevant bill introduced (California, Colorado, Maine, Maryland, Massachusetts, Michigan, Missouri, Nebraska, Nevada, New Hampshire, New Jersey, New York, North Carolina, North Dakota, Ohio, Oregon, Pennsylvania, Virginia), with the majority of the pending legislation introduced in the last 2 years. Unfortunately, even the enacted statutes provide little guidance in the form of definitions and procedure, and therefore while certainly a step in the right direction, these enacted and pending statutes have a long way to go to fully fix the access problems.
  2. Website and Service Provider Contracts. Online service providers mandate that all users agree to the provisions of a Terms of Service Contract (“TOSC’s”) which governs the actions of both the service provider and the user. Unfortunately, the TOSC’s are a take it or leave it situation, and can not be negotiated by the user. Can you imagine if each user could independently negotiate the terms of his or her contract with iTunes or their email service provider? Therefore we are relegated to accepting the often one-sided terms mandated by the service provider. These TOSC’s often restrict who may access a registered account or service to the individual that created the account, thereby eliminating any flexibility for fiduciaries or other authorized people from accessing the account. Likewise, such TOS’s will usually create restrictions on the ability of someone other than the user to reset or obtain password. In general, it’s the restrictions found in these TOCS’s that set up our fiduciaries for failure under the CFA and SCA.