Identity Theft Safeguard

Ch IV.2. Ownership of Digital Assets

Second, while it is crucial to identify the digital asset’s location and accessibility, digital asset ownership rights, copyrights, and accessibility, digital asset ownership rights, copyrights, and contractual rights are often less clear than traditional tangible property because the digital assets are often stored, created, and managed by a third party. Ownership rights of digital assets stored with third parties are not always as hereditary in character because “the terms of the contract between online service providers and account holders . . . govern the ownership and inheritability of ‘digital assets.’”24 To determine the ownership rights of a digital asset, one must examine the user’s property rights relative to those of the third-party online service provider who is storing managing, and protecting the digital asset. In the majority of instances, the third party provider will own the property rights to the account.

For example, in the case of Facebook, an account is the property of the company, and not the individual end user.26 However, at the same time, personal information stored on the account, such as pictures, social media postings, status updates, and other similarly situated data, can be protected by copyright law and constitute a decedent’s intellectual property. Problems arise when a beneficiary wishes to obtain access to a digital asset, but the asset is located in an account where the beneficiary does not have immediate access. If the third-party provider closes the decedent’s account and deletes any data stored on the account, irreplaceable digital property—which may contain pecuniary and sentimental value—could be lost forever. Furthermore, it is unclear whether the third party has any duties to preserve these digital assets for the benefit of the beneficiaries. Depending on the type of digital asset and service provider storing the digital assets, ownership rights and the legal ability to access digital assets may vary significantly.

For instance, a comparison between three similar email service providers shows that service provider contracts may differ significantly in respect to how they treat a decedent’s digital content. Yahoo!, pursuant to the “No Right of Survivorship and Non-Transferability” clause of its terms and conditions, will permanently delete contents of the user’s account upon the user’s death. Google’s policy differs slightly, stating that in some “rare cases” it may provide a deceased user’s content to an authorized representative. Hotmail/Outlook states that it will provide a copy of email messages, contact lists, attachments, and other content after proper authentication of ownership. Social media site terms and conditions may also vary. Ultimately, digital assets held or stored by online service providers will be subject to the terms of the service contract, binding the account holder and the service provider. Disputes pertaining to the digital asset ownership in reference to online accounts are settled by courts construing the terms and conditions of the contract of the third-party online provider through the application of state law.

Digital death is still a problem. A widow’s battle to access her husband’s Apple account

Ch II : Planning For The Digital Afterlife

Transferring property, wealth, assets, and family heirlooms from one generation to another has always been a primary focus of proper estate planning. The electronic and technological innovations of the twentieth century, society’s reliance on the Internet and electronic commerce (“e-commerce”), and the growth of cloud computing have given rise to a new digital world of assets which may be accessible across the world through a variety of mediums. Due to their importance in our everyday life, financial and sentimental value, and continuing growth, digital assets should be considered as a part of any estate plan. Digital assets and online accounts have the potential to continue indefinitely. As with any asset that can exceed the lifespan of the original owner, estate planning for digital assets is a vital part of the preservation of one’s legacy and property disposition. Many individuals unknowingly leave a significant amount of digital assets unaccounted for after death. For example, by the end of 2012, over 30 million Facebook users have died, leaving no directions as to the handling of their accounts. Failure to consider digital assets as part of the estate planning can result in loss of items that contain sentimental and financial value for the deceased relatives. According to a 2011 McAfee study, the average Internet user places a value of $37,438 on their digital assets,3 while a U.S.-based Internet user values their digital assets near $55,000.  The growth and development of the digital world has also changed the manner in which businesses operate, store information, market products, and reach consumers. The U.S. e-commerce industry is valued at nearly $225 billion.  Today, businesses often rely on a wide range of digital assets to ensure a strong web presence through online storefronts, e-commerce services, and cloud-based products, as many consumers expect businesses to have both brick-and-mortar locations while offering online access. These digitized assets are crucial to the company’s success and functionality and, at the same time, represent the growing digitalization of business assets. The average business insists that up to 20% of its digitally stored information is critical to operations. This percentage is likely to increase over time as companies continue to rely upon electronically stored information. Accordingly, proper estate planning and business succession plans are needed to protect and manage digitized business assets. Digital assets, without a doubt, add a new wrinkle to the already complex legal practice of estate planning. Digital estate planning can be especially problematic because digital assets are often difficult to locate without proper guidance from the decedent. Without a well-designed digital estate plan, locating and disseminating digital assets is akin to searching for buried treasure with neither a treasure map nor a shovel. Further, accessibility and transferability issues can arise as these digital assets are often spread across various social networks, email accounts, online service providers, and digital devices. Providing access and location information regarding digital assets via wills creates security concerns as their location and passwords may become public.

The expansive nature of digital assets and the aforementioned issues surrounding this novel area of law triggers the need for more precise and well-developed asset management systems. This Essay defines the scope of digital assets, discusses unique challenges digital assets provide for traditional estate planning, and concludes with a viable strategy for the creation of a well-developed and manageable digital estate plan

Google Searching for Answers to Digital Legacy Problems

The digital legacy that a deceased person leaves behind has been a much-talked-about subject in the estates world in recent years.  See, for example, blogs on the subject by Moira VisoiuSaman Jaffery or Nadia Harasymowycz.  There’s a March Hull on Estates podcast about this, and another from July 2011.

While there have been some legislative and judicial developments in some jurisdictions (see Nebraska’s Bill 783 for an example), it has largely been left to private industry to resolve the problems created when a person passes away leaving a large digital footprint behind.

Fortunately, Google has stepped up to the plate and introduced a new policy to resolve this issue with respect to its services.  Google’s new Inactive Account Manager feature takes leaps forward towards resolving digital legacy issues.

Called a “digital will” by some media sources including the Toronto Star, the Inactive Account Manager allows users to manage what happens to their Google-related digital assets on death, or on prolonged account inactivity.  Users may set a period of time of inactivity (three, six, nine, or twelve months), after which Google will delete their data.  Before anything is deleted, Google will notify you by email or by text message to your cell phone.  If users would prefer that their data be preserved, there is an option to have some or all of it sent to trusted contacts.  The services to which the service applies include +1s, Blogger, Contacts and Circles, Drive, Gmail, Google+ Profiles, Pages and Streams, Picasa Web Albums, Google Voice, and Youtube.

This service is a clever and easy to use way to manage digital assets.  It does raise a number of questions, however.  How does this policy interact with legislation and case law about digital assets in jurisdictions that have these policies?  Will Facebook, or other online services follow suit and prepare similar policies?  Does an estate trustee under a will in Ontario have the authority (or the responsibility) to collect your digital assets from the person named on your Inactive Account Manager?

Perhaps the answers to these questions will become clear with time.  In the interim, it appears that we are left with a patchwork of policies created by different online service providers with different intentions and different philosophies.  Consider, for example, _LIVESON, a service that analyzes a user’s Twitter habits and generates automated tweets for him or her after death.  Control is placed in the hands of an “executor” who manages your _LIVESON “will”.  Although somewhat eerie, this is an interesting way to ensure that a person’s online presence not only persists after death, but continues to develop and grow.

If you are a Google user, it may be worth checking out the Inactive Account Manager and configuring your settings.  The photos, blogs, friends and videos left behind on a user’s death may mean a lot to grieving loved ones.

When updating an estate plan, digital assets are an important aspect to consider.  Lawyers should be cognizant of the issues surrounding digital legacies, and should discuss them with their clients.  People planning their wills should think about the intangibles they leave behind as well.  And if you aren’t sure where to find this information, try Google.

Clear rules needed for managing digital afterlife

Disclaimer

In this site, you will not find an exhaustive legal review of your data. Why ?

Laws can change depending on your location, the time of application, and from the changing policies of online service providers. The US are currently changing rights : it means that things can be different, even between two neighbouring states. The strategy proposed here is not to have legal issues for your executor to get back to your data. These processes can be time consuming and not worth the hassle in conditions where there are lots to do elsewhere. That’s why we do recommend you to prepare for an easy transmission of your belongings.

TL;DR#: let’s do the things quick and simply. A quick act can avoid long procedures afterwards.

Is Your Digital Life Ready for Your Death?

Legal Framework and Limitations

                  Federal Criminal Legislation. The Federal Government enacted the Computer Fraud and Abuse Act (CFAA”) in part to criminalize internet theft, data theft, computer hacking, and other forms of internet crime. As written, CFAA criminalizes the unauthorized access to any computer, online service or online account. Unfortunately, to determine who may and may not access a specific account, even with the explicit permission of the account holder, you must read the service or account provider’s Terms of Service contract. As an example, Facebook’s Terms of Service Agreement prohibits anyone from logging into a user’s Facebook account, other than the user themself, even with the permission of the user. Therefore, a family member, friend, or even a fiduciary that logs into a Facebook account, using the password provided to them by the user themself, has violated the Terms of Service contract and is now committing a federal crime under the CFAA. Fortunately, the Department of justice has made it clear that they are not looking to enforce the CFAA when dealing with simple violations of online Terms of Service contracts, unless there are other more criminal factors involved. However, as advisors to our clients, and to fiduciaries such as Power of Attorneys, Executors, and Trustees, can we ethically advise clients to access digital assets and accounts where we know that they will be committing a crime under the CFAA? Further, if our fiduciaries do decide to access such accounts and commit a crime, how will we respond to a challenge from an unhappy beneficiary who is aware of the access and its violation of the CFAA?

B.                  Federal Privacy Legislation. In addition to the criminalization of unauthorized access of digital assets and online accounts, the Federal Government has also passed the Stored Communications Act (“SCA”) which creates a right to privacy for data and information stored online. Similar in nature to the federal health information privacy act (often referred to as HIPAA), the SCA creates specific guidelines as to whether, and when, providers of electronic communication services and holders of online data can release the information. As you will see below, these protections can create significant hurdles for family members and fiduciaries who attempt to access information stored online with these service providers and content holders.

1)                  Law Enforcement Agencies may compel the release of the information otherwise protected by the SCA through the use of subpoenas and other legal procedures.

2)                  Service providers are prohibited from disclosing information, or granting access to accounts, to non-Law Enforcement individuals (family and fiduciaries), unless one of the statutory exemptions are met. While there are exemptions for specific situations such and employment related emails being released to an employer or being disclosed during a lawsuit against a business, the main exemption that we should be aware of and plan with is the “Lawful Consent” exemption found in Code Section 2701(b)(3) of the SCA. This exemption allows a service provider to voluntarily turn over (or grant access to) stored information if the recipient has the lawful consent of the creator of such digital asset to access such information. However, this exception only provides that the service provider MAY turn over the information, but does not require them to. In fact, there are several national cases where service providers have chosen not to disclose the information. In these situations where the recipient actually had lawful consent, the courts indicated that the SCA exemption does not mandate the disclosure of the stored information, and that the courts could not compel the distribution of the information under the SCA even through legal proceedings.

 

C.                        State Criminal Legislation. Every state in the United States has its own version of computer and online fraud statutes that it uses to be able to bring state law charges for online theft, fraud, hacking, and other internet and computer crimes. In Florida, we have Florida Statute §§ 815.01-815.07 (“Florida Computer Crimes Act” or “Florida CCA”), enacted in 1979, which provides our state legislation. Typical violations under the Florida CCA are

  • unauthorized access of another user’s account
  • unauthorized modification, deletion, copying of files, or programs
  • unauthorized modification or damage of computer equipment.

However, Florida-based businesses usually prefer to pursue cases under the federal CFAA for relief because the Florida CCA allows plaintiffs to bring the civil action against a hacker only after a criminal conviction is successful.

  1. State Fiduciary Powers. Given the lawful consent exemption to the SCA that was discussed above, several states have amended their state statutes to provide that fiduciaries in their state shall be deemed to have lawful consent to access online information under the SCA. This is intended to open the door to allow service providers to voluntarily disclose stored content without the fear of having to determine on a case by case basis whether the fiduciary of an account holder has been given lawful consent. Unfortunately, to date, only five states have enacted such laws (Connecticut, Idaho, Oklahoma, Rhode Island and Indiana), and another 18 states have a relevant bill introduced (California, Colorado, Maine, Maryland, Massachusetts, Michigan, Missouri, Nebraska, Nevada, New Hampshire, New Jersey, New York, North Carolina, North Dakota, Ohio, Oregon, Pennsylvania, Virginia), with the majority of the pending legislation introduced in the last 2 years. Unfortunately, even the enacted statutes provide little guidance in the form of definitions and procedure, and therefore while certainly a step in the right direction, these enacted and pending statutes have a long way to go to fully fix the access problems.
  2. Website and Service Provider Contracts. Online service providers mandate that all users agree to the provisions of a Terms of Service Contract (“TOSC’s”) which governs the actions of both the service provider and the user. Unfortunately, the TOSC’s are a take it or leave it situation, and can not be negotiated by the user. Can you imagine if each user could independently negotiate the terms of his or her contract with iTunes or their email service provider? Therefore we are relegated to accepting the often one-sided terms mandated by the service provider. These TOSC’s often restrict who may access a registered account or service to the individual that created the account, thereby eliminating any flexibility for fiduciaries or other authorized people from accessing the account. Likewise, such TOS’s will usually create restrictions on the ability of someone other than the user to reset or obtain password. In general, it’s the restrictions found in these TOCS’s that set up our fiduciaries for failure under the CFA and SCA.