Digital death is still a problem. A widow’s battle to access her husband’s Apple account

Kerry B. Collison Asia News: What happens to your

Experts are urging us all to think about what will happen to our ‘digital footprint’ after we die

Many of us turn to the virtual world to mark major life events – graduating from school, scoring a promotion, getting married or having a baby.

But what happens to your “digital legacy” after you die?

Grieving family members and friends would no doubt be aghast to come across a nasty comment about a departed loved one on their Facebook page or see a troll attacking their Twitter account.

So as morbid as it may sound, lawyers and web experts are urging people to include specific instructions in their will about what happens to the digital footprint they leave.

“In an age where digital data has increasing economic and sentimental value, it is sensible to leave clear instructions in your will about what should happen to, for example, social media content after death,” said Robert Rhoda, a dispute resolution lawyer with law firm Smyth & Co in association with RPC.

Our digital afterlife is not something most people think of and tech companies are still grappling with policies to adequately deal with the issue.

It’s a relatively new area of the law, Rhoda said, adding that people should consider leaving a “digital legacy” to avoid difficulties for those left behind to deal with the issue.

“Administering digital assets and social media content is a novel legal issue,” he said.

“Leaving a ‘digital legacy’ enables your personal representatives to liaise with service providers in line with your wishes. This is preferable to leaving passwords with relatives, which can cause them, often unwittingly, to breach laws related to the misuse of computers and data privacy.”

In Britain, the Law Society of England and Wales has started advising people to leave instructions on what should happen to their social media and other online accounts when they die in order to make it easier for family members to piece together their digital estate.

But Rhoda warned that the virtual world was not afforded the legal status of tangible assets.

“Social media accounts don’t have the same legal status as fixed assets, which form part of an estate, and it is not always clear who ‘owns’ them or, rather, who has the right to access them, once the user has died,” Rhoda said.

In recent years, several cases have emerged to test the law.

In 2005, the mother of a US soldier who died in Iraq went through a long legal battle with Yahoo to gain access to his email account.

In 2011, the family of a 15-year-old boy who committed suicide spent years in and out of court to gain access to his Facebook account, arguing that they wanted to see if there were any hints on his page that would explain his decision to take his own life.

In Australia, a recent study by a government body that specialises in wills and guardianship found that while nine out of 10 people have social media accounts, just one in five have spoken to their loved ones about what should happen to their online profiles when they die.

Lokman Tsui, assistant professor of communications at Chinese University, says there needs to be more awareness of the issue.

“This is something that is really critical but that not a lot of people have given much thought to,” said Tsui, whose research areas include new media and how policies should deal with emerging technologies.

“Some of our most private thoughts and conversations are in our emails and social networks but very few people have thought about what happens to that stuff when they die. This is a new area and there are no ‘norms’ that have crystallised about it.”

The topic raises a raft of issues involving data privacy, ownership and the security of a dead person’s account.

Tsui, who used to work at Google as head of free expression for the Asia-Pacific region, said the search engine introduced an “inactive account manager” last year. The feature allows the account holder to give other people access to their Google profile after they die.

Facebook, which has 1.3 billion users, offers two options: the account can be deleted permanently upon the family’s request or it can be converted into a memorial profile.

When an account is memorialised, sensitive information such as contact details and status updates are removed. No one can log into the account but friends and family can leave posts on the wall in remembrance.

Jed Brubaker, an academic at the University of California, Irvine who is researching death, identity and social networks, said this Facebook option was a double-edged sword.

“Memorialised profiles can be powerful places where the deceased’s social network can gather and memorialise the life of their friend,” he said.

“But in my research, unexpected encounters with deceased profiles has been the most troubling aspect of post-mortem profiles continuing to exist on Facebook.

“People can stumble across posts made to post-mortem profiles in their ‘newsfeed’, mixed in with other casual social media content. These encounters can be alarming, especially when a person is not expecting to see this kind of content.”

In its policy, Facebook says it tries to prevent memorialised accounts from appearing in ways “that may be upsetting to the person’s friends and family”.

A spokesman for Facebook, which declined to reveal how many profiles have been memorialised, said they “give people a platform to remember and celebrate the life of their loved ones after their passing”.

Instagram, which is owned by Facebook, has a similar policy to its mother company.

LinkedIn has an online form that allows a profile of a dead person to be removed and Twitter’s policy says an account can be deactivated by an immediate family member or someone who has been authorised to act on behalf of the estate.

Yahoo, which is popular in Hong Kong, will deactivate an account once staff can verify documents such as a death certificate. Access to the account for third parties is not allowed.

A spokesman for the Office of the Privacy Commissioner for Personal Data said that under the city’s laws, personal data was defined only as information which related to a living person.

“When the records relate to a deceased person and no living individual, they do not contain personal data” and were not subject to data protection laws, he said.

Two years ago, Hong Kong lawyer Ryanne Lai Hiu-yeung co-founded an internet start-up called Perpetu to tackle the issue.

Services offered include sending farewell messages on Twitter when you die, the deletion of your emails or their transfer to an authorised person, and deletion of your Facebook account.

The business is still operating but Lai says she is no longer actively promoting it. About 2,000 people signed up and about half were from Hong Kong.

“Most of them are in the ‘internet generation’ so I won’t say they are too young to think about death,” Lai said. “To me, this is more about life than death – it’s about how much you treasure your online presence and content that you create on a day-to-day basis.”

Richard Norridge, of law firm Herbert Smith Freehills, says the intrinsic value of our digital assets is still unexplored territory and someone’s digital legacy can come in many forms.

“It may be music or films held online, virtual currency or perhaps online accounts,” he said.”For many, it still does not form part of their thinking when they prepare their will, perhaps because those engaged in estate planning concentrate on the assets of greatest value.”

Norridge said Facebook’s memorialisation option was a fraught one. “The account is preserved in that it can still be viewed, but no one can log into that account and accounts cannot be modified. Thus if unwelcome comments are posted, they are memorialised, too,” Norridge said.

What Happens to Your Digital Estate After You Die?

What Happens to Your Digital Estate After You Die?

Ever wonder what happens to your social media accounts, email, online texts and other digital content when you die? Do they simply expire, leaving nothing behind but digital dust? Or can you authorize someone to take them over after you pass on? And if so, what powers would such a person possess?

In response to such quandaries, tech giants Facebook and Google have created systems to deal with death—such as suspending inactive accounts, and creating online memorials. But these steps only address part of the problem.

This novel issue was recently confronted by the Delaware Legislature, which became the first state to pass a uniform statutory scheme granting fiduciary trustees full access to a decedent’s online accounts and digital content, just as they would with more tangible assets. If this trend continues, more people may be able to confidently plan for the disbursement of their digital estate.

Avoiding Digital Death

Left unchecked, social media and online accounts may expire with the decedent. This phenomenon is commonly referred to as “digital death.”

Digital death can be emotionally devastating: The permanent loss of a loved one’s intimate thoughts and feelings can exacerbate the grieving process. Social media sites like Facebook and MySpace also routinely restrict account sharing in their terms of use.

But digital death can also have financial repercussions, as digital assets can have real value. A 2011 survey by McAfee found American consumers valued their digital assets at an average of $55,000. Such assets include digital photos, digital music, client lists, domain names, social media accounts, online manuscripts, blogs, email accounts, computer code, online gaming avatars and more.

Delaware Grants Fiduciaries Full Access to Digital Assets

In an effort to provide a workable framework by which to administer one’s digital estate, Delaware recently passed the Fiduciary Access to Digital Assets and Digital Accounts Act, 12 Del. C. Section 5001, et seq., in August.

What makes the act so unique is that it is the first adoption of the Uniform Fiduciary Access to Digital Assets Act (UFADAA), drafted by the Uniform Law Commission (ULC), a nonprofit group that lobbies to enact model legislation.

According to the ULC, the UFADAA solves the digital estate problem by using the concept of “media neutrality.” This means if a fiduciary would have access to a tangible asset, that fiduciary will also have access to a similar type of digital asset. The UFADAA also defers to an account holder’s privacy choices as expressed in a document (like a will or trust), or online by an affirmative act separate from a general terms-of-service agreement. Thus, an account holder’s desire to keep certain assets private will be honored by the UFADAA.

One reason the UFADAA is so important is because current federal legislation regarding access to digital assets is hidden in the Stored Communications Act (SCA) and the Computer Fraud and Abuse Act (CFAA)—both passed in 1986, with only minor revisions since then. Notably, the SCA broadly prohibits an “electronic communications service” (like an email service or social network) from disclosing the “contents of a communication” to parties other than the sender or recipient. The CFAA imposes criminal penalties (or civil liability) for “unauthorized access” to computer hardware, devices, and stored data.

To address this concern, the act states a “fiduciary with authority over digital assets or digital accounts of an account holder … shall have the same access as the account holder, and is deemed to (1) have the lawful consent of the account holder and (2) be an authorized user under all applicable state and federal law and regulations and any end user license agreement.”

Despite its well-intentioned goals, detractors like Jim Halpert, an attorney with DLA Piper and director of the State Privacy and Security Coalition, still oppose the act. “This law takes no account of minimizing intrusions into the privacy of third parties who communicated with the deceased,” Halpert told Ars Technica. This includes highly confidential communications to decedents from third parties—like doctors, psychiatrists and clergy—who would not expect an executor to review the communications. Halpert also claims it will cause confusion with federal law.

The act is set to take effect Jan. 1, 2015.

Other States’ Approaches to Divesting Digital Assets

Delaware was not the first state to address digital assets. In 2005, Connecticut passed a narrow law giving access to email accounts for deceased residents. Since then, Rhode Island, Idaho, Indiana, Oklahoma, Nevada and Virginia have all passed legislation providing varying degrees of access to digital accounts.

Bills are also pending in a dozen other states, yet all but one has failed to pass. In Pennsylvania, HB 2580—a fourth-generation bill to allow access unless it was restricted by will or court order—has been pending since August 2012.

Implications: Planning for Your Digital Estate

Digital assets have largely replaced tangible ones in our modern world. Yet the laws governing access to these assets remain outdated and inconsistent.

Although a form of personal property and part of a decedent’s estate, commentators have observed that rights regarding digital assets are intertwined in a complex web of federal, privacy, copyright, intellectual property and state law. The result is fiduciaries are often left with little authority or guidance in collecting, distributing and settling a digital estate. And the problem may be more widespread than previously understood. According to a March 2012 article in Technorati, 30 million Facebook accounts belong to dead people.

Current federal law and the law of most states fail even to recognize a fiduciary as possessing authority over digital assets. And until more jurisdictions adopt the UFADAA, this lack of uniformity will only continue.

When a person dies (or is incapacitated) his or her fiduciaries and family members face particular challenges when administering his or her digital estate. After first identifying which digital property is significant, or has value, other obstacles include having to deal with: (1) passwords; (2) encryption; (3) criminal laws penalizing “unauthorized access” to computers; and (4) data privacy laws. Overcoming such obstacles can be tricky—but helpful guidance does exist.

Commentators suggest account holders take four steps to plan for death/incapacity. First, they should inventory their digital footprint by identifying accounts and determining if they have financial or sentimental value. This process should include listing usernames, account numbers and passwords (the average person has 25 passwords). This sensitive list should also be kept separate from their will; a probated will becomes a public record.

Second, account holders should routinely back up electronically stored information—especially if the data is stored remotely—so as to save fiduciaries from having to obtain access from remote service providers that are subject to various federal and state criminal and data privacy laws, like the SCA or CFAA. Fiduciaries would thus only have to deal with the aforementioned service providers in order to close or memorialize accounts.

Third, the account holder should make a plan for managing/distributing the inventoried digital property. This includes designating a fiduciary with power and authority over digital property, providing instructions for distribution, and securely deleting digital assets the decedent does not want passed on to his or her heirs. Understanding a site’s default terms with respect to whether certain accounts will be automatically frozen or deleted is also critical.

And fourth, the account holder should expressly authorize service providers to disclose private information to their fiduciaries so as to evidence their “lawful consent” thereto, and “authorized access” to the data. This can be accomplished by including a clause in a will identifying the above federal laws.

Given the explosion of online content and a comprehensive statutory scheme on the books, digital estate planning may soon become the new normal. Until then, a little knowledge may help stave off the looming specter of digital death.

Digital Legacy Association urges hospices to support patients in managing their digital estate

United Kingdom: Leaving A Digital Legacy In Your Will

On 16 April 2014, the Law Society published a press release encouraging testators to leave a list of their online accounts, such as email, banking, investments and social networking sites like Twitter, as part of their arrangements on death. Leaving specific wishes as to what should happen to such digital assets is something that we at Wedlake Bell have promoted for some time, and forms part of the standard information we discuss with clients when they make their Will.

Whilst we encourage clients to list their digital assets, regrettably the law as to how such items pass on death is far from clear. It largely depends on the type of account and service provider as to whether loved ones can access your account after you die. However, Google is one of the service providers that has addressed the issue. It was announced on 11 April 2013 that Google users can specify which of their “trusted contacts” can access their accounts after they die, or alternatively to direct that their accounts be deleted. The wishes will be implemented after a fixed period of inactivity (a minimum period of three months). The wishes are set up through the “settings” option for the relevant account and effectively allow users to create an online Will. The tool applies to Google-run accounts such as Gmail, YouTube and web album Picasa.

Unfortunately, accessing online accounts after death remains a problem with many other service providers, as highlighted in the case of Benjamin Stassen in the United States of America.

The Case of Benjamin Stassen

Benjamin Stassen committed suicide in late 2010 without leaving a note.  As personal representatives of his estate, his parents sought access to his online records for an explanation as to why he committed suicide.  They contacted Google and Facebook asking the companies to release their son’s passwords so that they could access his Gmail and Facebook accounts.  Google complied but for months Facebook refused on the grounds of privacy. It was only after the Stassens threatened further legal action that Facebook allowed them access, and even then it was on the basis that the Stassens did not share the content with third parties. Facebook made clear that they were making a unique exception and their policy remains that a user’s account cannot be accessed by their heirs after death.

Most online service providers bind users by their terms of business.  Personal representatives can close a Facebook account or turn it into a ”memorial page” but under their terms of business, cannot access it.

Benjamin Stassen’s parents obtained a Court Order forcing Google and Facebook to give them access to their son’s records.  Google complied with the Court Order.  However, whilst the Order released Facebook from their duty of client confidentiality, the company is standing by its policy of not allowing personal representatives access to accounts, and so far as we are aware, has continued to deny the Stassens access to their son’s account.

Personal Data

You can see why Facebook did not want to grant Benjamin’s parents access to his personal data.  The law in relation to privacy is a tricky one.  The law in the US is, of course, different to the law in England and Wales.  In England there is no specific law about privacy.  Article 8 of the Human Rights Act 1998 is often cited by celebrities in relation to a breach of privacy, but this only applies to state bodies and not individuals and there is no specific case law about the release of personal data to executors or personal representatives.

Online Assets

The emergence of cloud computing has led to assets being stored on remote servers which may be located in jurisdictions outside the UK. For example, Apple’s i-Cloud which stores music, films, TV and any other downloads made by a user together with e-mails and personal data.  Apple’s policy is to delete all e-mail and data from i-Cloud following the death of a user.  However all content downloaded on its i-Tunes service is subject to a licence which can be revoked on a user’s death. It is not clear how Apple will treat downloaded content following a user’s death but it seems that they would have the right to revoke the user’s licence and delete potentially valuable content.

As digital assets are not tangible property it seems unlikely that a person could bequeath their online music collection to beneficiaries in their Will in the same way as they would could leave, for example, their C.D. collection. This is because the C.D. collection is a physical object which can be left in a Will whereas digital assets are not defined by law in the same way.

Clearly the law in this area has not yet caught up with technology.  However, enterprising companies have exploited the gap in the market for bequeathing digital assets.  For example, Legacy Locker allows people to store online passwords so that executors and personal representatives can access online accounts following their death.

Creating an inheritance for your digital assets and data

The best way to deal with online assets and personal data is to leave specific instructions as part of your Will detailing the online accounts you own and granting your executors access after your death. As a Will becomes a public document after death, it is not wise to include this information in the Will itself; however, a Letter of Wishes, which is a personal document to executors, could be written listing online accounts and how the executors can access those assets, together with specific wishes in relation to each account (e.g. whether it should it be closed, or access given to a named beneficiary). In addition, those who have Google-run accounts should also update their settings for the relevant account to mirror the same wishes in case there are any problems with beneficiaries accessing the accounts with the details given in the Letter of Wishes.

If a user has especially important online assets or data, such as valuable emails or photos, it would also be wise to create a hardcopy of these or save them to a disk or memory stick. Hardcopies can pass under a Will as physical property and will pass to whoever inherits the user’s personal effects (or the user can name a specific person to inherit them).

However notwithstanding these steps, executors are at the mercy of service providers and problems may be encountered if service providers do not recognise the consents given in a Letter of Wishes. There may also be jurisdictional issues at stake. However, for the present (or at least until other service providers follow Google’s example or a test case is taken), setting out express instructions in a Letter if Wishes gives the user the best chance of enabling his loved ones to inherit his personal digital effects.

Bang! You're dead. Who gets your email, iTunes and Facebook?

Bang! You’re dead. Who gets your email, iTunes and Facebook?

Two things in life are certain: death and taxes. Amazon and other international corporations have found ways* around the latter, but no one can avoid the former.

In the age of Facebook and Google accounts, and with the existence of services such as iTunes where people invest considerable sums in entirely virtual goods, the question needs to be asked: What happens to your online profile and assets in the event of your passing?

Nobody likes to contemplate their death, but in the analogue world we make arrangements – in terms of a will. So why not include online?

Social networks are a huge repository of assets – documents and pictures. iTunes zealots might have invested in libraries stretching to tens of thousands of titles – is that part of the deceased person’s estate?

Not as far as some tech firms are concerned.

There are two parts to dealing effectively with your earthly IT estate: the physical devices and the content of online services. Given the declining cost of hardware, I’d argue the greater value lies in the digital stuff online. Your digital legacy has residual value and it needs to be treated as a valuable asset.

Obtaining access to online accounts of deceased family members has often been a fraught experience. Just over a decade ago, the argument regarding ownership of digital content came to a head when the family of the soldier Justin Ellsworth sued Yahoo! to get access to his email account after his death. Yahoo! only handed over the data when ordered by a court, despite being shown proof of Justin’s passing.

In response Yahoo! changed its policy with regard to what happens after death and effectively, when a user passes, so does the account. It’s in the terms of service. Bummer. With regards to other service providers, the way in which they deal with a user’s death varies dramatically. Some providers won’t even entertain the notion of doing anything, the Yahoo! approach.

Other providers will, with proof of passing, present a number of options. Some services even provide a dead man’s switch that will enable your loved ones to gain some degree of account or information recovery after the event.

Google inactive account manager provides a dead-hand mechanism, configurable ahead of time, to allow the contents of an account to either be completely removed or released to up to 10 nominated contacts – assuming they have the required identification for security purposes. To make it crystal clear, your account will not be available for login. Access to the service will not be granted. This process only delivers the content rather than reclaiming the account.

It would also be good manners to let your next of kin/nominated representative know these options are set on your account. To get that email without realising you were the nominated person could be very distressing. The information required to recover an account usually consists of: birth certificate, death certificate, proof of assignment over the account in question.