Digital remains should be treated with the same care and respect as physical remains

Ajemian v. Yahoo! Case Update

Ajemian v. Yahoo! Case Update

On March 26, 2018, the United States Supreme Court denied Yahoo!’s Petition for a Writ of Certiorari in the Ajemian v. Yahoo! case. You can read Yahoo!’s Petition and the briefs that were filed on the United States Supreme Court docket Web page. Note that Verizon acquired Yahoo! in 2017, and Yahoo! is now part of Oath Holdings, Inc., which is a Verizon subsidiary that also includes AOL.

So, the October 17, 2017, opinion of the Supreme Judicial Court of Massachusetts in the Ajemian v. Yahoo! case is now final with respect to its holding that “[W]e conclude that the personal representatives may provide lawful consent on the decedent’s behalf to the release of the contents of the Yahoo e-mail account.” As I’ve stated before, this is a very significant development for fiduciaries and family members struggling to obtain access to a deceased individual’s online user accounts! You can read more about the court’s opinion and the applicable provisions of the Stored Communications Act in my previous posting.

Unfortunately, it’s not the end of the case for the Ajemian family. One aspect of the case, the enforceability of Yahoo!’s Terms of Service Agreement, has been remanded to the Massachusetts Probate and Family Court for further proceedings. Chief Justice Gants wrote a separate opinion, concurring in part and dissenting in part, specifically addressing the remand regarding the Terms of Service Agreement. He wrote:

If the motion judge on remand were to rule that this provision contractually allows Yahoo to destroy e-mail messages in its possession that are owned by a user (or a personal representative of the estate of the user) after the user has filed a court action to obtain access to these messages, we would surely reverse that ruling. So why remand the case to permit that possibility?

Not only is the remand unnecessary, but it also is unfair to the plaintiffs. The additional cost of further litigation is a financial pinprick to a Web services provider such as Yahoo, but it is a heavy financial burden on the assets of an estate, even a substantial estate. The plaintiffs should not have to spend a penny more to obtain estate property in the possession of Yahoo that they need to administer the estate.

What does this all mean to fiduciaries and family members dealing with the contents of a decedent’s online accounts? If the contents of a decedent’s online account are protected by § 2703 of the Stored Communications Act, the Ajemian case tells us that the court-appointed personal representative of the decedent’s estate may provide lawful consent (within the meaning of § 2703(b)(3) of the Stored Communications Act) on the decedent’s behalf. If one of the exceptions under § 2703(b) of the Stored Communications Act applies (such as the “lawful consent” exception), then the service provider may voluntarily disclose the online account contents that are protected under the Act. The lawful consent of the deceased user, whether provided by the personal representative after death or by the user before death, does not require the service provider to divulge the contents of the decedent’s communications. That’s where state laws, such as the Revised Uniform Fiduciary Access to Digital Assets Act, come into play. RUFADAA provides a clear state law procedure for fiduciaries to follow to request access to or disclosure of online account contents and other digital assets. Under Section 16(a) of RUFADAA, if a custodian fails to comply with a request from a personal representative of a deceased user’s estate to disclose the contents of electronic communications, the personal representative may apply to the state court for an order directing the custodian to comply with the request.

As of April 2, 2018, RUFADAA has been enacted in thirty-eight states, two other states (California and Delaware) have enacted earlier or modified versions of this uniform law, and seven state legislatures plus the District of Columbia have current, active RUFADAA bills. Three states (Kentucky, Louisiana, and Massachusetts) do not have current, active RUFADAA bills. Check the Uniform Law Commission Web site for the status of RUFADAA bills and enactments.

Digital Asset Planning: Who Will Care for Your Pokémon When You’re Gone?

Study Shows Users Don’t Read Terms of Service Agreements

Not surprisingly, a recent study shows that users don’t read Terms of Service Agreements and Privacy Policies. In a July 7, 2016, working paper, Jonathan Obar and Anne Oeldorf-Hirsch reported that, in their experiment, 98% of users missed the “gotcha clauses” they planted in the Terms of Service Agreement and Privacy Policy for a fictitious social networking site they created. One of the “gotcha clauses” was that, by agreeing to the Terms of Service Agreement, the user would immediately assign their first-born child to the company!

In their experiment, the fictitious company had a 4,316-word Terms of Service Agreement for the user to read when signing up for the company’s social networking site. By comparison, Google’s Terms of Service Agreement (revised April 14, 2014) runs 1,881 words, Facebook’s Terms of Service Agreement (revised January 30, 2015) runs 3,159 words, and Yahoo!’s Terms of Service Agreement (revised March 16, 2012) runs 5,585 words. The working paper notes that an average adult should be able to read the 4,316-word Terms of Service Agreement used in the experiment in 15-17 minutes. However, in the experiment, 86% of users spent less than one minute reading the Terms of Service Agreement, and 97% of users spent less than five minutes reading the Terms of Service Agreement. Only 9 of the 527 participants in the experiment (1.7%) reported noticing the “gotcha clause” requiring the user to assign their first-born child to the company.

From an estate planning perspective, some Terms of Service Agreement provisions are important to consider, especially when planning for a user’s incapacity or death. Here are several provisions to consider in reviewing Terms of Service Agreements:

  1. May the user share the user’s password or let others access the user’s account? For estate planning, this is important to determine whether a fiduciary or family member can access the user’s account during the user’s incapacity or after the user’s death. If someone other than the user accesses the user’s account and “exceeds authorized access”—which could include violating the access rules of a company’s Terms of Service Agreement—that person could be charged with a crime under applicable state law, under the federal Computer Fraud and Abuse Act (18 U.S.C. § 1030(a)(2)), or under the federal Stored Communications Act (18 U.S.C. § 2701(a)) For example, Section 4.8 of Facebook’s Terms of Service Agreement (revised January 30, 2015) says “You will not share your password…let anyone else access your account, or do anything else that might jeopardize the security of your account.”
  2. May the user transfer the user’s account? For estate planning, this is important to determine whether the user’s account may be transferred to another individual, to the trustee of a revocable living trust, to the trustee of an irrevocable trust, to a Limited Liability Company (LLC), to a partnership, or to a corporation either during the user’s lifetime or after the user’s death. If the user breaches the account transfer restrictions in the company’s Terms of Service Agreement, it could be grounds for the company to terminate the user’s account.
  3. Does the user’s account terminate on the user’s death? For estate planning, this is important to know what planning needs to be done during the user’s lifetime to preserve and protect the user’s account contents and what planning options are available after the user’s death. For example, Section 28 of Yahoo!’s Terms of Service Agreement (revised March 16, 2012) says “You agree that your Yahoo account is non-transferable and any rights to your Yahoo ID or contents within your account terminate upon your death.”
  4. What rights to the user’s data are being assigned to the company? For estate planning, this is important to know what intellectual property rights are involved. For example, is the user granting the company a license to use original works of authorship of the user that may be protected by copyright law? If so, does that license continue after the user’s death or after the user’s account is deleted?
Make sure your online accounts get deleted when you die

Make sure your online accounts get deleted when you die

Sarah Jacobsson Purewal/CNET

Not everyone wants to leave this earth with their online accounts being managed by relatives and next-of-kin, or just floating around on the Internet forever. If you’re the kind of person who likes your privacy — even in death — you should probably make some plans to have all of your online and social media accounts nuked when you pass away.

Some services, such as Google and Facebook, let you set up your eventual account deletion before you get anywhere close to death. Other services will keep your account forever unless an immediate family member or the executor of your estate requests it be removed. Here’s how to make sure all your loose ends are tied up, and that nobody ever gets hold of your top-secret/possibly incriminating emails and Twitter direct messages.


Google’s Inactive Account Manager lets you choose what happens to your account when it becomes inactive for a certain period of time. You can set up the Inactive Account Manager to delete your Google account and all products associated with that account, including Gmail, Blogger, AdSense, and YouTube.

To set this up, log in to your Google account and go to this page. You will need to provide Google with a phone number for alerts — Google will send a message to this number before your account times out, so you know your account is about to become inactive. You will then need to select a timeout period (3 months, 6 months, 9 months, one year, 15 months, or 18 months).

Sarah Jacobsson Purewal/CNET

Then, under Optionally delete account, turn on Delete my account. Click Enable to turn the Inactive Account Manager on, and you’re set. If you fail to log in to your account for the timeout period you selected, Google will delete your Google account and all data associated with it.


Facebook is one of few online services that lets you set a legacy contact — someone who can manage parts of your account and memorialize your page — for when you die. Facebook also lets you delete your account when you die (though it doesn’t use inactivity to determine that you’ve passed away).

To make sure your Facebook account is deleted when you die, open Facebook and go to Settings > Security > Legacy Contact. Check the box next to Account Deletion.

Sarah Jacobsson Purewal/CNET

You will see a pop-up box asking if you really want to delete your account in the future. Click Delete After Death and then re-enter your Facebook password to save your changes. Your account will now be deleted when Facebook is notified of your death — this means that if anybody tries to memorialize your page, it will be deleted instead of memorialized.

Use a digital legacy service

Google and Facebook give you the power to delete your account when you die, but many sites and services — such as LinkedIn, Twitter, Microsoft, and Yahoo — do not. These sites will delete the account of a deceased person at the request of an immediate family member or the executor of an estate (by the way, you can and should delineate how you want your digital life to be handled in your last will and testament). If you want to take full control, you can use a digital legacy services like Perpetu.


Perpetu is an online service that covers Gmail, Facebook, Twitter, Dropbox, Flickr, LinkedIn and GitHub. You connect your accounts to Perpetu, and then you outline your final wishes for each service — for example, you can request that Perpetu delete certain emails from your Gmail account, delete tweets and direct messages from Twitter, or delete files from your Dropbox account.

The service can’t really delete actual accounts, but it can delete data and leave final updates for your friends and family to see. Perpetu’s service kicks in when the company receives a report of your death from a trusted contact with your reporting code, so it’s still a good idea to put this in your will.

Yahoo blasts new digital death laws, but its privacy argument is self-serving

Yahoo blasts new digital death laws, but its privacy argument is self-serving

States are passing laws to make it easier to obtain digital data from Facebook, Yahoo and other password-protected accounts when someone dies. Tech companies, however, have been slow to support such laws and are now actively pushing back against them.

This week, Yahoo claimed that a model law fails to protect sensitive data like photos and messages, and that allowing heirs to access accounts fails to respect the wishes of dead users.

In a blog post, senior lawyer Bill Ashworth wrote:

In order to protect our users’ privacy, we honor the initial agreement that a user made with us […] We believe that account holders and individuals—not legislators—should determine what happens to a person’s digital archives at the time of their death. When it comes to a person’s digital archive, our team will continue to argue in favor of a user’s right to privacy.

The object of Yahoo’s criticism is a draft digital death law from the Uniform Law Commission. States can use the draft as a template to add rules to their inheritance laws in order to make it easier for executors to access the online accounts where important contracts or other information may be located. Delaware has already passed such a law, and a dozen states are expected to follow suit in the coming year.

So what is Yahoo upset about? Is it fair for the company to claim, as it does in the blog post, that “the ULC model sets the privacy default at zero?” Hardly.

As I reported earlier, the law wasn’t slapped together by a group of numbskull bureaucrats. It’s the careful work of a national group of lawyers and addresses the real problem that, these days, a range of assets and artifacts — from photos to bank information to bitcoins — lie on the other side of a password-protected gate controlled by tech companies. And the law, as written, doesn’t allow just anyone to demand that Facebook or Yahoo (or whoever) hand over a deceased user’s account. Instead, it involves a verification process that is intended to allow authorized agents to gain access for a limited period of time.

The real reason that Yahoo is upset about the law is probably not privacy. Instead, the company may dislike the fact that the law forces tech companies to act as intermediaries between dead users and their family members. Such responsibility is not just awkward, but will also entail the companies to expend resources dealing with the requests — instead of just relying on user agreements to say “no,” which is what they do now.

In the blog post, Yahoo says it prefers that its users determine what happens to their archives after they die. And indeed, Google has already created an “inactive account manager” tool to help them do just that.

But while such self-serve tools are a good idea, few people are now using them. More importantly, tech companies like Yahoo have little reason to claim that state laws should treat digital goods any differently than the physical photo albums and bankers boxes that people have always left behind.

Creating a Digital Legacy

Creating a Digital Legacy

I grew up with the Internet. I was there for the quintessential dial-up tone, the chat rooms, the MySpace profile chock-full of animated gif images and the best playlist the Internet could offer. I’ve not only left footprints, I’ve stampeded through the endless buffet of Yahoo Answers, gaming websites, and social media platforms that the web could offer.

My Digital Footprint
A cursory Google search for “Anthony White” doesn’t bring up much of anything. Actually, it brings up a lot of other Anthony White individuals, not many of which are me. Add “teacher” to the query, and you will see again, many other Anthony Whites. There is a nice article from a previous school I worked at, but that requires you to click on the second page, a feat many are not keen to do.

Does this mean I don’t exist on the web? Of course not. My information is most likely plastered all over the web, from COETAIL to Google+, Facebook to Worth1000 (an awesome website btw). Fortunate for me, in the early stages of online identity development, I was very strategic as to what information I chose to publicly share: none. While this served as a benefit to my desire to maintain a certain level of social anonymity, I realized I was doing myself a professional disservice.

Building My Identity
Portfolios, resumes, curriculum vitae, projects, media; all the elements that one could use when applying for employment. In this day and age, it’s become even more evident the importance of a digital portfolio when both searching for employment, or even applying to college. To be honest, it wasn’t until I started my Master’s degree in 2011 that I realized just how essential it was for me to begin building my professional online identity. I began to share resources, create YouTube tutorials, and contribute to online communities. Many of these communities and resources I shared were somewhat sheltered, or at least were accessible only to those who were registered for the community. For example, I had spent many tireless nights creating unique video tutorials so students can learn programs like Photoshop or Illustrator. Not a single one was saved to my portfolio. The videos were housed on the local server, never to be accessed again after moving on to my other job here in Alaska. I guess hindsight really is 20/20.

Growing Up Digital
There’s not doubt the generation of students we are currently teaching have access to technology, whether at home or in the classroom. With this technology comes a great responsibility, to both use the resources apropraitely and to create quality educational content. It is through both of these methods we can help students to manage their digital footprint, and set them up for future success.

Netiquette and Digital Literacu

Netiquette deals largely with how students engage with others on the internet. This includes the do’s and don’ts of online communication. Teaching students beneficial ways to communicate online, as well as showing examples of how not to communicate online can help them to feel safe and effective Internet users. Integrating lessons that show the Rules of Behavior on the Internet can greatly benefit a student’s future.

Building a students Digital Literacy helps them to navigate the many technology tools available for learning and personal development. Wikipedia’s definition of a digitally literate student is one who “gains the knowledge of the basic principles of computing devices, skills in using computer networks, engage in online communities and social networks while adhering to behavioral protocols, be able to find, capture and evaluate information, an understanding of the societal issues raised by digital technologies (such as big data), and possess critical thinking skills.”