Summer Newsletter 2016
Estate Planning for Digital Assets in a Changing Technological World
by Jennifer L. Moccia
As technology continues to advance at a rapid pace, new issues and proposed laws regarding digital assets are emerging and gaining ground in the world of estate planning and administration. Exponential technological growth is anticipated in the years ahead, as Gordon Moore observed in 1965 that the overall processing speeds for computers (specifically, the number of transistors) had doubled every two years.1 Although Moore’s Law has evolved since then, the principal of exponential technological growth remains.2 There are many arising and complicated issues regarding accessibility to, and transferability of, digital assets upon the incapacity or death of the owner, which are essential to address as part of a comprehensive estate plan and during the administration of a trust or estate.
What is a Digital Asset? A digital asset is defined as “any item of text or media that has been formatted into a binary source that includes the right to use it.”3 The term “digital asset” is broad and encompassing, including both items of personal sentimental value and substantial monetary value; therefore, a personal representative has a duty to include and administer such assets as a part of the personal estate of the decedent.4 Some examples of digital media include financial accounts (e.g., online banking, eTrade), social media accounts (e.g., Facebook, Twitter, YouTube, LinkedIn, Snapchat), data stored in a “cloud” (e.g., Google Drive, Dropbox), online gaming and gambling accounts (e.g., World of Warcraft, PokerStars), online media (e.g., Amazon Kindle e-books, Google Photos, iTunes songs and movies), blogs, online loyalty and rewards program benefits, domain names, online businesses, and even digital wallets.
Federal and state laws govern the access and transfer of digital media, as well as terms of service agreements for various types of digital assets. While some of these rules remain vague and imprecise, others are clearly in direct conflict with one another, causing serious issues for fiduciaries who attempt to gain access to these assets while administering a trust or estate.
Federal Law. Two federal statutory regimes primarily govern the access to digital information by unauthorized individuals. The Computer Fraud and Abuse Act (“CFAA”),5 originally enacted by Congress in 1984, was first amended in 1986 to increase the scope of the statute to criminalize additional computer related acts, as well as to clarify certain provisions therein.6 As a testament to the constantly evolving nature of technology, the CFAA has been amended eight times since 1986.7 This Act makes it a criminal offense if an individual “intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains . . . information from any protected computer.”8 A “protected computer” includes a computer “which is used in or affecting interstate or foreign commerce or communication.”9 This broad definition seemingly includes almost all computers with internet access.
The Stored Communications Act (“SCA”)10 addresses voluntary and involuntary disclosures and prohibits public electronic communication services from knowlingly divulging “to any person or entity the contents of a communication while in electronic storage by that service.”11 The SCA further provides for criminal sanctions against individuals who “intentionally” access electronic communications without proper authorization.12
Unresolved federal law issues include: (1) whether an agent or fiduciary would be authorized to access digital assets of an incapacitated person or decedent under the statutes prohibiting such access; and (2) whether an agent or fiduciary would be successful in a request to obtain digital assets and records of an incapacitated person or decedent from the provider.13 Therefore, although certain digital assets theoretically may be accessible by an agent or fiduciary in possession of login and password information, the act of accessing such information could be a criminal offense.
State Law. Since the turn of the century, various states have been addressing legislation related to the rights of agents and fiduciaries to access digital assets on behalf of incapacitated individuals, estates, trusts, and guardianships.14 In response to the increasing problems created by agents and fiduciaries being prohibited from accessing digital assets and completing their statutory administration duties, the Uniform Law Commission spent over two years drafting the Uniform Fiduciary Access to Digital Assets Act (“UFADAA”).15 On July 29, 2014, the National Conference of Commissioners on Uniform State Laws approved UFADAA.16 UFADAA attempts to resolve the existing gap in the law by providing fiduciaries an avenue to administer digital assets and avoid criminal sanctions.17 Despite UFADAA addressing many important issues regarding the accessibility of digital assets by agents and fiduciaries, large technology companies promptly began opposing the Act, arguing that compliance would violate the federally protected rights of a user or account holder.18 “Although state law may provide that the fiduciary is an authorized user and, thus, may access or request records, whether state laws may trump federal law and user agreements is an unsettled issue.”19
In response to the concerns about UFADAA, the Privacy Expectation Afterlife and Choices Act (“PEAC”) was introduced in 2015, which: (1) incentivized online service providers to create options allowing their users to plan ahead and make certain choices about the ultimate disposition of their own digital assets; and (2) gave fiduciaries access to basic digital asset information necessary to carry out their administration duties, with a structured procedure for obtaining more detailed content and records in certain cases.20 Virginia adopted its own version of PEAC21 on July 1, 2015, granting personal representatives limited access to electronic records and access to stored content if expressly authorized under a Last Will and Testament. Virginia PEAC also protects joint users22 and prohibits a personal representative from sending emails or posting content from the deceased person’s account.23
As a part of Virginia PEAC, the Commonwealth also passed a narrow law allowing a fiduciary access to the digital assets of a deceased minor, enacted in response to a request by the parent of a minor who committed suicide.24 The father of the decedent fought for access to his son’s Facebook account in order to discover any information that could help provide answers to the shocking and heartbreaking death of his son.25 This new law granted the “personal representative of a deceased minor who was domiciled in the Commonwealth at the time of his death” power to “assume the deceased minor’s terms of service agreement for a digital account with a provider for purposes of consenting to and obtaining the disclosure of the contents of the deceased minor’s electronic communications and records pursuant to 18 U.S.C. § 2702 unless such access is contrary to the express provisions of a will, trust instrument, power of attorney, or court order.”26 The Virginia PEAC further provides that “[n]othing in this section shall be construed to require a provider to disclose any information in violation of any applicable state or federal law.”27 Accordingly, for parents in Virginia faced with serving as fiduciary to their minor child’s estate, a small bit of comfort may be found in having access to their child’s online records.
Terms of Service Agreements. Many password protected accounts require the user to check a box indicating that the user has read and agrees to a terms of service agreement. These agreements typically prohibit anyone else from accessing a user’s account, even if granted permission by the user.28 In some cases, it is also a breach of the terms of service agreement if the user provides another individual with the user’s online name and password to access the account.29 Some popular online accounts have interesting provisions and allowances for accessing accounts upon the incapacity or death of a user, such as:
- Google Inactive Account Manager. Google created the Inactive Account Manager as a “way for users to share parts of their account data or notify someone if they’ve been inactive for a certain period of time.30 Once the designated timeout period has been reached, the account holder has the option to: (1) set up a notification for trusted contact(s); (2) allow the trusted contact to receive certain data; or (3) instruct Google to delete the account.31 The implementation of an Inactive Account Manager should be encouraged so that important data can be recovered legally by such agent or, alternatively, to ensure that potentially harmful or embarrassing data could not be released to certain people.
- Facebook Memorialized Account. Facebook allows its users to advise whether an account should be memorialized or permanently deleted upon death.32 If a page is memorialized, photographs will remain visible and friends can share memories on the page.33 Facebook also has the option to designate a legacy contact, who can “look after” the account once it has been memorialized and update information or share a final post. The legacy contact can also download a copy of the deceased’s Facebook records, if this action has been authorized. However, even if a legacy contact has been designated, no one can log in to the account or make certain account changes.34 Due to the prevalence of Facebook, many recent cases have involved parental attempts to gain access to account photos, as some users store their media (and memories) only in their online posts.
- Yahoo!, Inc. Yahoo! does not authorize a right of survivorship or transferability of its accounts. Any rights to a Yahoo! ID and the contents of an account terminate upon death and, when the company receives a copy of the death certificate, all contents of an account are permanently deleted.35
- Twitter. In the event of the death of a Twitter user, Twitter provides that they will “work with a person authorized to act on the behalf of the estate or with a verified immediate family member of the deceased to have an account deactivated or remove certain imagery.”36 However, Twitter prohibits account access “to anyone regardless of his or her relationship to the deceased.”37
Best Practices. Given the increasing popularity, ownership, and use of digital assets, it is critical to address and plan for permissions and accessibility issues as soon as possible. Further, the valuation of digital assets should be included in an individual’s financial portfolio and reviewed regularly. Keep in mind the following best practices when planning for digital assets:
- Regular reviews and ongoing revisions to estate planning documents are necessary (even though possibly burdensome) as technology changes.
- Include language expressly authorizing an attorney-in-fact to access digital assets and password protected accounts in a financial power of attorney (even though such access may be prohibited under certain user agreements).
- When possible, assign and transfer digital assets to trust so that the named trustee has legal access to the trust-owned assets. Expressly authorize and permit the trustee to access any digital asset and online account.
- Determine whether one has ownership of a digital asset or a license to use the digital asset, which license may expire upon death. For example, many e-books and digital songs or movies only authorize the user to a lifetime license, as opposed to ownership over a tangible book, CD, or DVD.
- Keep and maintain a comprehensive inventory of digital assets and how to access each asset. When permitted, designate an individual to access such assets and provide detailed directions for their ultimate disposition. Likewise, if it is preferable to maintain secrecy regarding certain digital assets, provide instructions for complete deletion upon incapacity or death.
- When possible, backup digital assets (such as photos and videos) on a portable, encrypted hard-drive and provide access instructions. Store the hard-drive in a secure location with other estate planning documents.
- If serving as an agent or fiduciary, act quickly to secure digital assets in order to reduce the possibility of identity theft.
- Keep abreast of changes in the law, including potential conflicts of law and state-specific rules.
- Consider online password storage and online afterlife companies (such as PasswordBox, SecureSafe, Entrust, or LastPass) that may allow one to name a digital executor. Be sure to practice due diligence before using any type of digital asset protection company, as many companies of this type are relatively new.
Despite continually developing laws and occasionally discouraging complications, estate planning for digital assets is an increasingly important area of focus. As individuals continue to acquire new digital assets, there will likely be upcoming and ongoing challenges regarding the accessibility and transferability upon the incapacity or death of the owner. These assets have the potential to hold immense value, whether sentimental (as the personal story of the decedent in photos and media) or financial (as a commercial domain name or digital wallet), and should be considered as thoroughly as a more traditional, tangible asset. It is critical to plan for the administration and ultimate disposition of these important assets as technology continues to advance.
Jennifer L. Moccia, a shareholder of Rack & Moccia, P.C., received her B.A. in Psychology and Business Management from the College of William and Mary, her J.D. from Regent University School of Law, and her LL.M. in Estate Planning from the University of Miami School of Law. Ms. Moccia concentrates her practice in every aspect of estate planning, from wills and powers of attorney to advanced tax planning involving revocable and irrevocable trusts. She also serves as counsel to family members serving as fiduciary for the administration of trusts and estates, which typically involves the preparation of fiduciary income tax returns. She is currently serving as Vice Chair of the Board of the Trusts & Estates Section of the Virginia State Bar.
1See Dean Takahashi, Forty Years of Moore’s Law, Seattle Times, Apr. 18, 2005, http://www.seattletimes.com/business/forty-years-of-moores-law/.
3See Alp Toygar, C. E. Tapie Rohm Jr. & Jake Zhu, A New Asset Type: Digital Assets, 22 J. Int’l Tech. & Info. Mgmt., no. 4, 2013, at 113 (quoting A.J. van Niekerk, The Strategic Management of Media Assets; A Methodological Approach, Allied Academies, New Orleans Congress (2006)).
4See Va. Code Ann. § 64.2-514.
518 U.S.C. § 1030.
6H. Marshall Jarrett et al., U.S. Dep’t of Justice, Prosecuting Computer Crimes 1-2 (Scott Eltringham ed., 2015), https://www.justice.gov/sites/default/files/criminal-ccips/legacy/2015/01/14/ccmanual.pdf.
7Id. at 2.
818 U.S.C. § 1030(a)(2).
9Id. § 1030(e)(2).
10Id. §§ 2701–2712.
11Id. § 2702(a)(1).
12Id. § 2701(a)(1).
13See Gerry W. Beyer, Estate Planning for Digital Assets, Est. Plan. Stud. (Montecito Bank & Trust, Montecito, Cal.), Jan. 2015, at 5, https://montecito.bank/PDFs/201501051633_Montecito%20Bank%20%20Trust%20Estate%20Planning%20Studies%20-%20Jan%202015.pdf.
15See Victoria Blachly, Uniform Fiduciary Access to Digital Assets Act: What UFADAA Know, 29 Prob. & Prop., July–Aug. 2015, at 8, 9.
16See Beyer, supra note 13, at 7.
17See Blanchly, supra note 15, at 9.
18See Honorable Mark Obenshain & Honorable Jay Leftwich, Protecting the Digital Afterlife: Virginia’s Privacy Expectation Afterlife and Choices Act, 19 Rich. J. Law & Pub. Int. 39, 43 (2015).
19Beyer, supra note 13, at 5.
20See Obenshain & Leftwich, supra note 18, at 44–46.
21Va. Code Ann. §§ 64.2-109–64.2-115.
22Id. § 64.2-113.
23Id. § 64.2-114.
24See Evan Carroll, Virginia Passes Digital Assets Law, The Digital Beyond (Feb. 19, 2013), http://www.thedigitalbeyond.com/2013/02/virginia-passes-digital-assets-law/
26Va. Code Ann. § 64.2-110(A).
27Id. § 64.2-110(C).
28See Beyer, supra note 13, at 3.
29See id. at 4.
30Accounts Help: About Inactive Account Manager, Google, https://support.google.com/accounts/answer/3036546?hl=en (last visited Aug. 11, 2016).
31See Inactive Account Manager, Google, https://www.google.com/settings/account/inactive (last visited Aug. 11, 2016).
32See Help Center: What Will Happen to My Account if I Pass Away?, Facebook, https://www.facebook.com/help/103897939701143 (last visited Aug. 11, 2016).
34Help Center: What is a Legacy Contact?, Facebook, https://www.facebook.com/help/1568013990080948 (last visited Aug. 11, 2016).
35See Yahoo Terms of Service, Yahoo!, https://policies.yahoo.com/us/en/yahoo/terms/utos/ (last visited Aug. 11, 2016).
36Help Center: Contacting Twitter about a Deceased User or Media Concerning a Deceased Family Member, Twitter, https://support.twitter.com/articles/87894 (last visited Aug. 11, 2016).