Planning for and Administering Digital Assets

I. What are digital assets?

Estate planning and administration professionals cannot ignore the ubiquity of digital assets. 2012 saw global sales of digital music amount to $5.6 billion and in some markets, including the US, India, Norway and Sweden, digital music sales exceeded packaged music sales. Meanwhile, e-book sales represented an estimated 16%, and growing, of all book sales in Canada in 2012. Almost 18 million Canadians, more than half of the population, has an active Facebook account. The Bitcoin virtual currency has been featured regularly in the news as its exchange value skyrocketed from approximately USD$100 to USD$1200 late in 2013, before falling off dramatically again.

The term “digital assets” is used in different ways by different people. In a narrow sense, a digital asset has been defined as “any item of text or media that has been formatted into a binary source that includes the right to use it.”

In a broader sense, digital assets include all of the electronic “possessions” an individual may have, including emails, digital photos, videos, tweets, texts, songs and e-books, as well as online account information for websites or programs such as Facebook, LinkedIn, bank accounts, PayPal and others.In this broader sense, digital assets are sometimes referred to as a “digital estate” or “digital legacy”.

Digital assets have three distinct elements:

1. A digital file or record. This is the data that constitutes the content of the asset.
2. The right to use the file or record. It has been noted that if there is no right to use a file or record, then it should not be characterized as an asset. Rights of use may derive from authorship or other ownership of the content (for example, emails or original documents), or may be granted by a licence from the owner or a third party licensor (as with most digital music or e-books).
3. A method of access. Assets may be categorized into (a) physically controllable digital assets (PCDA) which are stored on hardware to which the owner has access, and (b) controlled accessdigital assets (CADA) stored “in the cloud” on servers belonging to third party service providers and accessible on‐line with the use of a username and password.

Because the law applicable to digital assets is still developing, digital present unique challenges to executors, administrators, attorneys and committees. In addition, planning strategies for digital assets are rapidly evolving as the law, the e‐service industry, and user awareness of estate planning issues all mature.

II.                  Challenges in dealing with digital assets

A.        Property rights vs. contractual rights

To understand digital assets and their management in the estates context, it is necessary to consider the different categories of legal rights which may be applicable to the assets:

1. Tangible personal property. Tangible personal property is property that can be physically manipulated and moved. Examples of tangible personal property are computers, mobile and tablet devices, and physical storage media including hard drives, memory sticks and flash cards.
2. Intangible personal property. This is property in which an owner has rights but that generally does not have a tangible physical manifestation. Intangible personal property includes all manner of digital files and records over which an individual has rights of ownership, including the individual’s electronic documents, emails, and digital photos. It also includes domain names.
3. Contractual rights. Whereas property rights relate to a particular thing and can theoretically be enforced against everyone in the world, contractual rights are personal and enforceable only by and against the parties to the contract, and only in accordance with its terms. In the context of digital assets, contracts govern rights of access to CADA, and in some cases, govern rights of use for particular files or data.

On death, all of a person’s property, including tangible and intangible personal property, vests in the personal representative of the deceased. Personal contractual rights of the deceased, however, generally do not pass to the personal representative unless the terms of the contract specifically provide for enurement of benefits to personal representatives, or specific legislation applies.

B.                                      Can access rights be passed on?

The difference between property rights which survive death and contract rights which often do not can result in a personal representative having a legal right to the files and information stored with a particular service, but having no enforceable right to access that information. This appears to have been the case with Justin Ellworth, a U.S. Marine killed in Iraq in 2004. Yahoo refused Justin’s father’s requests for access to his son’s email account. Eventually, the family sued, and a Michigan court ordered that the contents of the account be turned over. A similar battle was waged by Karen Williams, an Oregon mother whose son died in a 2005 motorcycle accident, against Facebook. Williams was successful only in gaining limited access to the account.

A number of U.S. state legislatures have responded to these types of stories by passing digital estate laws. The laws vary in coverage and scope, but generally provide executors or estate lawyers with powers to access digital assets including social media accounts. The laws remain controversial as they may be in conflict with federal criminal laws, and usually conflict with agreed terms of service which require privacy to be strictly maintained. No similar laws have been enacted or proposed in Canada or any province of Canada to date.

Access issues such as those described above highlight the value in taking appropriate planning steps to pass on access to one’s digital assets to one’s executors or heirs.

C. When is an asset not an asset?

It was widely reported in 2012 that Bruce Willis was suing Apple’s iTunes because over the right to bequeath his ‘vast’ iTunes music collection to his daughters. Although it turned out the story was untrue, it highlighted an issue common with digital services such as iTunes which sell commercially produced content (e.g. songs, movies, and e‐books). These services generally provide the user with a limited licence to access the content in particular ways. For example, Apple’s iTunes allows a user to use downloaded content on up to five authorized devices at a time, and allows each device to store content from up to five different accounts. Such licences are personal rights that expire when the user dies.

While access to content may continue due as a result of storage on a physical device or continued account access via password, there is no further legal right to the use of such content. In many cases, the licensor will have the ability to delete the account and content if it learns of the death of the user.

D. “Unauthorized Use of Computer” Offence

Personal representatives dealing with digital assets must also consider the implications of the Criminal Code offence relating to unauthorized and fraudulent computer use. This offence states as follows:

342.1 (1) Every one who, fraudulently and without colour of right,

obtains, directly or indirectly, any computer service,

by means of an electro‐magnetic, acoustic, mechanical or other device, intercepts or causes to be intercepted, directly or indirectly, any function of a computer system, uses or causes to be used, directly or indirectly, a computer system with intent to commit an offence under paragraph (a) or (b) or an offence under section 430 in relation to data or a computer system, or

uses, possesses, traffics in or permits another person to have access to a computer password that would enable a person to commit an offence under paragraph (a), (b) or (c)

is guilty of an indictable offence and liable to imprisonment fora term not exceeding ten years, or is guilty of an offence punishable on summary conviction.

For the purposes of paragraph (a), “computer service” is defined to include data processing and the storage or retrieval of data.

Since the actions listed in paragraphs (a) through (d) are worded very broadly, the key phrase in this offence provision is “fraudulently and without colour of right” which is the intent that must be proven in order for the computer use to be considered a criminal offence. The same phrase “fraudulently and without colour of right” is also found in section 322 of the Code which is the general theft offence.

The meaning of the phrase “fraudulently and without colour of right” in the context of this provision was discussed at length by the Quebec court in R. y. St‐Martin12. That case involved a police officer who had used police computers to look up personal information about various women he had met. The court considered and rejected arguments that the term “fraudulently” required proof of dishonesty or moral wrongfulness relating to the motive for accessing the computer service. On this issue, the court concluded:

72        As set out in the text of section 342.1(a) of the Criminal Code, the word fraudulently relates to the obtaining of computer service, not the motive underlying such conduct.

73        In conclusion, a person fraudulently obtains computer service when he or she, consciously, intentionally, without error or accident, obtains the service, knowing that he or she does not have the right to do so.

74        Obtaining such services is, obviously, dishonest and morally wrong.

Accordingly, while proving fraudulent intent in other legal contexts involves a high standard, the court’s interpretation in St Martin was that the elements of this offence consist only of obtaining a computer service intentionally while knowing that you are not authorized to do so.

In the author’s view, it is highly unlikely that the Crown would pursue charges against a personal representative for accessing a deceased’s online account for bona fide estate purposes, even if such access was technically in violation of the terms of service. In particular, a personal representative who was left passwords and specific instructions from the deceased, would have a defensible “colour of right” that should exclude the application of this provision. However, this provision has not been tested in this context and a personal representative uncertain about its rights to access a particular service is encouraged to seek specific legal advice before doing so.

E.                   Privacy Legislation

Personal representatives should also be aware of their rights to personal information of the deceased under privacy legislation. Privacy legislation may be raised by providers of electronic services as a reason they are not able to provide a personal representative with access to the account of a deceased. In addition, a personal representative may have need to access or correct personal information on behalf of the deceased.

The Personal Information Protection Act (British Columbia) (PIPA) governs the collection, use and disclosure of personal information by private organizations in British Columbia. Other provinces are governed either by similar provincial legislation or by similar provisions in the federal Personal Information Protection and Electronic Documents Act (PIPEDA).

PIPA requires that private organizations obtain the informed consent of individuals for the collection, use and disclosure of personal information. Under section 23 of PIPA, an individual may require an organization to provide him or her with the individual’s personal information under the organization’s control, information about how that personal information is and has been used, and the names of persons to whom the information has been disclosed. The requesting individual then has the right under section 24 to correct any information held by the organization that is incorrect.

The Personal Information Protection Regulations made under PIPA specify who may act on behalf of deceased persons and other individuals. Under section 3 of the Regulations, a personal representative¹⁴of a deceased person may exercise the rights of the deceased individual under the Act, and give or refuse consent with respect to personal information of the deceased under the Act. If there is no personal representative appointed, then the “nearest relative” of the deceased has the same rights. The Regulations contain a prioritized list to define “nearest relative”.

Under section 2 of the Regulations, a committee, attorney acting under an enduring power of attorney, a litigation guardian, or a representative under the Representation Agreement Act are also given full power to exercise the privacy rights of the individual whom they represent. Because no priority is granted as between these roles, one adult patient may have two or more representatives authorized to exercise their privacy rights under PIPA.

III.      Duties of personal representatives with respect to digital assets

Personal representatives (estate executors and administrators) have an overarching fiduciary duty to conduct themselves and the affairs of the estate for the benefit of the beneficiaries. In the context of digital assets, the general duties and obligations of the personal representative include the following:

1. ^{Identify. Ascertain and list all digital assets of the deceased.}
2. ^{Gain access to PCDA. Secure any PCDA and restrict access. Because the physical property and all the rights to it vest in you as personal representative, you are within your rights to circumvent passwords and security measures if necessary in order to gain access.}
3. ^{Gain access to CADA. Where the deceased has left passwords for CADA, ensure that you can gain access. Where you do not have a username/password for CADA, consider whether there is another way to request the information.}
4. ^{Back Up. Where possible and appropriate, make local backups of assets (whether PCDA or CADA) that may have financial or sentimental value. For example, some online digital photo services provide the option of downloading a backup of all files as one compressed file.}
5. ^{Inventory. List all digital assets located, for the purpose of accounting to beneficiaries.}
6. ^{Digital assets having determinable value. Digital assets having realizable present or future financial value should be secured and their value ascertained for probate and accounting purposes. Determine whether the asset is to be transferred in kind to a beneficiary or if it should be prepared for sale.}
7. ^{Personal and sentimental items. For personal and sentimental digital assets without determinable value, arrange for their transfer to the beneficiaries in accordance with the will or law. If these assets are of a personal nature, they may fall within the “articles” provisions employed in many wills. Articles are typically defined to include “items of personal, domestic and household use or ornament”.}
8. ^{Personal information. Subject to instructions or wishes for dealing with personal information, the personal representative should protect the privacy of the deceased to the greatest degree possible.}
9. ^{Liabilities. Determine any liabilities relating to digital accounts and pay them together with other estate liabilities.}
10. ^{Close accounts. Attend to the orderly closing of accounts where all useful assets have been retrieved and the account is of no further use.}
11. ^{More specific suggestions on how to deal with particular classes of digital assets are set out in Part V, “Handling specific digital assets”.}

IV.      Duties and rights of attorneys and committees with respect to digital assets

Attorneys and committees will generally have greater legal rights for dealing with digital assets of the incapable adult for whom they act than will personal representatives of a deceased person. This is because all contractual rights of the incapable adult continue in full force and may generally be exercised by the attorney or committee on behalf of the incapable adult. However, if the adult has not kept uptodate and accessible records of account information, the attorney or committee may still run into practical challenges in gaining access to assets or information.

While enduring powers of attorney may be limited to specific powers, most enduring powers of attorney grant general powers to the attorney. A general power of attorney authorizes the attorney to do anything that the adult may lawfully do by an agent in relation to the adult’s financial affairs. Inaddition, section 32 of the Power of Attorney Act provides that an attorney may request information and records relating to the adult who granted the power, if the information or records relate to the incapability of the adult, or to any area of authority granted to the attorney. The Act states that where the attorney has the power to request information or records, the attorney has the same right to those information and records as does the adult. These powers overlap with the powers granted to powers of attorney with respect to personal information under the PIPA Regulations, as discussed above in Part II.E “Privacy Legislation”.

A person appointed as committee of the estate of a patient is granted “all the rights, privileges and powers with regard to the estate of the patient as the patient would have if of full age and of sound and disposing mind.”

Based on the foregoing, an attorney exercising authority under a general enduring power of attorney and an estate committee should have the right to access all digital information and services to the same extent the donor or patient had such rights. If the attorney or committee has not been left with passwords for any CADA, they should have the right to require the service provider to provide them with the password.

Generally, the duties of an attorney or committee will be similar to the enumerated duties #1‐5 and #8 of personal representatives listed in Part III of this paper above. Attorneys and committees must manage the affairs of the adult in the manner that is in the adult’s best interests.

V.        Handling specific digital assets

The following sections provide specific suggestions on how executors should deal with particular types of digital assets that may commonly be encountered.

A.        E‐mail

Gaining access to email may be one of the top priorities of an executor because the account can be a valuable source of information for identifying the deceased’s contacts, assets, liabilities, and other critical information.

The following are some of the commonly encountered email service providers:

Gmail: Gmail users may use Google’s “Inactive Account Manager” tool to permit authorized persons access to emails after their death.¹⁸ If the deceased user has not set up access using this tool, Google has a lengthy process by which a representative may request the contents of the account. Without providing much detail as to the decision‐making process, they warn that they may be unable to provide the content, and “sending a request or filing the required documentation does not guarantee that we will be able to assist you.”

Yahoo: Yahoo takes the position that its accounts and contents are not transferable. It will not provide passwords or access to content, including email. Yahoo will close the account and permanently delete contents of a verified deceased user on request.

Microsoft Hotmail / Outlook.com: Microsoft has a “Next of Kin” process that allows for the release of contents including emails and address book, following an authentication process. Microsoft will not grant direct account access but will close an account upon request. It is important for the executor to act quickly because Microsoft generally deletes accounts after 9 months of inactivity.

E‐books

Most e-books are provided under non-ransferable personal licences.

For example, terms of service for Amazon’s Kindle explicitly state “Kindle Content is licensed, not sold, to you by the Content Provider”. The terms of service go on to state, among other things, that the user cannot sell, distribute or assign the e-books.

E-books are typically stored on e-readers, which may have no password protection. Accordingly, it may be possible to pass an e-reader on to a beneficiary with licenced content still on it and available. This would be contrary to the terms of the licence agreement. In addition, the e-reader may be set up to authorize purchases on the user’s credit card. For these reasons, it will usually be advisable for an executor to deregister and delete all content from the device prior to disposing of it.

Music and Movies

iTunes and similar music and movie services provide only licences to use downloaded content. Music files may be subject to digital rights management (DRM) restrictions or may be DRM-free. Even if files are not subject to DRM, an executor should not participate in creating copies as copying is contrary to copyright laws.

iTunes and similar accounts should be deactivated so that further purchases (usually linked to a credit card) cannot be made.

Games

Many games or game services allow users to accrue credits, rights, or virtual goods which may have real world value. Examples include magic weapons in Blizzard’s World of Warcraft, virtual real estate assets in MindArk’s Entropia Universe, and in‐game credits on Pokerstars.com. The end user license agreement for the particular game will dictate whether such virtual goods can be converted back to traditional currency, or legitimately transferred or sold to other players.

There are also secondary markets that facilitate the sale of virtual goods where it may not be explicity permitted under the terms of the end user license agreements. For example, PlayerAuctions is an online platform allowing players of massively multiplayer online (MMO) games to buy, sell and trade digital assets such as in‐game currency, items, accounts, and power leveling services.

Pokerstars.comis a popular online poker site that allows users to deposit real money into online accounts. According to the Pokerstars terms of service, the money that is deposited is held on trust by Pokerstars for the user. The terms of service also allow money to be withdrawn and transferred between accounts. The terms of service do not explain what occurs if a user dies, but an executor representative should be entitled to withdraw the funds.

If the deceased has left his or her username and password for a particular game, the executor should be able to access the account and presumably transfer or sell any assets. This may or may not be in violation of the terms of service. If the username and password was not left, or the executor does not wish to proceed in this way, the executor may approach the service provider directly and ask to gain access to the digital assets.

Digital photos

In most cases, photos will not be specifically mentioned in a will. In many cases, digital photos will be covered by the general “articles” clause, as articles are typically defined to include “items of personal, domestic and household use or ornament”. If the executor is instructed to divide the articles among certain beneficiaries, the executor should provide copies of the digital photos to all such beneficiaries.

In most cases, digital photographs stored locally on a computer hard drive or external drive can be easily copied to allow for distribution pursuant to the will.

Online photo sharing and storage services have varying policies regarding access after death. Yahoo’s Flickr service is non‐transferable and all rights to contents terminate on death. The account may be deleted upon providing proof of death. Google’s Picasa service is handled the same as their Gmail service described under the Email section above.

Social media

Social media providers tend to have restrictive policies regarding access to their services by executors or other representatives.

Facebook acknowledges that users own their own content; however, Facebook does not permit account transfers or access by personal representatives. Facebook will delete the account or “memorialize” the

page upon request with the appropriate paperwork. In a memorialized account, only confirmed friends can see the profile or locate it in a search. Contact information and status updates are removed from the profile.

It is important to delete or memorialize a deceased’s Facebook page because, if this does not occur, other Facebook users may receive reminders to add the deceased to certain groups or to add the deceased as a friend.

If a personal representative has access to a Facebook account of a deceased via username and password, he or she should download any content that may be worth keeping (for example photos, status updates and contact information) prior to memorializing the account. They may wish to utilize the Facebook feature that allows a user to download an archive of all of their Facebook content in one file.

Twitter and LinkedIn have established process for deactivation of an account upon providing verification of death. Google + is handled in the same way as Google’s Gmail service described under the Email section above.

Domains

If the deceased owned an internet domain name, the personal representative will need to identify which domain registrar was used. Most registrars will release the account of a deceased to the personal representative of the deceased’s estate upon receipt of the appropriate paperwork. The personal representative will then have the ability to transfer the domain to a beneficiary or to a purchaser, or to cancel the registration if it has no value.

Digital currencies and loyalty points

Loyalty programs and digital currency providers maintain their own rules regarding transfer of accounts on death.

Bitcoin is an example of a digital currency. Users download a software “wallet” on their computer or mobile device. The wallet generates unique bitcoin addresses which allows the user to receive “coins” from other users. Once received, coins can be transmitted on to other users.

Bitcoin encourages users to secure their wallet using offline means such as printing the wallet on paper or saving it to a USB drive. Personal representatives may have to look carefully to discover a bitcoin wallet. Users are also encouraged to encrypt their wallet by setting a password. If the password is lost, bitcoins are lost permanently. There is no mechanism to retrieve a lost password.

Air Miles allows the deceased’s account to be merged with the account of a “family member or member of your household” free of charge. The account merge is subject to Air Miles’ consent and requires proof of death. Merging an account under this policy avoids a fee of $0.15 / mile that otherwise applies in transferring Air Miles from one account to another.

Aeroplan’s estate transfer policy allows a beneficiary or heir to redeem outstanding balances for a period of 12 months from the declaration of death once they have provided a copy of the death certificate and will, and have paid a $30 processing fee. Otherwise, transferring points to another account will cost $0.01 per mile.

VI.              Planning for digital assets

Memorandum of Digital Assets

Clients should be encouraged to catalogue all of their digital assets and services, and provide access information in a centralized Memorandum or file for the executor. The Memorandum should also express wishes with respect to how the assets should be handled after they die, for example whether accounts should be deleted and closed, or contents passed on to others.

Obviously it will be key to maintain tight security over such a list. The Memorandum may be kept in a safety deposit box, or sealed and stored with the Will in the lawyer’s file. Alternatively, the client may store the information in a password‐protected electronic document and keep the password for the file separate from the file itself.

A Memorandum of Digital Assets is sometimes referred to as a “digital will” or “social media will”. However, since such a document would likely change frequently and many assets would not have financial value, in most cases this document will not be constituted as a formal will. Any assets having significant value should be dealt with specifically under the will, or incorporated by reference in a binding memorandum executed as a testamentary document.

Powers of executor (or digital executor)

Section 142 of the Wills, Estates and Succession Act provides that a personal representative is granted all of the authority over the estate that the deceased person had while alive, subject to the Act and any contrary intention in the will of the deceased person. In many cases, this general power should be sufficient to give the executor all the legal powers they need to deal with digital assets.

Setting out more specific or expansive powers to deal with digital assets may be warranted where (i) the digital assets will be held as part of a trust (since section 142 confers general powers only on personal representatives and not on trustees), or (ii) the client has extensive digital assets and wishes to have specific powers enumerated.

Some professionals have recommended that individuals name a “digital executor” in their will, separate from their primary executor, who is given the power to deal with digital assets. In the author’s view, appointing a separate digital executor will rarely, if ever, be advisable. Unless the powers of the primary executor are carefully limited to exclude digital assets, it is likely that the primary executor will also have authority over digital assets, raising the possibility of conflicts between the primary executor and the digital executor. If a client wishes someone other than their executor to manage some of their digital assets, it will usually be preferable to authorize the executor to engage that person to assist in dealing with digital assets. Having the third party engaged by the executor in this manner makes it clear that the executor retains authority over and responsibility for the management of digital assets.

Enduring power of attorney

As discussed in Part IV above, an attorney appointed under a general enduring power of attorney has the power to deal with digital assets of the adult who granted the power.

Where the client has extensive digital assets, it may be helpful to include a clause in the enduring power of attorney setting out specific powers with respect to digital assets, to remove any doubt.

Online services

Password aggregating services

There are numerous online services that allow users to store sensitive information including files, passwords, and instructions, to be released to predetermined individuals upon their death.

For example, PasswordBox is an encrypted online service which allows customers to identify all their online assets including usernames and passwords, and to name “verifiers” who are the people who will confirm their death and manage the information on their passing. Customers can specify beneficiaries for each of their online assets, to whom the information will be passed after their death.

Account-specific tools

In 2013, Google unveiled its Inactive Account Manager, a tool that allows users to manage their Google­related digital assets (e-mails, photos, contacts, etc.) after death. A user can instruct Google to delete the digital assets or send them to trusted contacts after a certain period of inactivity (the default is three months). The person receiving the data will not have access to the account but will have access to the data.

If similar tools are implemented by other service providers, they have the potential to solve many of the access problems that have plagued these services in the past. Of course, these tools are useful only to the extent that they are actually enabled by account holders.