Appointing a Legacy Contact for a Facebook Account After Death

Facebook now allows you to appoint a “legacy contact” for your Facebook account after you die. Previously, after a user died, Facebook would not allow anyone else to access or modify the deceased user’s Facebook account, but the account could be closed or “memorialized.” Facebook also now allows you to set your account so that it’s permanently deleted when you die.

A Facebook account legacy contact can: (1) download a copy of what the deceased user shared on Facebook (photos, videos, wall posts, profile information, contact information, events, and the deceased user’s list of friends); (2) write a pinned post for the deceased user’s profile to share a remembrance or final message on behalf of the deceased user; (3) respond to new friend requests with the deceased user; and (4) update the deceased user’s profile picture and cover photo.

However, a Facebook account legacy contact cannot: (1) read or download the messages that the deceased user sent to friends (or photos that the deceased user automatically synced with Facebook but didn’t post); (2) remove friends of the deceased user; (3) change photos, postings, or other items shared on the decedent’s timeline; or (4) log in to the deceased user’s account. Although a legacy contact cannot read or download messages that the deceased user sent to friends, Facebook may provide a copy of the deceased user’s messages if the deceased user expressed clear consent to allow this in the decedent’s will or another legal consent document.

Instructions for how to add, change, or remove a Facebook account legacy contact are available here: https://www.facebook.com/help/1070665206293088. Note that your legacy contact must be an existing Facebook friend of yours.

After a Facebook user dies, if a legacy contact has been appointed, first the deceased user’s account should be memorialized. A family member or friend can submit the request to memorialize the decedent’s account using this form on Facebook’s Web site: https://www.facebook.com/help/contact/651319028315841. After the decedent’s account is memorialized, Facebook will notify the legacy contact. Although the legacy contact cannot log into the deceased user’s account, the legacy contact can take the actions described above by going to the deceased user’s memorialized profile and clicking the “manage” link in the bottom-right of the cover photo.

If you would prefer to permanently delete your Facebook account when you die, instructions to set that up are available here: https://www.facebook.com/help/103897939701143.

Posted in Social Networking Accounts | Tagged , , , , , , | Comments Off

Video Clip: Family Fights to Access Late Son’s Digital Data

Minnesota’s KSTP-TV Eyewitness News ran a video story on January 20, 2015, by Tom Hauser about the Anderson family who tragically lost their nineteen-year-old son, Jake. Their son’s death was ruled accidental, but the family wants answers about the events leading up to his death. They have tried unsuccessfully to obtain copies of Jake’s final emails, text messages, social networking posts, photos, and cell phone data from service providers.

The Anderson family started an online petition asking the Minnesota State Legislature to pass a law clearly authorizing fiduciary access to a deceased person’s digital data. At the time of this blog post, there were over 4,000 online signatures to that petition. If you’d like to show your support, the online petition is available here: http://www.gopetition.com/petitions/accessing-jakes-digital-data.html.

The video story includes an interview with Andersons and an excerpt of their testimony on January 20, 2015, before the Civil Law and Data Practices Committee of the Minnesota House of Representatives in support of a bill to enact the Uniform Fiduciary Access to Digital Assets Act (UFADAA) in Minnesota. My colleague Gene Hennig and I also testified at this committee meeting, a brief excerpt of which is included in the video story.

The full text of UFADAA is available on the Uniform Law Commission’s Web site, as well as a brief summary of UFADAA and a list of reasons why states should adopt UFADAA.

Posted in E-mail, Social Networking Accounts | Tagged , , , , , , , , , | Comments Off

Keeping a Secure List of Passwords, Online Accounts, and Digital Property

An important part of a comprehensive estate plan (planning ahead for incapacity and death) is preparing a complete list of your passwords, online accounts, and other digital property—and keeping it up to date. This list helps fiduciaries and family members find your valuable and significant online accounts and digital property, keep administration costs down, provide for a smooth administration, and ensure no property is overlooked.

A written list is easy for anyone to create, but it’s insecure to keep with you at all times and may be inconvenient to update. A sample written list is available on my blog—I call it “My Digital Audit.” You can download the Adobe PDF form to your own device and either edit it electronically or print it and fill it out by hand. Keep your written list in a secure location, like a safe deposit box or a home safe. Secure storage and frequent updates don’t work well together for a written list, so an electronic list or a hybrid method combining an electronic list and separate written instructions is preferable to only keeping a written list.

Personally, I prefer to use an encrypted electronic list because it’s secure, easy to update, convenient to use, and it’s on my smartphone so it’s always with me. A master password is used to access the encrypted data in the list. So, I only need to remember one master password, then I can use the electronic list to keep track of all my separate, strong passwords for each online account that I use. An electronic list can be stored on a smartphone, a computer, a portable storage device, or in the cloud.

When choosing software or a Web-based service to keep an encrypted electronic list of passwords, online accounts, and digital property, look for one that synchronizes your list among your computer, tablet, and smartphone (and the cloud, if desired) so that it’s easily accessible by you. Also, look for one that integrates with your Web browser to securely and automatically enter the username and password for your online accounts. In addition to being a time-saver, it also encourages you to use separate, strong passwords for each of your online accounts (if you’d like to learn more about strong passwords, read this article from Microsoft on Six Rules for Safer Financial Transactions Online). The ones that integrate with your Web browser also help keep your list up to date by automatically updating your list when you create a new online account or when you change an online account’s password. If the software or Web-based service stores your list in the cloud (not just stored locally on your device), make sure it encrypts your data before sending it to the cloud so that the service provider (or a hacker compromising the service provider’s security) can’t access your confidential data.

Five of the most popular free and commercial software tools to keep an encrypted electronic list are described in a January 11, 2015, article at Lifehacker.com by Alan Henry. The five encrypted electronic list tools the article describes, in alphabetical order, are: 1Password, Dashlane, KeePass, LastPass, and Roboform.

A key problem with an encrypted electronic list is that fiduciaries and family members need to know your master password in order to read your list while you are incapacitated or after you are deceased. Without the master password, the list may be practically impossible to access (e.g., if the list is protected with strong encryption and a strong password).

One idea is to use a hybrid method by keeping an encrypted electronic list of your passwords, online accounts, and digital property plus keeping a separate written instruction sheet describing how to find and access your encrypted electronic list, including the master password. Keep the separate written instruction sheet in a secure location, like a safe deposit box or a home safe.

Another idea is to use a Web-based service to both keep your encrypted electronic list and provide a mechanism for designated fiduciaries or family members to access the unencrypted list. Some of these Web-based services, in alphabetical order, are: AfterSteps, Assets in Order, BestBequest, Deathswitch, Estate Map, E-Z-Safe, PasswordBox’s Legacy Locker, and SecureSafe. However, unlike the software tools listed three paragraphs above, the Web-based services listed in this paragraph currently do not integrate with your Web browser to enter the username and password for your online accounts securely and automatically, which may make these services less convenient to use and less convenient to keep up to date. Also, if the service provider has the ability to turn over the unencrypted contents of your list to a fiduciary or family member that you designate, that means the service provider (or a hacker compromising the service provider’s security) potentially could gain access to your confidential data—this is a trade-off between convenience and security.

During your incapacity or after your death, fiduciaries and family members should read the applicable Terms of Service contract before attempting to use your password to access your online account. There are federal and state laws that penalize unauthorized access to computer systems and types of private or protected personal data. These laws provide consumer protection against fraud and identity theft but may have a chilling effect on fiduciaries and family members trying to access an incapacitated or deceased person’s online accounts.The U.S. Department of Justice asserts that 18 U.S.C. § 1030(a)(2), which is a provision of the Computer Fraud and Abuse Act (“CFAA”), is broad enough to permit the government to charge a person with a crime for violating the CFAA when that person “exceeds authorized access” by violating the access rules of a Web site’s Terms of Service contract or use policies. For example, some Terms of Service contracts prohibit you from allowing anyone else to access your online account, which may mean that a fiduciary or family member using your password to access the account is “exceeding authorized access” within the scope of the CFAA. If any of your online accounts has an access restriction like this in its Terms of Service contract, your fiduciary or family member should consider asking the service provider for a copy of your account’s contents instead of attempting to use your password to access your account.

Posted in General | Tagged , , , , , , , | Comments Off

Video Clip: Family Wants Access to Son’s Digital Data After Death

Minnesota’s KMSP-TV Fox 9 News ran a video story on September 9, 2014, by Ted Haller about a family wanting access to their deceased nineteen-year-old son’s digital data. They have been seeking access to his text messages, e-mails, and Facebook account to find out more about the moments leading up to his tragic death.

I was interviewed for the story to comment about the current federal privacy laws that restrict disclosure of private electronic communications, how service providers could change their Terms of Service agreements to clearly authorize fiduciary access, and what online account users can do to plan ahead for incapacity and death.

The Anderson family, which was interviewed for the KMSP-TV Fox 9 News story about their nineteen-year-old son, is hoping to get 20,000 signatures to an online petition asking the Minnesota State Legislature to pass a law clearly authorizing fiduciary access to a deceased person’s digital data. If you’d like to show your support, the online petition is available here: http://www.gopetition.com/petitions/accessing-jakes-digital-data.html.

Technology is changing the way we interact with people and transact business. We are accumulating valuable and significant electronic data in our smartphones, computers, and online accounts. We need to plan ahead for our data and online accounts so that our fiduciaries and family members can access that data after we become incapacitated and after we die.

First, you should make a list of your valuable or significant data, online accounts, and digital property. This could be a written list or an electronic list stored in your smartphone, in your computer, or in an online account. Make sure to indicate where each account or digital property item is located, how to access it, and why it’s valuable or significant to you. And, make sure to keep the list up-to-date!

Second, if you have been storing valuable or significant data exclusively in online accounts (for example, your digital photos), it’s important to regularly back up that data to local storage media—to your computer’s hard drive, a USB flash drive, a CD, a DVD, etc.—so that your fiduciaries and family members will have access to that data without the additional obstacles that online accounts have. One obstacle that could be avoided is the Stored Communications Act, also known as the Electronic Communications Privacy Act, which creates privacy rights to protect the contents of certain electronic communications and files from disclosure by a provider of an electronic communication service or a remote computing service, unless an exception is met under that law. A second obstacle that could be avoided is a potential criminal charge for “exceeding authorized access” to your online accounts, under federal or state laws, if a fiduciary or family member violates the access rules of that account’s Terms of Service agreement. Some service providers prohibit you from sharing your password or allowing anyone else to access your account, but other providers do not have these prohibitions. It’s important to read the Terms of Service agreement before attempting fiduciary access to an online account.

Third, you should contact your estate planning attorney to include plans for your digital property in your estate plan. Make sure your estate plan specifies your wishes about your property and appoints a fiduciary to act on your behalf with respect to all of your property, including your digital property, during incapacity and after death. This may include preparing a durable power of attorney, a will, and a revocable living trust (if appropriate for your situation). You should contact an estate planning attorney who is licensed to practice in your state concerning your own situation and any specific tax or legal questions that you may have. And, make sure that your estate planning documents explicitly authorize the companies that hold your electronic data to release that data to your fiduciaries during your incapacity and after your death, which is important for the Stored Communications Act’s privacy protections.

Planning ahead for your digital property is essential to arrange for full access to your data, to keep estate administration costs down, to provide for a smooth estate administration, and to ensure that none of your valuable or significant digital property is overlooked. If you haven’t planned ahead, a computer forensics expert may be able to recover and access data from your smartphone or your computer. But, it may be practically impossible to retrieve the data from your online accounts if you haven’t planned ahead!

To help deal with situations where an incapacitated or deceased person did not plan ahead in the person’s estate plan, many states are now considering adopting the recently-approved Uniform Fiduciary Access to Digital Assets Act (UFADAA). Eight states so far have enacted laws on fiduciary authority regarding digital assets after death, and Delaware was the first state enactment based on UFADAA.

Contact your estate planning attorney today to include your digital property in your estate plan!

Posted in General | Tagged , , , , , , , , , , | Comments Off

Delaware Enacts Fiduciary Access to Digital Assets Act

On August 12, 2014, Delaware’s governor signed into law the Delaware Fiduciary Access to Digital Assets Act, which is based on an earlier draft of the recently-approved Uniform Fiduciary Access to Digital Asset Act. Delaware’s new law takes effect January 1, 2015, and it grants access and authorization for digital assets to personal representatives, guardians, agents under a durable personal power of attorney, and trustees (and an adviser with authority to direct the trustees).

So far, Delaware’s Fiduciary Access to Digital Assets Act is the most comprehensive law of its type that has been enacted. Many other states are now considering the recently-approved Uniform Fiduciary Access to Digital Asset Act, which vests four types of fiduciaries with the authority to access, control, or copy digital assets, while respecting the privacy and intent of the account holder. Other states have previously enacted more limited laws on fiduciary access to digital assets, including:

  1. Connecticut Statutes § 45a-334a, signed into law on June 24, 2005, gives the personal representative of a deceased person’s estate the powers to access or copy the contents of the person’s e-mail accounts. Unfortunately, this law falls short of the current scope of online accounts and digital property, and it only applies to personal representatives.

  2. Indiana Code § 29-1-13-1.1, approved March 30, 2007, allows the personal representative to access or copy any of the decedent’s documents or information stored electronically by a “custodian.” It also requires the custodian to retain a deceased person’s electronic information for two years after receiving a request for access or copies. Unfortunately, the law only applies to personal representatives.

  3. Rhode Island General Laws Chapter 33-27, which became law on July 2, 2007, gives the personal representative of a deceased person’s estate the powers to access or copy the contents of the person’s e-mail accounts. Unfortunately, this law falls short of the current scope of online accounts and digital property, and it only applies to personal representatives.

  4. Oklahoma Statutes § 58-269, signed into law April 29, 2010, gives the personal representative of a deceased person’s estate the powers “to take control of, conduct, continue, or terminate” a deceased person’s e-mail account, social networking account, microblogging account, or short messaging service Web site. Unfortunately, this law falls short of the current scope of online accounts and digital property, and it only applies to personal representatives.

  5. Idaho Statutes § 15-3-715(28), signed into law March 16, 2011, gives the personal representative of a deceased person’s estate the powers “to take control of, conduct, continue, or terminate” a deceased person’s e-mail account, social networking account, microblogging account, or short messaging service Web site. Idaho Statutes § 15-5-424(3)(z) also grants similar powers to a person’s conservator. Unfortunately, these laws fall short of the current scope of online accounts and digital property, and they only apply to personal representatives and conservators.

  6. Virginia Code § 64.2–110, signed into law on March 13, 2013, gives the personal representative of a deceased minor’s estate (but not a deceased adult’s estate!) the power to assume the minor’s Terms of Service agreement for an online account “for purposes of consenting to and obtaining the disclosure of the contents of the minor’s communications and subscriber records pursuant to 18 U.S.C. § 2702.” Unfortunately, this law only applies to online accounts of deceased minors.

  7. Nevada Revised Statutes § 143.188, signed into law on June 1, 2013, gives the personal representative of a deceased person’s estate the power to direct the termination of any online account or similar electronic or digital asset of the decedent. However, this law does not address powers to access these accounts or copy the contents, and it only applies to personal representatives.

  8. Louisiana Code of Civil Procedure Article 3191, signed into law on June 19, 2014, gives the succession representative of a deceased person’s estate the power “to take control of, handle, conduct, continue, distribute, or terminate any digital account of the decedent,” unless the decedent’s will specifies otherwise. It requires a provider to provide access to the account within thirty days after receiving a copy of documents showing the representative’s authority, to the extent permitted by federal law. And, this law states that it supersedes any contrary provision in a Terms of Service contract for the decedent’s digital accounts. The term “digital account” includes social networking accounts, blogs, microblogs, short messaging accounts, email accounts, financial accounts, or any similar electronic services or records.

Posted in General | Tagged , , , , , , , | Comments Off

Uniform Fiduciary Access to Digital Assets Act (UFADAA)

On July 16, 2014, the Uniform Fiduciary Access to Digital Assets Act (UFADAA) was approved by the Uniform Law Commission. My colleague Gene Hennig and I originally proposed this uniform law in May of 2011, and I’m very happy with the end result. The final version of UFADAA that was approved is now available here (excluding the comments, which are available here in the previous draft), and the Committee on Style will be reviewing and editing this version before UFADAA is officially final.

The purpose of UFADAA is to vest fiduciaries with the authority to access, control, or copy digital assets, while respecting the privacy and intent of the account holder. This uniform law address four types of fiduciaries: (1) personal representatives (also known as executors) of a deceased person’s estate; (2) conservators (also known as guardians) for a living person; (3) agents acting under a power of attorney; and (4) trustees of a trust.

Fiduciaries play an essential role in our economy, acting on behalf of living, incapacitated, and deceased individuals. Fiduciaries generally have the same power over assets that an absolute owner would have. In general, UFADAA confirms that a person’s fiduciary stands in the shoes of the person, even in the digital world. This is important because digital assets may have additional obstacles to overcome that do not apply to traditional types of property. These additional obstacles in the digital world include: (1) passwords; (2) encryption; (3) criminal laws regarding unauthorized access to computers (including the Computer Fraud and Abuse Act); and (4) data privacy laws (including the Stored Communications Act, also known as the Electronic Communications Privacy Act). UFADAA helps fiduciaries address obstacles #1, #3, and #4, but it doesn’t solve obstacle #2—encryption. As I’ve explained before, strong encryption can make it practically impossible for a fiduciary to access a person’s data if you don’t know the password.

Now that the Uniform Law Commission has approved UFADAA, the Committee on Style will review and edit the final text of the uniform act, as amended during the reading and comment period of UFADAA that occurred on Monday, July 14, 2014. That review process might be completed by October or November of 2014, then the final version of UFADAA will published and ready for state legislatures to begin considering local enactment.

The Uniform Fiduciary Access to Digital Assets Act would not have been possible without the leadership of Suzy Walsh, who chaired the Drafting Committee for this uniform act, and Professor Naomi Cahn, who was the reporter for this uniform act. The final version is the result of an active collaboration by Uniform Law Commissioners who were members of the Drafting Committee and over 130 observers who participated in the process, including representatives from The American College of Trust and Estate Counsel, the American Bar Association, the National Academy of Elder Law Attorneys, the American Bankers Association, Internet service providers and several of their industry groups, and consumer rights and privacy groups.

The final version of UFADAA provides the access to digital assets that fiduciaries need to carry out their duties, while respecting the privacy and intent of the account holder. Thank you to everyone who was involved in this process!

Posted in General | Tagged , , , , , , , | Comments Off

Estate Planning and Tax Issues for Bitcoin and Other Virtual Currencies

For estate planning and tax advisers, it’s important to know about all of a person’s valuable and significant assets, including digital assets, so that they can help the person properly plan ahead for incapacity, death, and taxes. New types of assets are being created in and only exist in the digital world, including virtual currencies like Bitcoin and Dogecoin.

I recommend reading the May 14, 2014, article, “Bitcoin Is Creating New Headaches for Estate Planners, Though it May Someday Cure Them,” written by Joseph Wright. I was interviewed for this article and quoted in it. The article describes Bitcoin, estate planning obstacles regarding digital assets, and the Uniform Law Commission’s Fiduciary Access to Digital Assets act. This article is reprinted with permission from Electronic Commerce & Law Report™, 19 ECLR 607 (May 14, 2014). Copyright 2014 by The Bureau of National Affairs, Inc. (800–372–1033) http://www.bna.com/.

Although there are over 200 virtual currencies in use currently, Bitcoin is by far the most recognized and widely-used. Bitcoin has been in the news for its dramatic rise and fall in value recently. In May 2010, when Bitcoin was still relatively new, a person in Jacksonville, Florida, paid 10,000 bitcoins (worth about $41.00 at the time) for two large Papa John’s pizzas. Since then, at several times in late 2013 and early in 2014, the price per bitcoin jumped to about $1,000—making that a $10 million pizza (in hindsight)! You can check the current price per bitcoin at CoinMarketCap.

The IRS recently issued Notice 2014-21 to describe how they will apply U.S. tax principles to virtual currency. In general, the IRS treats virtual currency as property for federal tax purposes, valued in U.S. dollars. So, the virtual currency has a tax basis, and a person realizes gain or loss when the virtual currency is exchanged for other property. It is not treated as a currency that could generate foreign currency gain or loss for federal tax purposes.

Bitcoins are created by “mining,” which is done by using a significant amount of computing power to solve increasingly complex mathematical equations (a “block”) used for the virtual currency. For example, one high-end personal computer with a mid-range graphics card (the graphics card can significantly accelerate the computations involved) might be able to mine one Bitcoin block in just over three years, on average. Under Notice 2014-21, when a person mines and receives virtual currency, the IRS treats that as an income event for the person.

Finding virtual currencies after a person dies or becomes incapacitated can be a significant challenge because of the variety of ways they can be “stored.” Bitcoin, for example, is referred to as a “cryptocurrency” because it’s based on the principles of public key cryptography and relies on two separate “keys,” one public and one private, that are mathematically linked to represent bitcoins. A Bitcoin “address” is the public key. Think of it like an e–mail address—it’s used for sending or receiving bitcoins in a transaction. But, unlike an e–mail address, it’s generally recommended for security and privacy that a different Bitcoin address be used for each separate Bitcoin transaction. A Bitcoin private key is kept secret by the Bitcoin owner because it enables bitcoins to be transferred.

Multiple private keys are held in a “wallet” (think of a Bitcoin wallet like a bank account). One or more wallets can be stored on a computer, smartphone, online service, or offline (referred to as “cold storage”). To protect against the risk of theft or loss of bitcoins, a person may have multiple wallets for their bitcoins. Multiple wallets and multiple possible storage locations for the wallets can make it more difficult for fiduciaries to find bitcoins or other virtual currencies after a person’s incapacity or death.

A Bitcoin transaction requires the sender’s Bitcoin address, the recipient’s Bitcoin address, and the number of bitcoins to transfer, and this information is “signed” using the sender’s Bitcoin private key, which proves the sender owns the transferred bitcoins and can be verified by the Bitcoin network.

You can read more about my estate planning tips and strategies for dealing with Bitcoin in the BNA Bloomberg article that is linked above in the second paragraph.

Posted in Virtual Currency | Tagged , , , , , , , , , | Comments Off

Google and Microsoft Update Their E-Mail Privacy Policies

Google and Microsoft have both recently updated their policies regarding the privacy of e-mail contents. The updates are about different issues and were initiated in response to different events.

Google updated their Terms of Service agreement on April 14, 2014, to add the following sentences (among other changes):

Our automated systems analyze your content (including emails) to provide you personally relevant product features, such as customized search results, tailored advertising, and spam and malware detection. This analysis occurs as the content is sent, received, and when it is stored.

Google apparently made this change in response to a lawsuit filed against the company alleging that they violate privacy laws by scanning the contents of e-mails to provide targeted ads to Gmail users. This change to their Terms of Service agreement clarifies what Google does. For more details read these Ars Technica articles from April 15, 2014, and September 27, 2013.

Microsoft, on the other hand, issued a statement on March 20, 2014, that they are strengthening their policies to protect the privacy of e-mail contents (although their Terms of Service agreement and Online Privacy Statement have not changed). As described in a March 21, 2014, article by Fahmida Y. Rashid on PCMag.com, this change in Microsoft’s policy comes in response to complaints about an incident in which Microsoft read the contents of a Hotmail user’s e-mails without notifying the user or obtaining a court order. Microsoft’s March 20, 2014, statement affirms that “Outlook and Hotmail email are and should be private” and that Microsoft “will not conduct a search of customer email and other services unless the circumstances would justify a court order, if one were available.”

Posted in E-mail | Tagged , , , , , , , , , , , | Comments Off

Facebook Updates Its Policies for Deceased Users

According to a February 21, 2014, news release, Facebook has made two updates to its policies regarding the accounts of deceased users.

Previously, Facebook allowed one of two options for a deceased user’s account. First, the personal representative of a deceased person’s estate (also known as an executor) or an immediate family member could ask Facebook to remove a deceased user’s account and account contents from Facebook. Second, an immediate family member (a spouse, parent, sibling, or child), an extended family member (a grandparent, aunt, uncle, or cousin), or even a non-family member (a friend, co-worker, or classmate) could ask Facebook instead to “memorialize” a deceased user’s account, which locks the account and restricts other people from viewing the deceased user’s profile and other contents unless that other person was a “friend” of the deceased user on Facebook. Please note that Facebook’s Terms of Service agreement does not permit anyone to log into another user’s account, not even a deceased user’s account. Also, note that Facebook will not reset or reveal the password of a deceased user’s account.

The February 21, 2014, news release states that Facebook’s policy for “memorializing” a deceased user’s account has now changed. No longer will a memorialized account have its visibility restricted to only “friends” of the deceased user. Instead, Facebook will preserve the same privacy and visibility settings that the deceased user had specified during lifetime. For example, a user’s Facebook contents that were restricted so that only “friends” could view them would continue to be restricted after the user dies (once the account is memorialized), but a user’s Facebook contents that were visible to everyone would continue to be visible to everyone after the user dies (once the account is memorialized). The February 21, 2014, news release does not mention any changes to the procedure for removing a deceased user’s account and account contents from Facebook.

An additional change announced in the February 21, 2014, news release is the ability to request a “Look Back” movie for a deceased user’s Facebook account. Only a “friend” can make the request for a “Look Back” movie for a deceased user, and this request must be made after the deceased user’s Facebook account has been memorialized. More information about Facebook “Look Back” movies is available in this February 4, 2014, article from The Verge.

It’s great to see that Facebook is being respectful of and responsive to the issues related to a deceased user’s online account and account contents. Each year, more of our personal and business lives are moving into the digital world of computers, online accounts, and electronic storage, and some of this data has financial value or sentimental value to family members after the user becomes incapacitated or dies.

The vast majority of Terms of Service agreements that I’ve read for online accounts do not specify what happens while a user is incapacitated or after a user is deceased. As a result, family members and the duly-appointed fiduciaries acting on behalf of the user face confusion, delays, and obstacles related to the user’s online accounts and other digital property. Maybe they don’t have the user’s password. Maybe they do have the user’s password but can’t use it for fear of “exceeding authorized access” in violation the account’s Terms of Service agreement, which potentially could be prosecuted under state or federal criminal laws including the Computer Fraud and Abuse Act. Or, maybe the duly-appointed fiduciary has requested a copy of the contents of the deceased user’s online account, but the account provider is not able to divulge the contents without the “lawful consent” of the user because of the privacy protections under the federal Stored Communications Act. These are significant obstacles facing family members, fiduciaries, and their team of advisers when dealing with an incapacitated or deceased user’s online accounts and digital property.

My hope is that it will someday be best practices for Terms of Service agreements of online accounts to: (1) clearly authorize a duly-appointed fiduciary to access to a user’s online account during lifetime or after death for purposes of state and federal criminal laws including the Computer Fraud and Abuse Act; (2) clearly confirm that the user is providing “lawful consent” within the meaning of the federal Stored Communications Act to divulge the user’s online account contents to a duly-appointed fiduciary; and (3) clearly state what happens to the user’s account itself and the user’s account contents after death.

It also would be helpful if a user could easily designate one or more “beneficiaries” who could receive a copy of all (or a specified portion) of the user’s account contents after the user has died. Please note that the I mentioned “a copy” of the account contents—I’m drawing a distinction between making “a copy” of the data versus the legal issues that may be involved in transferring rights or ownership interests in the user’s account itself or transferring rights or ownership interests in the user’s data. See my earlier blog post about Google’s “inactive account manager,” which provides a similar “beneficiary designation” to transfer a copy of the account contents to designated people.

This is an emerging area of law, and I’m hopeful that the confusion, delays, and obstacles facing family members and fiduciaries dealing with the incapacity or death of a loved one can be resolved by better clarification and more consistency in Terms of Service agreements.

Posted in Social Networking Accounts | Tagged , , , , , , , , | Comments Off

The Digital Death Conundrum: How Federal and State Laws Prevent Fiduciaries from Managing Digital Property

The University of Miami Law Review just published The Digital Death Conundrum: How Federal and State Laws Prevent Fiduciaries from Managing Digital Property (direct PDF link), a new article coauthored by James D. Lamm, Christina L. Kunz, Damien A. Riehl, and Peter John Rademacher. This article discusses the importance of estate planning for online accounts and other digital property, describes the types of fiduciaries that are appointed to act on behalf of an incapacitated or deceased person, and the main obstacles fiduciaries may face in dealing with digital property.

What do I mean when I say “fiduciary”? Generally, it’s a person appointed to act on your behalf. A living person may designate an agent under a power of attorney document to act on his or her behalf. If a person is incapacitated, a court may appoint a conservator (or guardian) to act on behalf of the person. If a person is deceased, a court may appoint a personal representative (also known as an executor) to act on behalf of the deceased person’s estate. A person also might establish a trust during lifetime or upon death that acquires or receives certain digital property, and the trustee acts on behalf of the trust.

Fiduciaries can run into a variety of problems when dealing with online accounts and other digital property, including passwords, data encryption, criminal laws on “exceeding authorized access,” and data privacy laws. The key federal laws that are obstacles are the Computer Fraud and Abuse Act and the Stored Communications Act (also known as the Electronic Communications Privacy Act). Online accounts also may have a restrictive Terms of Service Agreement that does not allow a user to share his or her password or allow anyone else to access his or her account.

The article proposes brief and focused amendments to the federal Computer Fraud and Abuse Act and to the Stored Communications Act to resolve the uncertainty of fiduciary authority and access to digital property. The article also describes an early draft of the Uniform Law Commission’s Fiduciary Access to Digital Assets model act, which is a model for state legislatures to enact that provides clear authority under state law for fiduciaries to access, manage, and deal with online accounts and other digital property. I’m hopeful that the Fiduciary Access to Digital Assets model act will be finalized in 2014 so that states can begin the process of considering and enacting it.

The article includes a sample will provision to consider that grants powers and authority over digital property to the personal representative of a decedent’s estate. Finally, the article includes a stand-alone sample Authorization and Consent for Release of Electronically Stored Information document to consider that authorizes fiduciaries to receive digital property for purposes of the Computer Fraud and Abuse Act and the Stored Communications Act. As noted in this blog’s disclaimer below, these sample provisions are intended for general educational and information purposes only—they should not be construed or relied upon as legal advice or opinion on any specific facts or circumstances, and you should consult with an attorney licensed to practice in your state concerning your own situation and any specific legal questions you may have.

I want to say a special thank you to Chris Kunz, Damien Riehl, and Peter Rademacher for all of their hard work on this article—it was a great team effort!

Posted in E-mail, Social Networking Accounts, Web Pages and Blogs | Tagged , , , , , , , , , , , , | Comments Off