August 2013 List of State Laws and Proposals Regarding Fiduciary Access to Digital Property During Incapacity or After Death

When a person becomes incapacitated or after a person dies, there are significant challenges that fiduciaries and family members face when dealing with that person’s smartphones, computers, electronically stored information, online accounts, Internet domain names, and other digital property. The first challenges are finding the person’s digital property and identifying which digital property is valuable or significant. Then, fiduciaries have several additional, significant digital property obstacles to overcome, including: (1) passwords; (2) encryption; (3) federal and state criminal laws that penalize “unauthorized access” to computers and data (including the Computer Fraud and Abuse Act); and (4) federal and state data privacy laws (including the Stored Communications Act).

As of the date of this posting, I am aware of seven states that currently have enacted specific laws to help fiduciaries deal with some fiduciary access to online accounts, although I believe that several of these laws are too limited in scope:

  1. Connecticut Statutes § 45a–334a gives the personal representative of a deceased person’s estate the powers to access or copy the contents of the person’s e–mail accounts (see also Proposed Bill 5227 introduced January 11, 2013, status).
  2. Idaho Statutes § 15–3–715(28) gives the personal representative of a deceased person’s estate the powers “to take control of, conduct, continue, or terminate” a deceased person’s e–mail account, social networking account, microblogging account, or short messaging service Web site, and Idaho Statutes § 15–5–424(3)(z) also grants similar powers to a person’s conservator.
  3. Indiana Code § 29–1–13–1.1 allows the personal representative to access or copy any of the decedent’s documents or information stored electronically by a “custodian,” and it requires the custodian to retain a deceased person’s electronic information for two years after receiving a request for access or copies.
  4. Nevada Revised Statutes chapter 143 has a new section taking effect October 1, 2013, (see Nevada Senate Bill number 131) that gives the personal representative of a deceased person’s estate the power to direct the termination of any online account or similar electronic or digital asset of the decedent, but it does not address powers to access these accounts or copy the contents.
  5. Oklahoma Statutes § 58–269 gives the personal representative of a deceased person’s estate the powers “to take control of, conduct, continue, or terminate” a deceased person’s e–mail account, social networking account, microblogging account, or short messaging service Web site.
  6. Rhode Island General Laws Chapter 33–27 gives the personal representative of a deceased person’s estate the powers to access or copy the contents of the person’s e–mail accounts.
  7. Virginia Code § 64.2–110 gives the personal representative of a deceased minor’s estate (but not a deceased adult’s estate!) the power to assume the minor’s Terms of Service agreement for an online account “for purposes of consenting to and obtaining the disclosure of the contents of the minor’s communications and subscriber records pursuant to 18 U.S.C. § 2702.”

The Uniform Law Commission appointed a Drafting Committee on Fiduciary Access to Digital Assets to prepare a model act on this topic, and they have a working draft that is expected to be finalized in 2014. As of the date of this posting, I am aware that the following other states have already introduced or are considering introducing new legislation to address fiduciary access to digital property, although I believe that several of these proposals are too limited in scope:

  1. California.
  2. Colorado.
  3. Florida.
  4. Maine: Legislative Document 850, passed May 21, 2013, appointed a commission to study the legal impediments to the disposition of digital assets upon an individual’s death or incapacity and develop legislative recommendations based on the study by December 1, 2013.
  5. Maryland: Senate Bill 29 introduced January 9, 2013, status (note: this bill received an “unfavorable” report by the Senate Judicial Proceedings Committee on February 14, 2013).
  6. Massachusetts: Senate Bill 702 (House Bill 1314), introduced January 22, 2013, status (see also Senate Bill 754, introduced January 24, 2011, Senate Bill 2205 introduced April 5, 2012, and Senate Bill 2313 introduced June 21, 2012).
  7. Michigan: House Bill 5929 introduced September 20, 2012, status, and Senate Bill 293 introduced April 10, 2013, status.
  8. Missouri.
  9. Nebraska: Legislative Bill 783 introduced January 5, 2012, status (note: this bill was indefinitely postponed as of April 18, 2013).
  10. New Hampshire: House Bill 116 introduced January 3, 2013, status.
  11. New Jersey: Assembly Bill 2943 introduced May 14, 2012, status.
  12. New York: Bill A823–2013 introduced January 9, 2013, status; Bill A6034–2013 introduced March 13, 2013, status; and Bill A6729–2013 introduced April 17, 2013, status (thank you to Damien McCallig for notifying me about Bill A6034–2013).
  13. North Carolina Senate Bill 279 introduced March 12, 2013, status (note: the digital asset provisions contained in the first two versions of this bill were removed before this bill was signed into law June 12, 2013).
  14. North Dakota: House Bill 1455 introduced January 21, 2013, status (note: this bill did not pass the vote taken in April 2013).
  15. Ohio.
  16. Oregon Senate Bill 54 introduced January 14, 2013, status.
  17. Pennsylvania: House Bill 2580 introduced August 23, 2012, status.
  18. Virginia: Senate Bill 914 introduced January 7, 2013, status.

If you are aware of any other state (or state bar association) that is considering this type of legislation, please contact me so that I can add it to the list.

Posted in General | Tagged , , , , , , | Comments Off

Tips From Security Experts on Choosing and Storing Passwords

One of the most frequently asked questions I hear when I talk about estate planning for digital property is, “How should I choose and store secure passwords for my accounts?” There’s a great July 10, 2013, article by Dan Goodin on Ars Technica asking this question to five computer security experts, including security technologist, cryptographer, and author Bruce Schneier (his blog and his books are excellent). The article has some helpful password tips, and it’s interesting to see the differences in how the security experts store their passwords!

I’ve written about choosing and storing secure passwords before. As I’ve mentioned, Microsoft generally recommends using a different strong password for each account, and choose strong passwords that are at least fourteen characters long, using a mix of uppercase letters, lowercase letters, numbers, and symbols.

When it comes to storing your passwords and keeping them up-to-date, my general recommendation is to choose a system that you’ll actually use. A written list may work well for you because it’s easy to create. A written list is much better than doing nothing, but a written list may be insecure and less convenient to update and to keep with you all the time. An electronic list can be much more secure (encrypted) than a written list, and a wide variety of easy-to-use tools are available to help you create and manage your electronic password list. Look for electronic password list software or an electronic password list Website that is easy-to-update, convenient, and secure (encrypted).

Some of the popular software tools that you can install on your computer or smartphone include Dashlane, LastPass, 1Password, KeePass, RoboForm, and Keeper. Several of these software tools are mentioned and used by the five security experts interviewed in the Ars Technica article above. Make sure that you write down instructions for your fiduciaries so they can find and access your electronic password list if you are incapacitated or deceased (store the written instructions in a secure location like a safe deposit box, home safe, etc.).

Some of the popular Web-based electronic password list services (accessed through a Web browser) offer a mechanism for authorized fiduciaries or family members to access your electronic password list if you are incapacitated or deceased. You tell the company in advance which key people can unlock this information at the appropriate time, and, after being contacted by that fiduciary or family member, the company will grant access after a verification procedure. Some of these services also can store scans of your important legal documents, including financial powers of attorney, health care directives, wills, trusts, deeds, and insurance policies. Some of the popular Web-based electronic password list services include AfterSteps, AssetLock, Assets In Order, Deathswitch, EstateMap, Estate++, E-Z-Safe, LegacyLocker, SecureSafe, and World Without Me. Check out their Web sites for more information on the services and features that they offer.

Posted in General | Tagged , , , , , , , , , | Comments Off

Video Clip: What Happens to E-mail, Facebook, and iTunes After You Die?

Minnesota’s KSTP-TV Eyewitness News ran a five-minute video story on May 2, 2013, by Tom Hauser on what happens to your Apple iTunes purchases, e-mail accounts, Facebook account, and other online accounts after you die. I had the pleasure of being interviewed for the story, and Mark Lanterman, CEO and CTO of Computer Forensic Services, was also interviewed. You can read the text story and watch the video story at the following link: http://kstp.com/news/stories/S3020243.shtml

I was also interviewed for an April 30, 2013, story on WNYC public radio by Stan Alcorn. You can read the text of the story and listen to the audio recording at the following link: http://www.wnyc.org/shows/newtechcity/blogs/new-tech-city-blog/2013/apr/30/three-barriers-make-it-hard-pass-digital-accounts-after-death/

Technology is changing the way we interact with people and transact business. We are accumulating valuable and important electronic data in our smartphones, computers, and online accounts. We need to plan ahead for our data and online accounts so that our fiduciaries and family members can receive that data after we become incapacitated and after we die.

First, you should make a list of any valuable or important data, online accounts, and digital property. This could be a written list or an electronic list stored in your smartphone, in your computer, or in an online account. Make sure to include where each account or digital property item is, how you access it, and why it’s valuable or important to you. And, make sure to keep the list up-to-date!

Second, you should contact your estate planning attorney to include your digital property in your estate plan. Make sure your estate plan appoints a fiduciary to act on your behalf with respect to your digital property (as well as for all your other property) during incapacity and after death. This may include preparing a durable power of attorney, a will, and a revocable living trust, if appropriate for your situation—please contact your estate planning attorney for tax and legal advice about your specific facts and circumstances. And, make sure your estate plan authorizes the companies that hold your electronic data to release that data to your fiduciaries during your incapacity and after your death.

Planning ahead for your digital property is essential to arrange for full access to your data, to keep estate administration costs down, to provide for a smooth estate administration, and to ensure that none of your valuable or important digital property is overlooked. If you haven’t planned ahead, a computer forensics expert may be able to recover and access data from your smartphone or your computer. But, it may be practically impossible to retrieve the data from your online accounts if you haven’t planned ahead!

Contact your estate planning attorney today to include your digital property in your estate plan!

Posted in E-mail, Social Networking Accounts | Tagged , , , , , , , , , , , , | Comments Off

Google Users Can Now Plan Ahead for Incapacity and Death for their Google Data

If you use Google’s Gmail service or one of its other popular services, Google has new user account settings that are helpful for digital estate planning purposes. With these settings, you can direct Google to send your Gmail messages and your other Google data to a trusted person after your Google account “times out” due to inactivity. You can also set how many months (3, 6, 9, or 12) before your Google account “times out,” and Google will send you a warning before that happens.

In other words, you could set it up so that, if you haven’t logged in to your Google account within the last three months (e.g., due to incapacity or death), then Google should send your Google Gmail (e–mail) messages, your documents stored on Google Drive, and your data from other selected Google services to your spouse, to one or more of your children, or to someone else. You can select up to 10 people to receive a notification that your account is closed and, if you choose you can also send one or more of those people Google account data that you select (e.g., you can send your Google Gmail messages to one person and your Google Drive documents to someone else). You designate these people with an e–mail address and, if you choose to send them your data, with a mobile phone number also. One challenge with this is that the person you designate to receive your data may not be able to receive your data because they changed e–mail accounts, because they changed phone numbers, because they are incapacitated, or because they are deceased. So, consider naming more than one person to receive your Gmail messages and other Google data, and keep those e–mail accounts and phone numbers up–to–date. Also make sure to update your designated recipients if you get divorced or if a designated person dies.

Although these new Google account settings allow you to give your Gmail messages and other Google data to someone else during incapacity or after death, these settings do not transfer “the account itself”—just the data in the account. Google’s current policy is not to transfer one user’s account to another user.

Another option that these new Google account settings allow is to delete your Google account and your Google data after your account “times out.” Unfortunately, it’s an all–or–nothing setting (e.g., you can’t specify to delete your Google Gmail messages but preserve your Google Drive documents).

These new settings are called the “Inactive Account Manager,” which is under the Account Management heading [December 2013 update: Google recently moved the Inactive Account Manager settings under the Data Tools heading] of your Account section of your Google account settings. Note that this is not in your Gmail settings—instead, you need to navigate to your Google account page, which has this Web address: https://www.google.com/settings/account [December 2013 update: you can now use this Web address to go directly to Google’s Data Tools settings: https://www.google.com/settings/datatools]. For more information about these new settings, read Google’s Public Policy Blog posting from April 11, 2013.

Hopefully, other online account providers like Apple, Facebook, Microsoft, Yahoo!, and others will offer similar account settings so that users can plan ahead for what happens to their e–mail accounts and other online account data during incapacity and after death. As I’ve mentioned before, it’s important to integrate digital property into your estate plan. You should plan ahead for incapacity and death with respect to your online accounts and other digital property: (1) to arrange for full access to your electronically stored information; (2) to keep costs down; (3) to provide for a smooth administration; and (4) to ensure no valuable or significant online accounts or other digital property are overlooked by your fiduciaries and family members.

Posted in E-mail | Tagged , , , , , , , , , , | Comments Off

Convertible Virtual Currency (Like Bitcoin) is Subject to U.S. Money-Laundering Rules

On March 18, 2013, the the U.S. Financial Crimes Enforcement Network released new interpretive guidance regarding “convertible virtual currency” for purposes of the Bank Secrecy Act (BSA). The BSA requires financial institutions in the United States to report cash transactions and suspicious financial activities that might signify money laundering, tax evasion, or other criminal activities. The Financial Crimes Enforcement Network is a bureau of the U.S. Department of the Treasury that combats money laundering, among other things.

Under the new interpretive guidance, “virtual currency” is defined as a medium of exchange that operates like a currency in some environments but does not have all the attributes of real currency (“real currency” is the coin and paper money of the United States that is designated as legal tender). “Convertible virtual currency,” then, is defined as virtual currency that has an equivalent value in real currency or that acts as a substitute for real currency.

Without getting into too much detail, the new interpretive guidance states that “exchangers” and “administrators” are “money transmitters” within the scope of the Bank Secrecy Act and its regulations, unless a limitation or exemption applies, if they either: (1) accept and transmit a convertible virtual currency or (2) buy or sell convertible virtual currency. In other words, these parties may be subject to the registration requirements, record-keeping requirements for certain transactions, and mandatory reporting requirements for certain suspicious activities that might signify money laundering, tax evasion, or other criminal activities. Under the new interpretive guidance, an “exchanger” is a person engaged as a business in the exchange of virtual currency for real currency, funds, or other virtual currency, and an “administrator” is a person engaged as a business in issuing (putting into circulation) a virtual currency and who has the authority to redeem (to withdraw from circulation) the virtual currency.

However, a mere “user” of convertible virtual currency is not subject to the Bank Secrecy Act and its regulations. Under the new interpretive guidance, a “user” is a person that obtains virtual currency to purchase goods and services. In other words, merely using convertible virtual currency to purchase real or virtual goods or services does not make the person a “money transmission service” (so the person does not have the registration, reporting, or record-keeping obligations under the Bank Secrecy Act regulations).

One example of a popular convertible virtual currency is Bitcoin. Based on the definition of “convertible virtual currency,” the new interpretive guidance might also apply to the virtual currencies used in online video games and virtual worlds (e.g., if the video game or virtual world virtual currency has an equivalent value in real currency), bringing certain video game transactions within the scope of the Bank Secrecy Act and its regulations unless a limitation or exemption applies. According to a March 21, 2013, article in the Wall Street Journal by Jeffrey Sparshott, the “anti-money-laundering rules would apply depending on the ‘factors and circumstances’ of each business.”

This new interpretive guidance is another example of how much value is being converted into virtual currencies and how much these virtual currencies have become part of our daily lives. On May 18, 2009, John D. Sutter on CNN reported that at least $1 billion per year is transferred into virtual currencies each year, primarily for online video games. That’s amazing, and I can only imagine how much more value is converted into virtual currencies today. These virtual currencies, including Bitcoin and amounts in video games and virtual worlds, can have financial value and should be included as part of a person’s estate planning.

Posted in Financial Accounts, Video Games & Virtual Worlds | Tagged , , , , , , , , , , | Comments Off

Jim Lamm Presents at 2013 Miami Law Review Symposium on “Will You Have a Digital Afterlife?”

On Friday, February 15, 2013, I presented a ninety–minute seminar titled “Will You Have a Digital Afterlife?” with Professor Christina L. Kunz, Michael J. McGuire, and Damien A. Riehl at the 2013 Miami Law Review Symposium on Social Media & the Law in Coral Gables, Florida. Our panel discussed how computers, electronically stored information, online accounts, and other digital property have changed the way we interact with people and how we transact business, and this flood of digital property is also changing how fiduciaries and family members administer an estate after a person’s incapacity or death.

Our panel discussed the four main obstacles for fiduciaries and family members trying to access electronically stored information, online accounts (e–mail, social networking accounts like Facebook and Google+, etc.), and other digital property. These four main obstacles are: (1) passwords; (2) encryption; (3) federal and state criminal laws that penalize “unauthorized access” to computers and data (including the Computer Fraud and Abuse Act); and (4) federal and state data privacy laws (including the Stored Communications Act).

Our panel reported on current state legislative efforts regarding fiduciary access to digital property and the Uniform Law Commission’s Drafting Committee that is working on this topic. We also discussed intellectual property law issues, including a current case addressing the issue of whether a person can sell a “used” digital music file, book, or movie purchased from Apple’s iTunes store without violating copyright law. And our panel discussed estate planning tips to plan ahead for digital property during incapacity and after death as well as tips to help identify an incapacitated or deceased person’s online accounts and software tools to help gain access to electronically stored information that may be protected by a password on the person’s smartphone, iPad, or computer.

Posted in General | Tagged , , , , , , , , , , , , , | Comments Off

February 2013 List of State Laws and Proposals Regarding Fiduciary Access to Digital Property During Incapacity or After Death

Note: please refer to this August 2013 post for an updated list of state laws.

When a person becomes incapacitated or after a person dies, there are significant challenges that fiduciaries and family members face when dealing with that person’s smartphones, computers, electronically stored information, online accounts, Internet domain names, and other digital property. As I’ve mentioned in previous posts, there are four main obstacles for fiduciaries and family members trying to access this digital property (especially online accounts like e–mail accounts, social networking accounts like Facebook, etc.): (1) passwords; (2) encryption; (3) federal and state criminal laws that penalize “unauthorized access” to computers and data (including the Computer Fraud and Abuse Act); and (4) federal and state data privacy laws (including the Stored Communications Act).

in May 2011, my colleague Gene Hennig and I submitted to the Uniform Law Commission a Project Proposal for a uniform law to grant fiduciaries specific powers and authority regarding a person’s online accounts and digital property during incapacity and after death. In January 2012, the Uniform Law Commission appointed a Study Committee, which presented its final report at the July 2012 Uniform Law Commission annual meeting. On July 17, 2012, the Uniform Law Commission appointed a Drafting Committee on Fiduciary Access to Digital Assets to prepare a uniform law on this topic. The first meeting of the Drafting Committee was held November 30 and December 1, 2012, and the second meeting of the Drafting Committee is February 15–17, 2013.

As of the date of this posting, I am aware of five states that currently have enacted specific laws to help fiduciaries deal with e–mail fiduciary access to online accounts, although I believe that several of these laws are too limited in scope:

  1. Connecticut Statutes § 45a–334a (see also Proposed Bill 5227 introduced January 11, 2013, status)
  2. Idaho Statutes §–15–3–715(28)
  3. Oklahoma Statutes § 58–269
  4. Rhode Island General Laws Chapter 33–27
  5. Indiana Code § 29–1–13–1.1

As I mentioned above, the Uniform Law Commission appointed a Drafting Committee on Fiduciary Access to Digital Assets to prepare a uniform law on this topic. As of the date of this posting (including the updates mentioned below), I am aware that the following other states that have already introduced or are considering introducing new legislation to address fiduciary access to digital property, although I believe that several of these proposals are too limited in scope:

  1. California
  2. Colorado
  3. Maine: Legislative Document 850 introduced March 5, 2013, (to study the issue), status (thank you to Justin LeBlanc for notifying me about this bill)
  4. Maryland: Senate Bill 29 introduced January 9, 2013, status
  5. Massachusetts
  6. Michigan: House Bill 5929 introduced September 20, 2012, status (thank you to Brian Cohan for notifying me about this bill)
  7. Missouri
  8. Nebraska: Legislative Bill 783 introduced January 5, 2012, status
  9. Nevada: Senate Bill 131 introduced February 18, 2013, status (thank you to Ashley Watkins for notifying me about this bill)
  10. New Hampshire: House Bill 116 introduced January 3, 2013, status
  11. New Jersey: Assembly Bill 2943 introduced May 14, 2012, status
  12. New York: Bill A823–2013 introduced January 9, 2013, status
  13. North Carolina Senate Bill 279 introduced March 12, 2013, status (thank you to Evan Carroll for notifying me about this bill)
  14. North Dakota: House Bill 1455 introduced January 21, 2013, status
  15. Ohio
  16. Oregon Senate Bill 54 introduced January 14, 2013, status (thank you to Evan Carroll for notifying me about this bill)
  17. Pennsylvania: House Bill 2580 introduced August 23, 2012, status
  18. Virginia: Senate Bill 914 introduced January 7, 2013, status

If you are aware of any other state that is considering this type of legislation, please contact me so that I can add it to the list.

[Updated February 25, 2013, to add links to Michigan bill; on March 18, 2013, to add links to Nevada, North Carolina, and Oregon bills; and on April 1, 2013, to add links to the Maine bill]

Posted in General | Tagged , , , , , , , | Comments Off

Jim Lamm Presents on Digital Death at 2013 Heckerling Institute

On Thursday, January 17, 2013, I presented a ninety–minute seminar titled “Digital Death: What to Do When Your Client Is Six Feet Under But His Data Is in the Cloud” with Professor Christina L. Kunz and Damien A. Riehl at the 47th Annual Heckerling Institute on Estate Planning in Orlando, Florida. Our panel discussed how fiduciaries and family members need to inventory, value, and administer smartphones, computers, electronically stored information, online accounts, domain names, and other digital property as part of their duties for estate and trust administrations, guardianships, and conservatorships. We also talked about estate planning tips to plan ahead for digital property during incapacity and after death.

Specifically, we talked about the four main obstacles for fiduciaries and family members trying to access electronically stored information, online accounts (e–mail, social networking accounts like Facebook and Google+, etc.), and other digital property. These four main obstacles are: (1) passwords; (2) encryption; (3) federal and state criminal laws that penalize “unauthorized access” to computers and data (including the Computer Fraud and Abuse Act); and (4) federal and state data privacy laws (including the Stored Communications Act).

Our panel also discussed intellectual property law issues, including a current case addressing the issue of whether a person can sell a “used” digital music file, book, or movie purchased from Apple’s iTunes store without violating copyright law. Finally our panel reported on state legislative efforts regarding fiduciary access to digital property and the Uniform Law Commission’s Drafting Committee that is working on this topic.

You can download the Table of Contents from the seminar materials here: Table of Contents (PDF link).

Posted in E-mail, Intellectual Property Rights, Social Networking Accounts | Tagged , , , , , , , , , , , , , , , | Comments Off

Jim Lamm Quoted in The Wall Street Journal

On January 5, 2013, I was quoted in The Wall Street Journal in the article “Life and Death Online: Who Controls a Digital Legacy?” by Geoffrey A. Fowler.

The article describes a Toronto family’s struggle with a deceased teenager’s digital afterlife, and the obstacles created by criminal laws, privacy laws, and Terms of Service contracts with online account service providers. For more information about the court case mentioned in the article involving Facebook opposing (and successfully blocking) a family’s demand to obtain a decedent’s Facebook account data, read my October 2012 posting about the Facebook case and about the the Stored Communications Act.

Posted in Social Networking Accounts | Tagged , , , , , , , , | Comments Off

Uniform Law Commission’s Drafting Committee on Fiduciary Access to Digital Assets

The Uniform Law Commission has appointed a Drafting Committee to address the issue of Fiduciary Access to Digital Assets, and its first meeting will be November 30 and December 1, 2012, in Minneapolis, Minnesota. The ULC studies and reviews state laws to determine which laws should be uniform among the states, and, when appropriate, they draft and propose statutory language to promote uniformity.

In May 2011, my colleague Gene Hennig and I submitted to the ULC a Project Proposal for a uniform law to grant fiduciaries specific powers and authority regarding an individual’s online accounts and digital property during incapacity and after death. Although I am not a commissioner, I have been actively involved in this ULC process as an observer.

In January 2012, the ULC appointed a Study Committee to consider the issue of Fiduciary Access to Digital Assets. That Study Committee presented its final report at the July 2012 ULC annual meeting.

On July 17, 2012, the ULC appointed a Drafting Committee to prepare a uniform law on Fiduciary Access to Digital Assets. As I mentioned above, the first meeting of the Drafting Committee will be held on November 30 and December 1, 2012, in Minneapolis, Minnesota. The second meeting of the Drafting Committee is scheduled for February 15–16, 2013, in Washington, D.C.

Posted in General | Tagged , , , , , , , | Comments Off