Obama Administration White Paper on Intellectual Property Enforcement Legislative Recommendations

Posted on March 16, 2011 by Jim Lamm

The Obama Administration released a White Paper on Intellectual Property Enforcement Legislative Recommendations on March 15, 2011. This follows up the 2010 Joint Strategic Plan on Intellectual Property Enforcement.

Among other things, the proposals would clarify enforcement of intellectual property rights in the digital world. For example, page 2 of the report recommends a legislative change to “Clarify that, in appropriate circumstances, infringement by streaming, or by means of other similar new technology, is a felony”. Page 2 of the report also recommends a legislative change to “Give law enforcement authority to seek a wiretap for criminal copyright and trademark offenses.” These proposed changes could help protect the valuable rights of authors, artists, and other intellectual property rights holders.

As I’ve mentioned before, family members and fiduciaries should act quickly to identify and protect an incapacitated or deceased person’s intellectual property rights. Digital intellectual property (photos, music videos, and written works posted on the Internet) can spread quickly on the Internet, and enforcement can be difficult. A “takedown notice” under the Digital Millennium Copyright Act of 1998 (“DMCA”) is an effective tool to remove a specific infringing use of a copyrighted work on the Internet, but the infringing uses could spread faster than the takedown notices can keep up with. A February 24, 2011 article by Brad Stone in Bloomberg titled Sports Leagues Battle Video Pirates Showing Bootleg Live Games on Internet illustrates the problem of how sports leagues struggle to shut down hundreds of unauthorized video streams of sports events, even using the streamlined procedures under the DMCA.

Basically, Title II of the DMCA limits the liability of online service providers for copyright infringement if they comply with the takedown procedure. Online service providers must have a “designated agent” for infringement claims on file with the Copyright Office to receive this liability protection. The list is available online at: http://www.copyright.gov/onlinesp/list/. An online service provider, upon receiving proper notice of a claimed copyright infringement, must act “expeditiously to remove, or disable access to, the material” or risk losing its liability protection. 17 U.S.C. § 512(c)(1)(A)(iii). The required elements for a DMCA takedown notice are listed in 17 U.S.C. § 512(c)(3). If the allegedly infringing person disputes the claimed copyright infringement, that person can send a counter–notice to the online service provider. At that point, unless the copyright owner files an action seeking a court order against the allegedly infringing person, the online service provider must put the material back up within 10 to 14 business days after receiving the counter–notice. To prevent abuse of this system, the copyright law provides penalties for misrepresentations in a notice or counter notice.

A DMCA takedown notice can be used by the copyright holder, but if unauthorized photos, videos, and other recordings of a person are posted on the Internet and the person doesn’t hold the copyright to that digital property, it is much more difficult to enforce a right of publicity or assert a right of privacy. There isn’t a similar, streamlined takedown procedure to enforce rights of publicity or privacy.

The bottom line is that intellectual property rights holders and the government are struggling to keep up with the speed that data moves in the digital world. It will be interesting to see how these proposals by the Obama Administration will be implemented and how they will protect intellectual property rights holders in the future.

Posted in Intellectual Property Rights | Tagged , , , , , , , , , | Comments Off on Obama Administration White Paper on Intellectual Property Enforcement Legislative Recommendations

Jim Lamm Quoted in Forbes Article on Estate Planning for Passwords and Online Accounts

Posted on February 16, 2011 by Jim Lamm

Deborah L. Jacobs wrote an article for Forbes titled “Six Ways To Store Securely The Keys To Your Online Financial Life” on February 15, 2011. Ms. Jacobs is also the author of the popular book Estate Planning Smarts. It was my pleasure to be interviewed for and mentioned in this article.

As I’ve mentioned before, planning ahead for passwords, online accounts, and digital property is essential: (1) to arrange for full access to digital property; (2) to keep costs down; (3) to provide for a smooth administration; and (4) to ensure no property is overlooked for an inventory or estate tax return. If you haven’t planned ahead, computer security experts can access and recover many types of digital property, but, it can be a time–consuming and expensive process. And, a strong password plus strong encryption can make it practically impossible to access a person’s data if you don’t know the password.

As the Forbes article points out, there are a variety of ways to keep track of and securely store your important passwords and online account information. Find a method or combination of methods that works well for you.

A hybrid method combining a written “master” password and an electronic list of passwords, online accounts, and digital property can be very effective and user–friendly. Write down the “master” password and instructions for how to find and access the electronic list, and keep it in a sealed envelope in a safe deposit box, a home safe, or even your attorney’s will and trust vault. Then, maintain an encrypted electronic list of your online accounts and separate strong passwords for each account. That way, you only need to remember the “master” password in order to access all of your online accounts. Keep the electronic list current and updated in your smartphone, computer, or both as your online accounts and passwords change over time. If you change the “master” password, it’s only one password to update at the safe deposit box, home safe, or attorney’s vault. Just make sure family members and fiduciaries know where you keep your “master” password, and they have the key to the safe deposit box, the combination to the home safe, or the appropriate authorization to obtain it from the attorney’s vault when the need arises.

This hybrid approach permits you to:

  1. Easily maintain your list of current online accounts and passwords with an encrypted electronic list that can go wherever you go (using a smartphone or computer);
  2. Generate and use separate strong passwords for each online account without having to memorize them;
  3. Keep possession of the encrypted electronic password list to avoid unauthorized use; and
  4. Enable your designated fiduciaries or family members to have full access to your encrypted electronic list of online accounts and passwords with the “master password” from the safe deposit box, home safe, or attorney’s vault.

Some of the popular and easy–to–use tools that enable you to create and maintain an encrypted electronic list on both your smartphone and your computer include LastPass, KeePass, and RoboForm. One especially useful feature of these tools is that they can integrate with your Web browser and automatically look up and enter your passwords for your online accounts—this feature finally makes it practical to use separate strong passwords for each online account! Who wants to memorize or try to enter those long strings of uppercase letters, lowercase letters, numbers, and symbols? Another useful feature is synchronizing your encrypted electronic list among all of your smartphones and computers so you always have your current information no matter what device you are using. Other software tools and Web–based services are also available to maintain these lists, and some of the newer Web–based services are designed to facilitate access by a fiduciary or family member upon incapacity or death. Some of these tools are free, and others charge a nominal fee for the software or services.

Whatever method or combination of methods you choose, make sure you plan ahead for your passwords and online accounts—failure to plan ahead is a plan to fail!

Posted in General | Tagged , , , , , , , | Comments Off on Jim Lamm Quoted in Forbes Article on Estate Planning for Passwords and Online Accounts

Identity Fraud Dropped 28% in 2010

Posted on February 8, 2011 by Jim Lamm

According to the 2011 Identity Fraud Survey Report released on February 8, 2011, by Javelin Strategy & Research, identity fraud dropped by 28% in 2010. In terms of the number of identity fraud incidents, that’s a drop of about three million victims in one year! While both the number of identity fraud incidents and the average dollar amount of the fraud per victim fell in 2010, the average out of pocket cost to the victim (paying fraudulent debts, paying legal fees, and other charges) increased by 63% in 2010.

The report provides six safety tips to protect against identity fraud:

  1. Keep personal data private;
  2. Don’t overshare on social networks;
  3. Use your debit card wisely;
  4. Be vigilant;
  5. Learn about identity protection services; and
  6. Report problems immediately.

For an incapacitated or deceased person, family members and fiduciaries should be alert for and protect against identity fraud. As Francis Bacon wrote, “Opportunity makes a thief.” In the 2011 Identity Fraud Survey Report mentioned above, they found that fraud committed by someone who knew the victim increased by 7% in 2010. To monitor for potential identity fraud, the appropriate fiduciary can request a credit report on the person from one or more of the three nationwide consumer credit reporting companies: Experian, Equifax, and TransUnion. If the person is incapacitated, adding a Security Freeze at these three credit reporting companies prevents credit card companies, lenders, and others from accessing the person’s credit report without consent. If the person is deceased, send a copy of the person’s death certificate to each of these three credit reporting companies and request that the person’s account be listed as closed because the person is deceased.

Posted in Financial Accounts, General, Social Networking Accounts | Tagged , , , , , , , , | Comments Off on Identity Fraud Dropped 28% in 2010

Three Recent Articles on Estate Planning for Passwords, Online Accounts, and Digital Property

Posted on February 3, 2011 by Jim Lamm

Here are three recent news articles discussing estate planning for passwords, online accounts, and digital property:

Posted in General | Tagged , , , , , , , | Comments Off on Three Recent Articles on Estate Planning for Passwords, Online Accounts, and Digital Property

“Live” Funeral Video Broadcasting Over the Internet

Posted on January 31, 2011 by Jim Lamm

On January 24, 2011, The New York Times ran an article titled “For Funerals Too Far, Mourners Gather on the Web.” Author Laura Holson reports that funeral homes and software companies are using new technologies to broadcast a video of a person’s funeral over the Internet so that family members and friends can be included wherever they are located. In addition to the “live” streaming broadcast of the funeral, the technology can also preserve the video for family members and friends to view in the future. This sounds like an excellent way to preserve the eulogies, photos, songs, and other memories of a loved one.

The companies mentioned in the article that broadcast funeral videos are:

The article makes an excellent point about privacy and the personal nature of funerals. The companies could require a password before a family member or friend is allowed to view the funeral video, which would address those privacy concerns.

Posted in General | Tagged , , , , , , | Comments Off on “Live” Funeral Video Broadcasting Over the Internet

House Subcommittee Considers Mandatory Data Retention Rules for Internet Service Providers

Posted on January 27, 2011 by Jim Lamm

One of the topics that generated several questions and additional discussion during my presentation at the 45th Annual Heckerling Institute on Estate Planning on January 12, 2011, was data retention rules for Internet Service Providers (ISPs) and online accounts. For example, how soon does Google delete the e–mails in your Gmail account after you are incapacitated or deceased? Is the data “actually deleted,” or could the government compel production of the data from the Internet service provider in a criminal investigation?

On January 25, 2011, the Crime, Terrorism, and Homeland Security Subcommittee of the House Committee on the Judiciary held a hearing related to these issues. The hearing was titled “Data Retention as a Tool for Investigating Internet Child Pornography and Other Internet Crimes,” and it has implications beyond just criminal investigations. From an individual’s perspective, the data retention policies of Internet service providers impact personal privacy. From an Internet service provider’s perspective, having longer mandatory data retention requirements imposed by the government increases the costs of doing business because of the significant additional data storage (and backup) requirements.

Jason M. Weinstein, Deputy Assistant Attorney General for the Department of Justice, and others testified at the hearings. Hearing documentation will be available at the House Committee on the Judiciary Web site.

Here are a few links to stories and quotes from the hearing:

What does this mean for estate planning and administration? After reading the frustrations of law enforcement quoted in the Ars Tehnica article (emphasizing that Internet service providers may have very short user data retention policies), it underscores the importance of planning ahead for passwords, online accounts, and digital property. It also underscores the importance of acting quickly to find, access, and protect digital property in a guardianship, conservatorship, probate estate, or trust administration. The free e–mail accounts, free social networking accounts, free Web page hosting accounts, free photo–sharing accounts, and other online accounts don’t last forever. Whether the data has financial value or merely sentimental value, it’s important to act quickly to preserve digital property in an administration.

Posted in E-mail, General, Social Networking Accounts, Web Pages and Blogs | Tagged , , , , , , , , | Comments Off on House Subcommittee Considers Mandatory Data Retention Rules for Internet Service Providers

Data Encryption and Estate Planning for Incapacity and Death

Posted on January 26, 2011 by Jim Lamm

During my presentation at the 45th Annual Heckerling Institute on Estate Planning on January 12, 2011, I mentioned that a strong password plus strong encryption can make it practically impossible to access an incapacitated or deceased person’s data if you don’t know the password. I gave a few examples of this during the presentation, and, in this posting, I want to provide more details to underscore the importance of planning ahead for passwords in the estate planning process.

Basically, encryption scrambles computer data so that you can’t read it without a password. Encryption can scramble a single data file or it can scramble an entire hard drive (or other storage media). With “weak” or “insecure” encryption, the data can be unscrambled relatively easily without knowing the password. Basically, a computer can guess all the possible passwords within a reasonable amount of time, which makes the encryption insecure. With “strong” encryption, it’s practically impossible to unscramble the data because it takes too long to guess all the possible password variations.

In the 1970s, 1980s, and 1990s, the U.S. Government used Data Encryption Standard (DES) to encrypt and protect data. DES uses a 56–bit key. Think of this “key” as the number of possible password variations. A 56–bit key has 256 possible password variations, which is about 72 quadrillion password variations (72,057,594,037,927,936 variations). In 1997, a $10,000 prize was offered to the first team that could unscramble a single DES encrypted message, and the winners were a team of scientists and about 78,000 volunteers who linked their computers together and unscrambled the message in about two months (link). By a 2008, special-purpose computer, built for just a few thousand dollars, could unscramble a DES–encrypted message in under a day (link).

Now, the U.S. Government uses the Advanced Encryption Standard (AES) for classified and top secret information, and you can use the same encryption on your home computer. AES uses 128–, 196–, or 256–bit keys, so there are significantly more possible password variations for AES than DES. For example, a 128–bit key has 2128 possible password variations, which is about 340 undecillion password variations (340,282,366,920,938,463,463,374,607,431,768,211,456 variations).

At the Heckerling Institute, I mentioned an example from a Technology Paper published by Seagate on 128–bit Versus 256–bit AES Encryption. Seagate makes hard drives that are protected by AES encryption. For their example, they assume there are 7 billion people, each person has 10 computers, and each computer could guess 1 billion passwords per second. If the password on a single 128–bit AES–encrypted file could be guessed after trying only 50% of the possible password variations, they conclude it would take 77 septillion years (that’s a 77 with 24 zeros after it) to guess the password.

However, I believe they made an error in their computations, and the result should be 77 billion years to the guess the password. They show their computations on page six of their Technology Paper. It looks like they divided by the number of seconds in a year (I’m using 31,556,926 for this number) instead of multiplying by the number of seconds in a year. You can tell because the number of “Total combos per second” (password guess attempts per second) is larger than the number of “Total combos per year” (password guess attempts per year). Clearly, there should be more password guess attempts made in a one-year period of time than in just one second. So, by multiplying by the number of seconds in a year instead of dividing by that number, it would take about 77 billion years to guess the password of a single 128–bit AES–encrypted file or hard drive (77,022,341,629.5 years).

According to NASA, the age of the universe is about 13.7 billion years, give or take 0.13 billion years. So, with the example above, it would take about 5.6 times longer than the age of the universe to guess the password of a single 128–bit AES–encrypted file or hard drive. If we want to guess the password of a second 128–bit AES–encrypted file or hard drive, it would take an additional 77 billion years! That’s why I say that a strong password plus strong encryption can make it practically impossible to access a person’s data if you don’t know the password.

On the other hand, using a “weak” password wipes out the protection of strong encryption. For example, if the password is one of the 470,000 or so entries in Webster’s Third New International Dictionary, Unabridged, or in The Oxford English Dictionary, Second Edition, or if it’s one of the 5,000 or so most commonly–used passwords or a variation on these, then even a typical home computer could probably guess the password of an AES–encrypted file in just minutes.

If we applied the same assumptions above (70 billion computers each guessing 1 billion passwords per second) on a single 56–bit DES–encrypted file or hard drive, it would not even take a full second to guess the password (0.0005 seconds)! Technically, the difference between 56–bit DES and 128–bit AES should be even larger than this because it takes more computational power to guess a single AES password than it does to guess a single DES password in general, so the same computer should be able to guess significantly more DES passwords per second. But, for our purposes, comparing less than a second to guess a 56–bit DES password versus 77 billion years to guess a 128–bit AES password is dramatic enough to illustrate the difference between “weak” versus “strong” encryption.

If 5.6 times longer than the age of the universe isn’t long enough for you (using 128–bit AES encryption), consider using 256–bit AES encryption. If we applied the same assumptions above (70 billion computers each guessing 1 billion passwords per second) on a single 256–bit AES–encrypted file or hard drive, it would take about 26 quindecillion years (26,209,344,715,487,043,370,350,318,887,362,908,146,482,868,240,272 years) to guess a single password!

To tie these examples to current events, consider WikiLeaks and its editor–in–chief Julian Assange. According to news reports by CNN and AlterNet in December of 2010, Mr. Assange recently released a 1.4 GB data file on the Internet scrambled with 256–bit AES encryption. It’s been called an insurance policy or “poison pill” in case he is arrested, assassinated, or his Web site is shut down. If that happens, his colleagues will release the password to unscramble the data. He’s hiding his secrets in plain sight, where anyone can try to guess his password. But, with the strong encryption method he selected (and presuming a strong password), he knows that it’s practically impossible with current technology to guess his password and access the protected data.

So, what should fiduciaries and family members do if a person becomes incapacitated or dies with encrypted data and did not plan ahead for passwords? Hire a computer expert to try to access and recover the data. This can be expensive and time–consuming. Also check for backups of the data on an external drive (or other storage media) or at an online backup service provider. The bottom–line is that, if the person used a strong password and strong encryption but didn’t plan ahead for his or her passwords, it’s probably not possible to access the data.

Posted in General | Tagged , , , , | Comments Off on Data Encryption and Estate Planning for Incapacity and Death

Jim Lamm Presents on Estate Planning for Passwords, Online Accounts, and Digital Property at 2011 Heckerling Institute

Posted on January 13, 2011 by Jim Lamm

On Wednesday, January 12, 2011, I presented a ninety–minute seminar titled “Estate Planning 2.0: Digital Property and Tech–Savvy Clients—Time to Reboot Your Practice” with Karin C. Prangely at the 45th Annual Heckerling Institute on Estate Planning in Orlando, Florida. We talked about the intersection of technology with estate planning, estate and trust administrations, guardianships, and conservatorships.

The theme of our presentation was that technology has changed the way we interact with people and transact business. When we cross over from physical interactions and transactions to digital interactions and transactions, we add a layer of: (1) additional contracts and Terms of Service agreements; (2) conflict of laws issues dealing with online service providers in other states and countries; and (3) we add new challenges for family members and fiduciaries trying to find and access important information because the digital world is protected by passwords and encryption.

Beyond the digital world merely being a parallel to our physical world’s interactions and transactions, there are entirely new types of valuable or important property that only exist in the digital world. Some of this digital property has financial value, and some has sentimental value.

The most important point of our talk was that planning ahead for passwords, online accounts, and digital property is essential: (1) to arrange for full access to digital property; (2) to keep costs down; (3) to provide for a smooth administration; and (4) to ensure no property is overlooked for an inventory or estate tax return. If you haven’t planned ahead, computer security experts can access and recover many types of digital property—even more than you may initially think is possible. But, it can be a time–consuming and expensive process. And, a strong password plus strong encryption can make it practically impossible to access a person’s data if you don’t know the password. In addition, many types of online accounts, including free e–mail accounts and other free online accounts, typically cannot be fully accessed without knowing the person’s password, and many of the online service providers will not reveal an incapacitated or deceased person’s password to the person’s fiduciaries or family members under their policies or Terms of Service agreement.

I wrote a 69–page outline for this seminar that describes how to identify, find, access, value, protect, and transfer important digital property in a guardianship, conservatorship, probate estate administration, or trust administration. Also included is a seven–page questionnaire to use for gathering information about valuable and important passwords, online accounts, and other digital property. A copy of the Table of Contents from my outline is attached to this posting, and a copy of the fully outline is available upon request.

Attached file: Estate Planning 2.0: Digital Property and Tech–Savvy Clients—Time to Reboot Your Practice

Posted in General | Tagged , , , , , , , | Comments Off on Jim Lamm Presents on Estate Planning for Passwords, Online Accounts, and Digital Property at 2011 Heckerling Institute

Conduct a Digital Fire Drill to Identify Important or Valuable Digital Property

Posted on January 6, 2011 by Jim Lamm

When I talk with people about doing estate planning for their digital property—their passwords, online accounts, computers, smartphones, and electronic data—I sometimes ask them to conduct a “digital fire drill”:

  • If your computer is lost, stolen, or damaged today, what valuable or significant digital property would you lose?

  • If you are in an accident today, can your family and fiduciaries access your valuable and significant digital property while you are incapacitated?

  • If you die today, what valuable or significant digital property would you want your family or friends to have?

Clearly, for a person’s digital property with financial value, they should plan how to access it, protect it, and transfer it if the person becomes incapacitated or dies. But don’t overlook digital property with sentimental value.

When a family survives an actual fire, flood, or theft, they probably aren’t regretting the loss of their checkbook register from 2008 (although that may be important). They’re wishing they could recover the video of their son’s first steps and the photos they took at their daughter’s wedding.

With printed photos, negatives, DVDs, videocasettes, and other video formats, copies could be made of the media and stored somewhere safe, but this might be expensive and time–consuming. With digital photos and videos, copies can be inexpensive and convenient. Older formats can be converted to a digital format also—which puts us back in the expensive and time–consuming column, but the digital format gives more flexibility for making and storing secure copies in the future.

Consider using an online storage account to store a backup of your computer’s data in case of fire, flood, or theft. I talked to a family recently who paid over $5,000 to recover the contents of a damaged hard drive. They did not have any valuable business information, intellectual property, or other data of financial value on the hard drive—it was just data with sentimental value. One data recovery service company, Kroll Ontrack, estimates that it typically costs about $1,000 to cover the data for a typical desktop computer. As a comparison, online backup service Carbonite currently charges $54.95/year for unlimited data backups.

Many people save their photos to Facebook or other social networking accounts, and send and save copies of photos in their e–mail accounts. A recent article on TechCrunch reported that Facebook has been averaging 100 million new photos a day, and saw over 750 million new photos uploaded just over the 2011 New Year’s Weekend!

While uploading photos or videos to Web sites can protect against the damage to or theft of your computer locally, remember that a person’s online account might be closed if the person dies or becomes incapacitated, depending on the Terms of Service agreement. Also, sometimes these online accounts encounter problems, which is what happened when over 17,000 Microsoft Windows Live Hotmail users found that their e–mails and attachments were inadvertently deleted in December 2010. Microsoft very quickly restored the missing e–mails and attachments, but you can’t count on that from every online service provider. Sometimes online service companies close down entirely, and sometimes they scale back or shut down services. For example, on December 14, 2010, Yahoo eliminated 600 jobs, and, shortly after, Yahoo announced a possible sale and “exploring a variety of options” for their popular Internet bookmark–sharing service Delicious. Over 5 million users will be affected by Yahoo’s planned changes for Delicious. User accounts might also be deleted for a violation of the Terms of Service agreement, including copyright violations.

The bottom line is to keep in mind what digital property is important, whether that has financial value or a sentimental value, and plan ahead for it.

Posted in General, Intellectual Property Rights, Social Networking Accounts | Tagged , , , , , , , , | Comments Off on Conduct a Digital Fire Drill to Identify Important or Valuable Digital Property

Article in The New York Times: “Cyberspace When You’re Dead”

Posted on January 6, 2011 by Jim Lamm

On January 5, 2011, The New York Times posted “Cyberspace When You’re Dead,” by Rob Walker. It’s a well-written overview of the problems of a person’s death and leaving behind a Twitter account, Facebook account, e-mails, and video games characters and items.

Posted in E-mail, General, Social Networking Accounts, Video Games & Virtual Worlds | Tagged , , , , , , , , , , | Comments Off on Article in The New York Times: “Cyberspace When You’re Dead”