Every 60 seconds over 168 million e-mails are sent, 695,000 Facebook status updates are posted, 100 people join LinkedIn, 320 new Twitter accounts are created, 600 digital videos are added to YouTube, and 6,600 photos are added to Flickr.
Digital assets are part of our everyday lives and are here to stay. Recent studies have found that, among Americans, 85% of adults and 95% of teenagers use the Internet. Of those Americans, 80% of them (more than 120 million) engage in social media such as Facebook, LinkedIn, or Twitter, which is more than 25% of all time spent on-line. More than 50% of American seniors are on-line. And a surprising 92% of children under the age of two have a digital presence.
The world of digital assets is broad, but planning for these assets is often overlooked. Further, digital assets have been growing quickly, and perhaps too quickly because, unfortunately, the existing state and federal laws on digital assets are underdeveloped. Moreover, on-line service providers each have their own terms of service (TOS) agreements, and these agreements are not uniform. With the rapid growth of digital assets, lack of current legal guidance, and inconsistent service agreements, it is important for your clients to be aware of potential issues that can arise over their digital assets and plan accordingly. As a trusted and well-informed advisor, you should be well positioned to explore these issues with your clients and help them create an effective solution.
What Are Digital Assets?
Digital assets are items of information created, generated, sent, communicated, received, or stored by electronic means on a system for the delivery of digital information or on a digital device. A digital asset thus is any item of text or media formatted into a binary source that includes the right to use it—think electronic record. The three major groups of digital assets can be defined as textual content (digital assets), images (media assets), and multimedia (media assets).
Digital assets and devices are still in their infancy. It may be hard to believe, but the iPhone and Kindle are only seven years old (first generation released in 2007) and the iPad only four years old (first generation released in 2010). The box below shows some of the most common digital assets and their creation date:
Current State of the Law—Obstacles to Access
. . . the digital world is like the “Wild West” in that its growth has outpaced legal and regulatory efforts.
In the modern world, digital assets have largely replaced tangible ones. Documents are stored in electronic files rather than in file cabinets. Photographs are uploaded to web sites rather than printed on paper. The laws governing fiduciary access to these digital assets, however, are scarce, outdated, or non-existent. Federal and state laws both present obstacles to accessing digital assets. All 50 states have criminal laws prohibiting unauthorized access to digital assets, but only nine states, Connecticut, Delaware, Rhode Island, Indiana, Louisiana, Oklahoma, Idaho, Virginia, and Nevada, have enacted statutes governing digital assets. Numerous other states have proposed legislation or are in the process of drafting legislation. All of the existing state statutes grant a fiduciary access to digital assets and eliminate state criminal liability, but there is no uniformity on how they treat digital assets (for example, types of digital assets covered, whether death or incapacity is covered, and the rights and type of fiduciary covered).
Federal law is outdated and thus provides little guidance on planning for digital assets. The two federal laws governing digital assets are the Stored Communications Act (SCA) and the Computer Fraud and Abuse Act (CFAA), both passed in 1986. In fact, federal law may add constraints to planning because it allows access to on-line accounts or computers only with specific user authorization and makes intentional unauthorized access, including exceeding authorized access, a criminal offense. For example, under federal law it is unclear whether a fiduciary would be prosecuted if access to a password was directly (and voluntarily) obtained from an account holder and the fiduciary used the password to access the on-line account.
TOS agreements (those pesky “small print” documents that pop up when establishing an account whose “agree” box users typically check without even reading) are another obstacle to access. Many prohibit a user from allowing another to access the user’s account. For example, both Facebook and Microsoft’s Hotmail specifically prohibit anyone else to access/log in to another’s account. In addition, employers usually do not allow anyone to access an employee’s account other than the employee. The U.S. Department of Justice has expressed that it is a crime to violate a web site’s TOS agreement; however, it has not prosecuted minor violations, even though it has not expressed what constitutes a minor violation. Fiduciary access to an incapacitated or deceased person’s on-line accounts may be a federal crime if it “exceeds authorized access” as described in an on-line service provider’s TOS agreement.
These obstacles leave account holders uncertain about the future of their digital assets, service providers fending for themselves when drafting their TOS agreements, and fiduciaries choosing whether to risk civil liability if they refuse to manage digital assets or criminal liability if they perform their duties.
Current State of the Law— And a Solution?
Do not go where the path may lead, go instead where there is no path and leave a trail.
—Ralph Waldo Emerson
The Uniform Law Commission (also known as the National Conference of Commissioners on Uniform State Laws) passed the Uniform Fiduciary Access to Digital Assets Act (UFADAA) on July 16, 2014. The primary purpose of UFADAA is to grant fiduciaries the authority to access, control, and manage digital assets while maintaining the account holder’s privacy and intent. In other words, it fills a void by creating a legal right where none had existed.
The UFADAA is model legislation that can be enacted by state (not the federal) legislatures. An issue that the drafting committee had to overcome was the Supremacy Clause and the Supreme Court’s interpretation. The Supreme Court has long held that state laws in conflict with federal laws are “without effect,” or, said another way, a federal law that conflicts with a state law “preempts” the state law. To ensure that UFADAA would be enforceable by fiduciaries against service providers, the committee had to craft a law that would not be directly in conflict with federal law and would survive constitutional challenge.
UFADAA specifically defines a fiduciary as an authorized user, which should avoid liability for the fiduciary under the federal laws as well as applicable state laws that prohibit unauthorized access. Four types of fiduciaries are addressed by the UFADAA: (1) personal representatives/executors, (2) conservators/guardians, (3) agents under a power of attorney, and (4) trustees.
UFADAA presumes that the interest to manage both digital and nondigital assets is similar and relies on a well-established existing state law pertaining to fiduciaries’ rights over nondigital assets—the right to “step into the shoes” of a decedent to manage the assets. Accordingly, the UFADAA grants the fiduciary the same authority as the account holder over the digital assets.
For TOS agreements, UFADAA provides that “fiduciary access, by itself, will not be deemed a violation of a TOS agreement or deemed unauthorized transfer of an account” simply because the account holder consented to the likely unread TOS agreement. Further, fiduciary access will not be deemed a violation of a TOS agreement.
It is important to understand that the UFADAA applies only to fiduciaries, as defined. A family member of the account holder may seek to access the decedent’s account, but, unless she is a fiduciary, the UFADAA does not cover her actions.
What Can We Do Now? Plan!
Fiduciaries face many obstacles with respect to digital assets that do not apply to traditional assets, including password protection and encryption. Therefore, proactive planning for these assets is necessary. Clients should take two critical steps.
First, identify and create an inventory (hard copy or electronic) of all digital assets. The inventory can and should be updated regularly. A different plan for each category of digital asset may be needed.
Many applications exist to help clients plan for their digital assets. For clients who change their password frequently or use many different passwords (both recommended for security purposes), applications such as 1Password, LastPass, and Dashlane store all passwords with access to the list through only one main password. The future may bring more simplicity as fingerprints may become the new form of password. Several third-party digital asset storage providers also act as “electronic safe deposit boxes” that release information only on the user’s death or incapacity. These allow clients to easily update information during life and grant their executor or guardian immediate access on death or incapacity. Privacy concerns exist, however, because these storage providers are targets for identity theft. In addition, this is a relatively new industry and there are no guarantees these companies will still be in business at a client’s passing.
Second, provide the fiduciary access to the digital assets.
During life, a client may wish to grant an individual the ability to have immediate access by creating an account with multiple users or appointing an agent through a durable power of attorney. If using a durable power of attorney, a provision granting access to digital assets (which could be specific to certain types of digital assets or broadly apply to all digital assets) should be explicitly included. Currently no states have modified their power of attorney statutes to include digital assets. In addition, a review of the TOS agreement is essential because it may trump any lifetime planning. Your client also may wish to create backup files of his tangible media through DVDs, CDs, flash drives, external hard drives, or a cloud service.
After death, a last will and testament or revocable trust can give a fiduciary access to a decedent’s digital assets. The will or trust can specifically devise digital assets and appoint a fiduciary (such as a “digital executor” or “digital trustee”) to administer the digital assets. Another option is to draft a separate letter of instruction for digital assets and incorporate it by reference into a will or trust (to the extent allowed under state law). Consider including a definition of digital assets in the will or trust (you may want to use your state’s definition if one exists or UFADAA’s definition). Your client’s will and trust should specifically provide which digital assets are under the fiduciary’s control and where and how to dispose of them after death. Explicit directions are more likely to convince the service providers to grant the fiduciary access. The following is sample language to consider including in will or trust fiduciary powers:
To access, use, and control the Settlor’s digital devices, including but not limited to, desktops, laptops, tablets, peripherals, storage devices, mobile telephones, smart phones, and any similar devices which currently exist or may exist as technology develops for the purposes of accessing, modifying, deleting, controlling, or transferring my digital assets.
To access, modify, delete, control, and transfer Settlor’s digital assets, including but not limited to, e-mails received, e-mail accounts, digital music, digital photographs, digital videos, software licenses, social network accounts, file sharing accounts, web hosting accounts, tax preparation services accounts, on-line stores, affiliate programs, other on-line accounts, and similar digital items which currently exist or may exist as technology develops. To obtain, access, modify, delete, and control the Settlor’s passwords and other electronic credentials associated with the Settlor’s digital devices and digital assets described above.
Advisors need to be familiar with the changing federal and state laws relevant to digital assets and the importance of planning for a client’s digital assets under the applicable laws. The estate planning norm of the future will include granting a fiduciary the right to manage digital assets.
As new technologies develop, the number of individuals with digital assets, the types of digital assets held by those individuals, and the importance of those digital assets will continue to rise. Amidst the developing legal landscape, it is important that your clients establish their own plan to deal with their digital assets. Such a plan is essential to (1) make a transition easier (or perhaps possible) for their family or fiduciary in the event of death or incapacity, (2) prevent identity theft, (3) prevent financial loss, and (4) preserve their digital assets with sentimental value (for example, photographs, videos, blogs). n
Treat your password like your toothbrush.
Don’t let anybody else use it, and get a new one every six months.