Gallet Dreyer & Berkey, LLP | Estate Planning For Digital Assets
This links to the home page

Estate Planning For Digital Assets

2/11/2016 | By: David N. Milner, Esq. | Winter 2016 Newsletter
If you are not familiar with the term “digital assets” you should be. Chances are you have more than one.

For example, if you use email, do online banking, prepare your income tax returns using online software, have your credit card and other monthly statements sent to you electronically, listen to music that you have downloaded from one of the many commercial sources, share photos with your friends and family or “Tweet,” “friend,” “Link-in” or otherwise attempt to stay in touch electronically, you have digital assets.

As wonderful and time saving as these forms of communication may be, they pres­ent a host of challenges for those who need to become concerned with the affairs of someone that has digital assets. Both legal and practical issues present themselves. However, the law is vague and unsettled.

While this article will focus on the digital assets of someone that has died, it is equally relevant to those operating as the trustee of a trust or pursuant to a durable power of attorney.

Before being able to deal with digital assets in any manner, a person has to first identify their existence. How is one to know if the decedent did his banking online, or if he accessed his credit card, bank and brokerage accounts online?
Assuming you have the ability to ascertain the existence of these digital assets, how do you go about accessing these accounts? Having the username and password may give you the practical ability to access the account, but are you doing so legally?

All 50 states have criminalized unauthor­ized access to digital accounts. Yet only 9 states1 have statutes governing the extent to which digital assets and records of a decedent or someone that is incapacitated can be accessed without incurring crimi­nal liability. New York is not one of them. Of the 9, only Delaware specifically addresses a fiduciary’s right to access digital accounts and assets. The other 8 statutes are more limited to permitting a representative access to email and social networking accounts.

The Federal laws governing digital assets that were passed in 19862 prohibit access to digital assets without specific user authorization and make unauthorized access a Federal criminal offense. Under the federal statutes it is unclear whether a fiduciary that has legally obtained the username and password directly from the account holder, but was not specifically authorized by the account holder to access the online account, would be prosecuted.

This is further complicated by the terms of service (“TOS”) agreements that all of us automatically “agree” to in order to open an online account or gain access to something we might want to read. Most of the TOS agreements specifically prohibit access to another’s account. It is the author’s under­standing that while the Department of Justice has indicated that it will not prose­cute minor violations of TOS agreements, it has not provided guidance as to what constitutes a “minor violation.”

This area of the law is, and in all likelihood will, continue to evolve for many years to come. However, there is an apparent desire for clarity and consistency. The Uniform Law Commission (a/k/a the National Conference of Commissioners on Uni­form State Law) passed the Uniform Fiduciary Access to Digital Assets Act (“UFADAA”) on July 16, 2014 giving fiduciaries the authority to access, control and manage digital assets. It is important to note that the UFADAA will only pro­tect a fiduciary. It does not protect the family members of the account holder unless they are also a fiduciary.

To date, the UFADAA has not been enacted in New York. In fact, Delaware is the only state to have successfully passed the legislation despite widespread intro­duction in state legislatures. In July of 2015, a revised version of the UFADAA was released by the Uniform Law Com­mission that purported to address some of the privacy concerns raised by the original legislation. In the interim, NetChoice, an opponent of the UFADAA, introduced its own piece of legislation, the Privacy Expectation Afterlife and Choice Act, or PEAC, which Virginia adopted in 2015.3
While the laws themselves remain unclear, what is clear is that one should assign the same level of significance to planning for the transfer of digital assets as for other traditional assets. At the very least one should make it very clear in their estate planning documents (i.e., their will, living trust, etc.) that their fiduciary (indeed for this purpose one may wish to appoint a special fiduciary) have the authority to access, use and control their digital assets, which should include the equipment used to access the online accounts. It is equally important that the fiduciary be provided with a regularly updated inventory of one’s digital assets including the account num­ber, username and password associated with each digital asset.

This is one area where a little bit of self-help may go a long way. You should carefully review the TOS agreement -- albeit after you may have “agreed” -- to see what the provider will and will not permit. For example, Facebook allows an account holder to appoint a “legacy contact” that will permit the appointed person to respond to new friend requests, or update the decedent’s profile picture, but will not permit the contact to make posts as if they were the decedent, or to see the decedent’s private messages. Facebook will also allow for the closing or freezing of a decedent’s account but will not permit the password to be reset or released, nor will they permit the account to be transferred. While the inability to transfer an account seems to be consistent amongst the service provid­ers, Google+, Twitter, Amazon, and Apple iTunes permit an authorized person to close the account.

With respect to email accounts, Yahoo! requires a court order to close the account while Google and Hotmail will permit a properly documented fiduciary to do so. Access to an employee’s email account will of course depend upon the policy of the employer.

What does appear to be consistent is the refusal to release passwords or permit them to be reset. The take-away here is that while you may have the ability to close the account, you may not necessarily have the ability to access the account. This may very well make the already daunting task of identifying a decedent’s digital assets more difficult since one has to assume that much of the information con­cerning the existence of these digital assets may be contained in the body of email exchanges between the decedent and the service provider.
1 As of December 31, 2015, Connecticut, Delaware, Idaho, Indiana, Louisiana, Oklahoma, Rhode Island, Virginia, and Nevada.
2 The Stored Communications Act (“SCA”) and the Computer Fraud and Abuse Act (“CFAA”).
3 National Conference of State Legislatures, Access to Digital Assets of Decedents Available online