What is the Problem?
I love computers and technology. I was a Senior Server Engineer for 20 years before I became an Estate Attorney six years ago. As over two trillion dollars under management flowed through some of the servers I managed, security was extremely important.
The first thing we did to keep things secure was to tell users “do not write passwords down.” The second thing we did was to make sure users changed their passwords every 60 days and require them to use complex passwords.
When clients come to us following a death, the first question we ask is “What are the deceased’s assets and where are they kept?” Sometimes everything is well documented and we guide them through getting control of the assets. However, sometimes nothing is documented and they have no idea what assets the decedent had.
In those cases, I suggest they go through the mail and have future mail rerouted to watch for bills, bank statements, etc. However, as we all know, financial accounts are trending towards being paperless. Bills and statements are now delivered via email. If a client does not have the password to the email account, what can be done?
In addition to email accounts, there are digital assets in the form of blogs, photos, music, software, Facebook and Twitter accounts and the like. Unlike other assets such as real estate or money held in a financial institution, there are digital currencies such as bitcoins that have their private key (the only way to access the currency) stored on a person’s computer or at a digital exchange in a secure format with password access.
Getting access to the email and digital assets when the owner cannot provide the information because of incapacity or death can be challenging or impossible. One would hope that the law is keeping up with technology but, as the title implies, we are back in the Wild West in many ways.
California Law is out of Date
California currently has no statute that would cover this issue except Cal Bus Prof § 17538.35, which covers when and how an email account can be terminated by the email provider. Moreover, trying to use California law, if it existed, could be problematic for a company that is out of state, for jurisdictional reasons.
The federal law in this area is covered by the Computer Fraud and Abuse Act (CFAA) (18 USC §1030) and the Stored Communications Act (SCA) (18 USC §§2701–2712), which cover who can access accounts, among other things.
Summarizing the law, the power to take control of a digital asset has to be explicit as a power the fiduciary can take on behalf of the client. More troubling is the following impact of the federal law: Even if a fiduciary has gained the password to an account, if the fiduciary does not have permission that complies with the federal law, they are in violation of the law by accessing the accounts.
Therefore, general provisions in a power of attorney or a will that allow the fiduciary to take control of all assets are not enough. Colleagues who were facing this issue contacted companies such as Yahoo and Google, which stated that they will not give a fiduciary access to an account unless the source document for their power specifically mentions the category of asset, even if the court has granted the fiduciary general powers in a probate administration. The reason they cite is that without that express permission in the documents, the fiduciary is violating federal law.
Although prior to becoming an attorney I counseled clients not to write down passwords, when presented with estate administration issues, I favor just the opposite approach as it can save the fiduciary a lot of time and energy in the end. Writing passwords down can be a much more practical and effective approach than relying on companies to give access to a fiduciary who does not have the password.
Where to store that list is an issue in itself. There are digital vaults and physical vaults. The digital vaults can offer things such as a single password to access the rest of the passwords; however, hackers have a knack for finding flaws in any computer code. If found, a hacker could gain access to all of the passwords.
In addition, there is the issue of where to store the one password that produces access to the digital vault. Physical vaults such as a safe deposit box ensure that there is no hacker involved, but they can be cumbersome to keep updated; a change in the password means a trip to the bank.
There is no perfect answer. When I was confronted with a death in my family, it was easier to handle matters because the passwords were written down.
The Uniform Law Commission is meeting this summer to hopefully approve the new uniform law entitled “Fiduciary Access to Digital Assets Act.” If that commission does approve this new law, perhaps California will take notice and either adopt the law or put a similar one in place.
As California has not tackled this issue yet, it is in our clients’ best interest to put specific language in estate planning documents to give the fiduciary the power to take control of the digital assets under federal law. This assumes, however, that the client will tolerate someone reading their email and having access to their photos post-mortem. It may be time to add to our interview checklist some discussion regarding this power.
Adding specific language to the durable power of attorney and will should be sufficient to give the fiduciary the proper authority when contacting companies to gain access to the asset under the federal law. Also, having that language in the document keeps the fiduciary from violating the federal law by giving the fiduciary permission to access the account. As stated above, without that language in the documents, the fiduciary is violating federal law by accessing the account.
It may be possible to assign the assets to a trust; however, that may be problematic as digital assets are much more likely to change than traditional assets such as bank accounts and real estate. Trying to overcome the frequency of change by listing email accounts on the schedule as “All email accounts” is probably not specific enough, just as “All real estate” is not specific enough for an 850 petition. Moreover, some assets such as bitcoins may not have an identifiable way of being listed. Additionally, what if new types of assets are created by technology that we couldn’t anticipate for the schedule?
Regarding the specific language to insert into a will and durable power of attorney, I recommend using CEB’s language, which can be found in their drafting treatise (CEB, California Will Drafting §33.52; CEB, Drafting California Revocable Trust (Pour Over Will) §22.9; CEB, California Powers of Attorney and Health Care Directives §5.11A).
When I started to put this language into documents, CEB didn’t have specific language to refer to. Instead, I have been using language that was shared with me a few years back by an Oregon attorney, Michael Walker. He has given me permission to print his current language for durable powers of attorney, which can also easily be adapted to be used in a will. The language is as follows:
“Digital Assets. To take any action with respect to any Digital Assets owned by me as my agent shall deem appropriate, including, but not limited to, accessing, handling, distributing, disposing of, or otherwise exercising control over or exercising any right (including the right to change a terms of service agreement or other governing instrument) with respect to such Digital Assets. My agent may engage experts or consultants or any other third party, and may delegate authority to such experts, consultants or third party, as necessary or appropriate to effectuate such actions with respect to the Digital Assets, including, but not limited to, such authority as may be necessary or appropriate to decrypt electronically stored information, or to bypass, reset or recover any password or other kind of authentication or authorization.
This authority is intended to constitute “lawful consent” to a service provider to divulge the contents of any communication under The Stored Communications Act (currently codified as 18 U.S.C. §§ 2701 et seq.), to the extent that such lawful consent is required. For purposes of this Power of Attorney, “Digital Assets” shall include files stored on any of my digital devices or digital owned by me, including but not limited to, desktops, laptops, tablets, peripherals, storage devices, mobile telephones, smart phones, cameras, electronic reading devices and any similar digital device which currently exists or may exist as technology develops or such comparable items as technology develops, regardless of the ownership of the physical device on which the digital item is stored.
“Digital Assets” shall also include, without limitation, emails received, email accounts, digital music, digital photographs, digital videos, software licenses, social network accounts, file sharing accounts, financial accounts, domain registrations, DNS service accounts, web hosting accounts, tax preparation service accounts, online stores, affiliate programs, other online accounts and similar digital items which currently exist or may exist as technology develops or such comparable items as technology develops, including any words, characters, codes, or contractual rights necessary to access such items, regardless of the ownership of the physical device upon which the digital item is stored.”
While working in the computer field, I was often reminded that the only constant is change. The same can be true in law. Keep watching for new legislation, and have a conversation with your clients about what would happen if no one had access to their digital assets.
Matthew M. Hart is a solo practitioner with offices in Antioch and Walnut Creek. He focuses on Estate Planning, Trust Administration, Probate and Business Formation. Matthew@MatthewHartLaw.com.
Filed Under: Featured