The Internet has become an expansive virtual world users around the world are exploring, annexing, and defining, just as they always have always done in terra firma, or the natural physical world. With the click of a mouse, anybody has the ability to purchase digital books, movies, and music. People are also using the Internet to communicate with others. We create online accounts, paving digital footprints, trails of data from our Internet usage, and building pseudo-homes within the terrains of the World Wide Web on social media sites. It is undeniable that social media use is booming. According to Pew Internet Project, as of January 2014, 74% of online adults use social networking sites. When Internet users first make accounts on sites like Facebook, Google Plus, and Twitter, the process is straightforward. However, there is a complicated quandary that is all too often overlooked but demands attention: how to handle these digital outlets when an account-holder dies.
Take a moment and think about your “assets” and everything you “own.” Merriam Webster Dictionary describes an asset as “something that is owned by a person, company, etc.,” and Black’s Law Dictionary defines ownership as “the complete dominion, title, or proprietary right in a thing or claim.” When I was first asked the question above, only tangible items came to mind. I own the bejeweled wrist-watch I purchased with my very first paycheck (which is currently, luckily, in storage), the screen portrait my parents gave to me as an apartment-warming present, and a collection of CDs my older brothers handed down to me from their adolescence. These physical items constitute a small portion of my assets. However, according to some states, the dimensions of my assets are much greater than I ever possibly imagined. Delaware in particular has adopted a new law declaring “digital assets” such as social media accounts as inheritable property.
Digital asset is defined as “content owned by an individual that is stored in digital form.” Since digital assets are not clearly defined, there is an uncertainty in handling digitally acquired assets upon the death of a decedent account holder. When users create online accounts, they must consider the difficult truth that they will eventually pass away. I believe all social media users must take the time to consider how they want their social media accounts to be dissipated at their deaths. Lawyers and the American Bar Association urge digital asset holders to consider planning ahead because of “the uncertainty of existing law, preventing on-line identity theft, and ensuring that the client’s wishes are respected in the disposition of these assets.” Facebook was created to serve as a communication avenue for the living, “[b]ut it has become the world’s largest site of memorials for the dead.”
It must be noted that Facebook users are bound by special contracts known as Service Agreements. When two parties enter into a valid contractual relationship, they are subject to its terms and clauses, which cannot be terminated by unauthorized parties. The court in Register.com, Inc. v. Verio, elucidates this is because the parties who enter into these special online agreements (which can be defined as “shrinkwrap,” “clickwrap,” or “browsewrap”) have provided “[t]he manifestation or expression of assent necessary to form a contract may be by word, act, or conduct which evinces the intention of the parties to contract.” In Fteja v. Facebook, Inc., the court concluded that Fteja, the defendant, ultimately attested to reading and agreeing to terms of the agreement when he clicked the “Sign Up” button. Therefore, he was bound to Facebook’s terms, such as assenting to the forum selection clause. This ruling ultimately stands for the proposition that when users create accounts on sites like Facebook, they enter into irrevocable agreements and consequently assent to the terms of service. Furthermore, account holders are bound to the site’s terms and regulations, and no other party can legally have any effect on the relationship. In relation to the post-mortem issue, specific Facebook terms note that third parties who have not entered into the particular service provider agreement do not have any rights over these accounts. Section 4, “Registration and Account Security”, Point 8 prohibits users from sharing passwords, allowing others to access their accounts, or engage in any other activities that may “jeopardize the security” of their accounts. Point 9 prohibits the transfer of accounts without written permission.
Nevertheless, when a user passes away, Facebook has special provisions, a “Special Request for Deceased Person’s Account” page, in addition to a special page for requesting memorialization of a deceased person’s account. Immediate family members, extended family members, and non-family friends, co-workers, or classmates have the option to request for memorialization or removal of an account, or a special request. However, they cannot legally access the account on their own according to the service agreement terms between the account holder and Facebook. These individuals must provide verification that the person has died with a death certificate, birth certificate, or proof of authority.
Memorialization is the “freezing” of a deceased’s timeline indefinitely. Facebook does not allow others to log into memorialized accounts or modify such accounts. Friends of the deceased can share memories on the memorialized timeline and can send messages to the deceased. Furthermore, memorialized timelines are not publicly accessible to other Facebook members and do not appear on their timelines. Facebook account holders can also manage their settings and request their accounts to be removed or deleted upon their deaths, immediately deleting the entire timeline and contents including messages, photos, and wall posts. The final option Facebook account holders have is to activate the “If I Die” application, which allows them to create a final video or message that is sent to designated persons upon their death. This application is designed to provide closure to individuals who knew the deceased account holder. If a Facebook account holder specifically chooses one of these three options voluntarily, there is very little outsiders can do to interfere. Facebook offers these three options to ensure their users’ digital privacy is secured and protected. Although the removal provisions, memorialization system, and “If I Die” application provide some means for deceased account holders’ loved ones to exercise control over their timelines, they do not offer enough protections for the best interests of the decedent and his or her beneficiaries.
For example, the parents of 15-year old Eric Rash were unable to access their minor son’s Facebook page after his suicide in 2011. His parents sought to better understand their son’s unexpected death through the contents of his site. However, Facebook refused access until their son’s estate was settled because of state and federal privacy laws. Facebook eventually turned over some information from Eric’s page, but his father claimed it was not enough and proclaimed, “I’m still locked out, to this day.” Additionally, some people find the memorialization system to be rather “creepy.” Some people like connecting with those who are no longer alive, but others may find this to be unnatural.
Many believe the Facebook inheritance dilemma will perpetuate “as long as there are no estate laws in place to determine what happens to virtual property left behind by the deceased.” Attorneys like Jim Lamm advise individuals who hold online accounts that they should make determinations on how they want their digital accounts and assets to be divided upon their deaths. Evan Carroll, a co-founder of the blog, The Digital Beyond, which focuses on maintaining your individual afterlife, advises individuals they must take special steps in regards to digital estate planning. Particularly, Carroll advocates for signing up with special digital estate planning services, like SwissDNABank.com, which store data and DNA. Additionally, Carroll explains the need to provide passcodes and usernames to “digital executors” and heirs. However, these plans conflict with Terms of Service Agreements. Section 15, “Termination” of the Facebook Terms of Service Agreement, explains that Facebook will terminate its services if there is a violation of any provisions noted in the Statement. Courts can likely take the same approach as they did with Karen Williams, who accessed her son’s account after he died in a 2002 account. Eventually, Karen Williams sought her son’s password from a friend, however Facebook eventually changed the password because of the ISP agreement her son entered into which prohibited others from accessing his account. Finally, the account was deleted. Therefore, it is possible that these Digital Asset Planning systems may violate of the terms of use, leading to the deletion of accounts.
For all these reasons, we need a uniform law like Delaware’s “Uniform Fiduciary Access to Digital Assets Act,” defining all digital assets as inheritable property (including social media accounts). Under the state law, Section 5002, a “fiduciary” is defined as the equivalent of a beneficiary, a person designated to take control of the particular digital asset or account in question upon the decedent account holder’s death. According to Section 5004, “Control of Digital Accounts and Digital Assets by a Fiduciary,” fiduciaries to an account holder’s estate have the right to take control of whatever property they are entitled to in accordance with state law, federal law, and end user license agreements. Additionally, the Act provides that any provision in an end user license agreement will be invalidated if it places a restriction upon a fiduciary from taking control over particular assets they have been duly assigned (unless the account holder has affirmatively consented to the limitation). Finally, the section states that choice-of law provisions in end user license agreements are unenforceable against fiduciary actions. Section 5005 “Recovery of Digital Assets and Digital Accounts From a Custodian”, elaborates on fiduciaries’ powers, emphasizing that “they have the same access as the account holder.” Fiduciaries are considered to have the deceased account holders’ lawful consent. Therefore they are regarded as “authorized agent[s] or user[s] under all applicable state and federal law and regulation and any end user license agreement.” In fact, the Uniform Laws Commission approved the Uniform Fiduciary Access to Digital Assets Act on July 16, 2014, that will be offered to state legislatures for consideration.
The Delaware law is organized and well drafted with powerful language. However, there are a few pressing issues that need to be addressed, including determining the mechanism that grants Delaware the power to supersede the terms of the contractual end user license agreements entered into between deceased account holders and custodian Internet service providers. According to cases like Register.com, Inc. v. Verio, users are bound to the terms of the agreement they entered into because of their manifestation of intent. However, the cases do not address whether state laws can influence the effect and weight of the service agreements. A second problem with the Delaware law relates to potential future contests arising between a fiduciary and a custodian—will this act’s provisions actually hold up against the designated rights assigned to a provider like Facebook? Additionally, how can the Act effectively promise there will be a dearth of “choice-of-law” disputes between custodians and fiduciaries? Despite the language of the Delaware statute, Facebook’s terms and conditions dictates that litigation will take place in California and will apply California laws. In Fteja v. Facebook, Inc., the court applied the California laws, creating a practical, stable result. Most importantly, the final pressing concern is how the Delaware Law falls into place with federal laws like the Electronic Communications Privacy Act (hereinafter “ECPA”) and the Stored Communications Act (hereinafter “SCA”).
The ECPA’s principle purpose in its enactment is to promote a greater sense of privacy “for materials in which there are greater privacy interests.” The ECPA prohibits individuals, entities, and governmental bodies from accessing electronic communications without proper authorization. The SCA is a subsection of the ECPA, which specifically prohibits the disclosure of stored communications to unauthorized parties. Although the SCA prohibits the disclosure of electronic communications, there are exceptions listed in Sections 2702(b)(1) through (8) and 2703(1)(A) though (E). For example, service providers can release information to third parties with the consent of account holders. Additionally, they are required to provide communications if there is a court order.
However, it must be noted that nearly 35% of Facebook users are under the age of 35, a demographic proven to be less likely to consider death and its consequences. Therefore, they assumedly fail to consider and provide “lawful consent” to a specific authorized party who would be able to seek disclosure of communications in accordance with the SCA. Moreover, younger users likely do not have wills drafted, which would effectively provide consent.
Internet service providers should continue to have the right to maintain control over account holders who provide digital signatures. However, if an account holder dies it should not be so difficult for designated beneficiaries to receive access to accounts and manage them the way they personally desire, including deleting profiles, making the profiles available to the public, or simply having the ability to access information on personal accounts. Websites like Facebook can still keep their privacy terms, but there should be some change to its policies if people write wills or provide clear directives for their account management. Even if there is no “authorized” person or entity designated to take control of the account, it seems likely a deceased account holder’s loved one, relative, or close friend has more of an interest in the property than a corporate Internet Service Provider. Furthermore, Facebook should launch an end-of–life service similar to Yahoo Ending. It would be beneficial for Facebook to strategize a more comprehensive “digital legacy” plan. The most effective solution would be to require all Internet Service Providers to implement systems similar to Gmail’s Inactive Account Manager. Inactive Account Manager offers account holders the option to take specific measures in case their accounts are inactive for a certain period of time. Users have the options to command the account to delete itself; send a notification to another account; or share the account’s information with a specified individual.
More importantly, people of all ages, must take greater precaution and consider their digital assets legacy before death. Certain sites like Twitter are silent as to termination conditions upon an account-holder’s death. However, others, like Apple Inc.’s iTunes, claims no one can inherit a deceased’s iTunes account. One solution recommended by estate attorneys like Naomi R. Cahn is placing licenses and passwords in a trust to allow for account accessibility. Unlike wills, trusts allow for licenses to survive the death of account-holder originators. Wills are also publicly accessible, rendering it dangerous to contain passwords within. Nonetheless, wills are necessary to designate who will inherit or have access to particular accounts that may or may not be covered within the listed assets of a particular trust. Individuals should register for sites like SwissDNABank.com and SecureSafe as a precaution. Additionally, all lawyers must remind individuals who draft wills that they must detail the distribution of their specific digital assets. Testators can either designate a separate different digital executor or appoint the the same executor as the rest of the physical estate.
Additionally, parents and guardians should speak to younger children to enlighten and allow them understand the potential problems that can arise if they do not plan accordingly. They should explain, in particular, the consequences of information mismanagement: privacy concerns of information posted on accounts would not be protected; important information could either be lost indefinitely or publicly displayed involuntarily. The memorialization, account removal process, and “If I Die” applications should be explained. Furthermore, guardians should ask younger individuals to name authorized parties to serve as substitutes in case specific information must be retrieved from a particular account. Such conversations especially concern guardians and children over thirteen years old who are not protected by the Children’s Online Privacy Protection Act (hereinafter “COPPA”). COPPA allows for parents to control and access all of their children’s (under the age of thirteen) online communications.
More importantly, the ECPA should be amended to include an exception outlining the procedure in cases where people die and hold stored communications online. The scope of “authorized” individuals can be expanded to testate and intestate beneficiaries. When the ECPA was enacted in 1986 it can be assumed that drafters did not consider new technologies like social media sites and their potential impact on society. The Senate Report explicitly notes, “Most importantly, the law must advance with the technology to ensure the continued vitality of the Fourth Amendment.” Because the Internet is constantly evolving, it is important to revise laws when there is a recognized need to modernize. Another problem with the ECPA is that it does not mention how to address state laws that can potentially conflict. According to the court in Bunnell v. Motion Picture Ass’n of America, the ECPA effectively preempts all state law claims. Even where a specific legislative text fails to expressly indicate preemption, “Congress’ intent to preempt an entire field of state law may be inferred.” Courts consistently preempt state law claims in connection with the ECPA based on the rationale that the statute is so comprehensive, that it regulates both private party conduct and law enforcement conduct. Even if the majority of states adopt digital asset inheritance laws, “online services might well evade the reach of any particular state’s law by housing the assets on servers located in states that do not protect the ability of users to assign access to fiduciaries.”
I believe the amendment to the ECPA should take effect in 18 U.S.C. § 2702(b) (1986). Currently, this particular section provides exceptions for disclosure, allowing “provider[s]” the right to unveil their communications in certain situations. A ninth subsection should be added that addresses the problem of allocating digital assets and accounts at a decedent communicator’s death. The particular provision should allow personal representatives of the decedent account holder to have access to the communications. Here is the proposed language: “(b) Exceptions for disclosure of communications.—A provider described in subsection (a) may divulge the contents of a communication— (9) to a decedent account holder’s assigned personal representative or estate executor.”
An additional proposal would be to include another amendment that explicitly allows state digital inheritance laws to prevail without being preempted in this particular context. Furthermore, the ECPA must address Digital Estate Planning, and it would be beneficial to add an additional provision granting Digital Estate Planning sites the ability to access particular communications if directed by the accountholder (but only after he or she passes away). Most importantly, there should be a mandate for a special committee to review the terms of the ECPA every few years, because of the ever-changing nature of the technology content it controls. The language should be drafted broadly to evolve as necessary, however technology cannot be anticipated. Therefore, the ECPA will need to be revised occasionally to embrace changes in the technological world.
At the moment, it appears that social media account-holders who die before terminating their accounts are trapped in a form of online purgatory. They focus their attention on creating accounts that document their lives, but fail to consider the aftermath once they die. People forget that what they create and possess online does not
dissipate at their death. In the meantime, before any particular law is passed, it is necessary for digital account users to consider the inevitable and form a plan detailing their digital asset and account distribution. If not, users run the risk of remaining stuck online.