By Kevin Frazier*
I. Introduction
American users of cloud providers, social media services, or other digital content providers place the value of their digital assets at $55,000, on average.[1] However, property law has yet to undergo a commensurate transformation to provide ownership rights over digital assets.[2] Generally, digital assets refer to the accounts, documents, information, records, photos, and other media accessible through an electronic device.[3]
Despite users feeling as though they own and control their digital assets, the law has left these assets in a perilous position. State law in California exemplifies how the current legal framework in most states excessively defers to providers in the determination of how to distribute a user’s digital assets.
II. The Current Legal Framework to Access Digital Assets Fails Californians
By 2100, millions of Californians will be among the 4.9 billion deceased individuals with social media accounts held by private entities.[4] Absent reform, those mourning their lost loved ones will have few means to locate and obtain the digital assets left behind.[5] Under current California law, digital assets do not explicitly constitute property and may not, therefore, be passed down through the intestate proceedings.[6] This is a regrettable omission given the ever-expanding importance of digital assets to their owners.
A confusing combination of federal, state, and private laws makes accessing a decedent’s digital assets difficult.[7] For example, each state has an anti-hacking statute, which complicates accessing the account of a decedent.[8] That’s why, in part, California, along with 45 other states, passed the Revised Uniform Fiduciary Access to Digital Assets Act (“RUFADAA”)[9] to govern how fiduciaries may access this increasingly prevalent asset class.[10] The California version of RUFADAA (“California RUFADAA”) provides,[11] through new California Probate sections 870-884,[12] nearly all the protections and assurances as the Uniform Law Commission’s version of RUFADAA. However, the California legislature, in the same way as other states, made certain changes to its version. Additional changes must occur to decrease the barriers to fiduciaries accessing the digital assets of decedents.
Online service providers or custodians have their own terms of service agreements (“TOSA”) that thwart the purpose of RUFADAA.[13] Many TOSA treat content, such as photos, files, and documents, created by the user as the property of the user.[14] However, providers specify in their TOSAs that the account itself, which stores the user’s content, remains in their control;[15] TOSAs often have provisions that prevent the transfer of rights with respect to a decedent’s account.[16] Many providers even retain the authority to delete accounts at any time.[17]
Federal laws also “pose legal obstacles” in an executor’s attempt to gain access to a decedent’s online accounts.[18] The Stored Communications Act (“SCA”) represents one such federal barrier. It criminalizes the intentional access to “a facility through which an electronic communication service is provided” without authorization.[19] A provider may disclose the contents of a communication with “the consent of the originator or an addressee or intended recipient of such communication[.]”[20] Content includes the text of emails as well as social media accounts.[21]
The Computer Fraud and Abuse Act (“CFAA”) bans “unauthorized access to computers.”[22] Unauthorized access includes anyone other than an account owner accessing the online account in violation of the provider’s terms of service agreement.[23] If an executor found a decedent’s password and used it to access their accounts, the executor may have violated federal law. Neither the SCA nor the CFAA explicitly addresses what happens when a user dies.
Reforms at the state level have tried to lower these federal barriers. Kansas took the step of explicitly defining property to include digital assets because legislators there regarded RUFADAA’s treatment of digital assets as property as insufficient to ensure fiduciaries could access digital assets as they would any other property under intestate succession.[24] That clarification is an important one. Probate laws generally differentiate between intangible property interests in a copyright and tangible property;[25] the former may be passed separately from the tangible property under a will or a state’s intestate succession laws.[26] These reforms may not go far enough, though.
If California (and any other state that has passed a version of RUFADAA) wants to ensure that providers do not exercise undue control over the digital assets of descendants, then the legislature should enact the amendments detailed below.
III. How RUFADAA Works
RUFADAA allows fiduciaries to access a deceased user’s online accounts hosted by a custodian.[27] A “user” is “a person that has an account with a custodian.”[28] A “custodian”, or provider, is “a person that carries, maintains, processes, receives, or stores a digital asset of a user.”[29] And, digital asset “means an electronic record in which an individual has a right or interest.”[30] Custodians may offer “online tools” for users to set forth directions for the disclosure of digital assets to a third person.[31]
If a custodian does provide an online tool, then the directions established by the user to distribute their assets carry legal force and take priority over any other instructions.[32] If an online tool is not available or used, then the user can set forth legally-binding instructions in their will.[33] If the user has not provided any directions via an online tool or will, then the provider’s TOSA governs.[34]
RUFADAA lacks sufficient guidance to remedy all the issues associated with fiduciary access to digital assets.[35] The scope of fiduciary powers to manage the digital assets of decedents needs clarification.[36] The unchecked discretion of providers to delete accounts, to require court orders to access deceased users’ digital assets, and to specify the manner in which they’ll disclose any digital assets creates costly uncertainty and “administrative delays” for fiduciaries.[37]
These issues could be ameliorated, in part, by making it easier for users to use online tools and by granting more finality to the determinations made in those tools. Yet, only a few providers offer online tools.[38] And, the users who do discover these tools may have to go through a number of steps to outline their directions for the distribution of their digital assets.[39]
Even in the case of a decedent using an online tool, the fiduciary must get through several barriers to access the user’s content. RUFADAA requires that they (1) send a request to the custodian, (2) provide the custodian with a copy of the user’s death certificate, and, (3) provide the custodian with documentation of their authority.[40] And, at the custodian’s discretion, the fiduciary may have to obtain a court order finding that the administration of the estate reasonably necessitates disclosure of the user’s digital assets.[41] Custodians exercise this discretion despite having protection against any liability for actions taken while complying with RUFADAA.[42]
As discussed above, many providers also may delete an account at their discretion, despite recognizing that users have a property interest in those accounts. The ability of providers to take such action contradicts their own declarations related to the user’s retention of ownership of their content.[43] There’s also a strong argument that providers that exercise this discretion violate all wills that include residuary clauses, “which transmit any items, such as digital assets, not specifically mentioned to named beneficiaries.”[44]
IV. Possible Amendments to California RUFADAA
Amendments to California RUFADAA can resolve many of these issues. Click here for an example of possible amendments. First, RUFADAA must clarify the rights of fiduciaries with respect to the digital assets of the decedent and use constant terminology through the Act to refer to those rights.[45] The fact that these changes would it easier for fiduciaries to control and manage the digital assets would align with the purpose of the act, which Professor Patricia Sheridan derived from the Prefatory Note and summarized as “to give fiduciaries the legal authority to manage digital assets in the same way they manage tangible assets.”[46]
Second, RUFADAA should require service providers to offer online tools to users. Additionally, providers should obligate users to complete the online tool prior to the user receiving access to the provider’s service. A higher rate of completion of these online tools would significantly reduce the barriers to accessing the digital assets of decedents.
Third, RUFADAA should pare down the discretion of providers to delete accounts and require court orders to exercise otherwise authorized access to the content of a deceased user. Under current law, this discretion has few limits. For example, providers can mandate a court order even when a fiduciary can show that the decedent provided explicit instructions in their will to allow the disclosure of their electronic communications.[47]
Fourth, clarify under RUFADAA and the civil code in general that personal property must expressly include digital assets. The latter clarification requires legislative action outside the scope of the sample amendment below but merits concomitant attention. Following the lead of reformers in Kansas, California should amend its definition of property to state the following:
“Personal Property” includes money, goods, chattels, evidences of debt and things in action, and digital assets as defined in California RUFADAA.
This definition would guarantee that digital assets would receive the same treatment as traditional property in the context of intestate succession. Additional research should take place prior to this possible legislative step. For instance, Californians deserve to know whether such a change to the Civil Code would subject their digital assets to remedies other than those spelled out in contracts and in statute. Hopefully, legislators can pursue this research and, subsequently, amend the Civil Code alongside updates to RUFADAA.
The former clarification can also take place in this reform of RUFADAA. An amendment that specifies that personal property includes digital assets will ensure that Californians unable to make use of online tools will have some assurance that their digital assets will pass down pursuant to their wishes or intestate succession. These dual efforts to categorize digital assets as personal property will create beneficial redundancy in the law.[48] In the event both pass, the legislature will have made clear their intent to treat digital assets as personal property.
V. The Path to Amending California RUFADAA
To amend California RUFADAA legislators and advocates will have to anticipate and circumvent several barriers. RUFADAA’s status as a uniform law presents the first barrier. States legislators receive guidance from the developers of uniform laws to adopt them in their entirety “with as few changes as possible.”[49] Still, RUFADAA’s status as a uniform law has not previously stopped California legislators from modifying it. California adopted a version of RUFADAA with several amendments, omitting whole parts from the final Act.[50]
Opposition from Internet service providers (“ISPs”) and privacy advocates represents another barrier. These groups have at times been on the same side in opposing laws intended to lower barriers to granting third parties control over the accounts of a decedent.[51] For example, they managed to nudge the Uniform Law Commission to remove text from an earlier draft that allowed fiduciaries to “access” the digital assets of the decedent.[52] Tech companies in California have shown a willingness to thwart efforts by Californians and their elected officials to add new responsibilities to their operations.[53]
While other states with versions of RUFADAA should analyze the amendments below, legislators in California have additional reasons to consider them because California RUFADAA has not lived up to expectations. State legislators avoided passing several other pieces of legislation because they worried that executors would have to jump through too many hoops to control and manage digital assets. California Assembly Member Ian Calderon initially introduced model legislation that would have “require[d] a probate court to order a [provider] to disclose to the executor [] a record of other information pertaining to the deceased user, but not the contents of communications or stored contents.”[54] By eventually passing the California RUFADAA, the legislature signaled a desire to create an easier process through which digital assets of deceased users could be disclosed to fiduciaries.
The “clear path” that legislators wanted to pave has been cluttered by court orders demanded by providers. That’s why the amendment outlined above makes three key changes: (1) clarifying language that providers could cite as a reason for delaying the production of digital assets; (2) insisting on a default setting for disclosure of digital assets by mandating that providers offer online tools; and, (3) raising the threshold for when a provider may request a court order. Californians deserve these amendments to become law.
* Kevin Frazier is a Fellow at the Miller Institute for Global Challenges and the Law at the UC Berkeley School of Law.
[1] McAfee Reveals Average Internet User Has More Than $37,000 in Underprotected ‘Digital Assets’, Business Wire, https://bwnews.pr/3AwRwY0 (last visited Jan. 25, 2022).
[2] See generally Sjef van Erp, Ownership of digital assets?, 5 Euro. Prop. L.J. 73 (Aug. 2016).
[3] See Patricia Sheridan, Inheriting digital assets: does the revised uniform fiduciary access to digital assets act fall short?, 16 ISJLP 363, 364-65 (adding online credit and bank accounts, cloud storage accounts, and digital music subscriptions among the things commonly considered to be “digital assets,” while noting that “no single definition” exists.).
[4] See Carl J. Ohman & David Watson, Are the dead taking over Facebook? A Big Data approach to the future of death online, Big Data & Society (2019), available at: https://journals.sagepub.com/doi/full/10.1177/2053951719842540.
[5] Sheridan, supra note 3, at 364 (“Dealing with digital property after the account owner’s death has emerged as an important issue for state legislatures, online service providers, and the family members of those individuals who maintain an online presence.”).
[6] Cal. Prob. Code § 62 (2018).
[7] Sheridan, supra note 3, at 364.
[8] Computer Crime Statutes, NAT’L CONFERENCE OF STATE LEGISLATURES (Feb. 24, 2020), http://www.ncsl.org/research/telecommunications-and-information-technology/computer-hacking-and-unauthorized-accesslaws.aspx [https://perma.cc/3PQX-X2JS].
[9] Revised Uniform Fiduciary Access to Digital Assets Act (2015), NAT’L CONFERENCE OF COMM’RS ON UNIF. STATE LAWS (Mar. 8, 2016), http://www.uniformlaws.org/shared/docs/Fiduciary%20Access%20to%20Digital%20Assets/2015_RUFADAA_Final%20Act_2016mar8.pdf [https://perma.cc/7EFY-Y5WR] [hereinafter “RUFADAA”].
[10]Access to Digital Assets of Decedents, NAT’L CONFERENCE OF STATE LEGISLATURES (Jan. 24, 2021), available at: https://www.ncsl.org/research/telecommunications-and-information-technology/access-to-digital-assets-of-decedents.aspx (listing the states that have passed RUFADAA).
[11] 2016 Cal. Stat. Ch. 551, § 1 (AB 691) (effective Jan. 1, 2017).
[12] Cal. Prob. Code §§ 870–884 (2017) [hereinafter “California RUFADAA”].
[13] See Sheridan, supra note 3, at 364.
[14] See id. at 373-74 (enumerating the social media companies with TOSA that regard certain content as the property of the user).
[15] Ashley F. Watkins, Digital Properties and Death: What Will Your Heirs Have Access to After You Die?, 62 BUFFALO L. REV. 193, 216 (2014).
[16] See Sheridan, supra note 3, at 375-76.
[17] See id. at 376 (detailing the provisions of several providers).
[18] Id. at 366.
[19] Electronic Communications Privacy Act of 1986, Pub. L. No. 99-508, 100 Stat. 1848, at § 2701(a) (2012) (codified as amended at 18 U.S.C. §§ 2510-22, 2701-12, 3121-27).
[20] 18 U.S.C. § 2702(b)(3) (2012).
[21] See Sheridan, supra note 3, at 371.
[22] 18 U.S.C. § 1030 (2012).
[23] Id.
[24] K.S.A. 77-201 Ninth.
[25] Jonathan J. Darrow & Gerald R. Ferrera, Who Owns A Decedent’s E-Mails: Inheritable Probate Assets or Property Of The Network?, 10 N.Y.U. J. LEGIS. & PUB. POL’Y 281, 286-87 (2007).
[26] Natalie M. Banta, Death and Privacy in the Digital Age, 94 N.C. L. REV. 927, 988 (2016).
[27] RUFADAA, supra note 9, § 2(10).
[28] California RUFADAA, supra note 12, § 871(v).
[29] Id. § 871(f).
[30] Id. § 871(h); note that this definition excludes digital assets created in an employment setting because the individual would not have a right to that electronic record. See, e.g., Solomons v. United States, 137 U.S. 342, 346 (1890) (“If one is employed to devise or perfect an instrument, or a means for accomplishing a prescribed result, he cannot, after successfully accomplishing the work for which he was employed, plead title thereto as against his employer. That which he has been employed and paid to accomplish becomes, when accomplished, the property of his employer.”).
[31] Id. § 2(16).
[32] Id. § 4(a).
[33] Id. § 4(b).
[34] Id. § 4(c).
[35] Sheridan, supra note 3, at 377.
[36] Id.
[37] See id. at 377-78.
[38] See id. at 370 (outlining the online tools of Google and Facebook).
[39] See id.
[40] RUFADAA, supra note 9, §§ 7, 8.
[41] Id. §§ 7(5)(D), 8(4)(D).
[42] Id. § 16.
[43] Sheridan, supra note 3, at 377.
[44] Id. at 377 (citing David Horton, Contractual Indescendibility, 66 HASTINGS L.J. 1047, 1052 (2015)).
[45] See id. at 379.
[46] See id. at 379 (citing RUFADAA Prefatory Note).
[47] RUFADAA, supra note 9, § 7(5)(C).
[48] See John M. Golden, Redundancy: When Law Repeats Itself, 94 Tex. L. Rev. 629, 630 (“[A]nti-redundancy principles should generally be contextually confined to condemnation of excessive or otherwise problematic redundancy, rather than redundancy per se.”).
[49] Linda D. Jellum, Mastering Legislation, Regulation, and Statutory Interpretation at 253 (3d, Carolina Academic Press) (2020).
[50] Michael T. Yu, Towards a New California Revised Uniform Fiduciary Access to Digital Assets Act, 39 Loy. L.A. Ent. L. Rev. 115, 143 (2019).
[51] See Sheridan, supra note 3, at 368.
[52] Id. at 378-79.
[53] Brian Chen & Laura Padin, PROP 22 WAS A FAILURE FOR CALIFORNIA’S APP-BASED WORKERS. NOW, IT’S ALSO UNCONSTITUTIONAL, NELP (2021), available at: https://www.nelp.org/blog/prop-22-unconstitutional/.
[54] Cal. Leg., Assemb. B. No. 691 (2015-2016 Reg. Sess.) as introduced Feb. 25, 2015.
