[Title]

Committee: Judiciary

Analysis as reported from committee (11-6-14)

BRIEF SUMMARY: The bills amend various sections of the Estates and Protected Individuals Code (EPIC) to allow access to digital assets by conservators, trustees, personal representatives, and agents of durable powers of attorney.

FISCAL IMPACT: The bills would have an indeterminate fiscal impact on the judiciary and local court funding units. The fiscal impact would depend on how the provisions of the bills affect caseloads and related administrative costs.

THE APPARENT PROBLEM:

At one time, bills were paid in cash or by check through the mail. Receipts and records were stored in a file cabinet or desk drawer; photographs carefully placed in albums or tossed in a box to be organized later; and correspondence conducted by handwritten or typed letters or cards. When a loved one died or was suddenly incapacitated by illness or injury, family or friends could step in, locate bills that needed attention, identify investments and savings, or retrieve precious photographs and letters.

Increasingly, however, both personal and professional business are conducted electronically, with shopping done and receipts stored online, photos stored online, and correspondence conducted via e-mail and various social media networks such as Facebook and Twitter—all protected by passwords and/or encryption with strict use-of-terms service agreements that, to protect privacy, prohibit access to the accounts by anyone other than the authorized user. In some circumstances, state and federal laws make unauthorized access to electronic accounts a criminal offense, and prohibit online service providers from disclosing information stored in online formats.

One unintended consequence of the online privacy protection policies of service providers and the protections in state and federal law is that those same accounts cannot easily be accessed, or accessed at all, by a spouse, family member, friend, legal guardian or conservator, trustee of a trust, agent of a power of attorney, or person authorized to execute a will when the owner of the account dies or becomes legally incapacitated. Simply speaking, laws have not kept up with technology.

Currently, federal and most state laws do not treat digital assets in the same manner as physical property. According to one news article, even if people share their passwords or include a clause in a will authorizing another person to access online accounts, doing so may violate a service provider's terms of service, subject the service provider to penalties if they allow such access, or inadvertently trigger criminal charges for the user of the password. [Fowler, Geoffrey A. (Jan. 5, 2013). Life and Death Online: Who Controls a Digital Legacy? Wall Street Journal.]

Part of the problem appears to stem from the lack of a legal framework that would allow one person to authorize another to have full access to digital assets in the same manner as physical or tangible property and allow online service providers to honor access by that authorized person to the various accounts.

Only a handful of states currently have laws allowing access by a designated beneficiary to a person's digital accounts, but most of those laws allow access only by the personal representative (executor) of a deceased person's estate and restrict access to only certain types of digital assets. This past August, Delaware enacted the Fiduciary Access to Digital Assets Act, the most comprehensive state law to date granting access and authorization for all types of digital assets by trustees, guardians, and agents under a durable power of attorney, in addition to personal representatives of deceased persons' estates. The Delaware law, which will take effect at the beginning of 2015, is based on an early draft of a uniform model act developed by the Uniform Law Commission, National Conference of Commissioners on Uniform State Law (NCCUSL).

The model act, known as the Uniform Fiduciary Access to Digital Assets Act (UFADAA), would, according to the online from the Uniform Law Commission, provide "people the power to plan for the management and disposition of their digital assets in the same way they can make plans for their tangible property: by providing instructions in a will, trust, or power of attorney." Should a person die intestate (without a will), the UFADAA would enable the same fiduciary appointed by the court to handle the person's physical property to also manage the disposition of the digital assets.

Many believe that Michigan should amend existing probate laws that currently deal only with tangible property after death or incapacitation to enable residents to plan also for the management of their digital assets. However, rather than adopt the UFADAA as a whole, as a stand-alone act, some recommend that relevant sections of the state Estates and Protected Individuals Code be amended in order to tailor provisions to the needs of Michigan residents. A series of bills that would incorporate provisions of the uniform model act into the state's existing probate law has been introduced.

THE CONTENT OF THE BILLS:

The bills incorporate provisions similar to ones contained in the model act offered by the National Conference of Commissioners on Uniform State Laws (NCCUSL), entitled the "Uniform Fiduciary Access to Digital Assets Act." Both the model act and the bill package would give people the ability to plan for the management and disposition of their digital assets similarly to tangible assets such as a home or investments via instructions in a will, durable power of attorney, or trust, or to a conservator.

Generally speaking, House Bill 5368 defines several new terms and House Bills 5366-5367 and 5369-5370 amend in a similar manner sections of EPIC pertaining to conservators, personal representatives, agents appointed under a durable power of attorney (DPOA), and trustees.

On receipt of a written request by a conservator, personal representative, trustee, or attorney-of-fact under a DPOA (hereinafter "representative") for access to, ownership of, or a copy of digital property, a digital custodian (such as a social media site) must provide the representative with the requested access, ownership, or copy, as applicable. The written request must be accompanied by a copy of the appropriate document that grants the representative power over digital property (e.g., a copy of the DPOA).

A digital custodian has 56 days to comply with the request after receiving it. If the digital custodian fails to comply within that time period, the representative may petition the court for an order directing compliance. A digital custodian would not be liable for an action carried out in compliance with this provision.

Further, under House Bills 5366 and 5367, subject to applicable state and federal law, including copyright law and terms-of-service agreements, with respect to a decedent's or protected individual's digital property, a conservator or personal representative would have the lawful consent of the decedent or protected individual and would be an authorized user under all applicable state and federal statutes. A person interested in the estate or in the welfare of the protected individual could petition a court to limit or eliminate a personal representative's or conservator's power over digital property. A hearing date on the petition would then have to be scheduled within 14 to 56 days of the petition's filing.

House Bill 5368 would amend EPIC (MCL 700.1103 et al.) by adding numerous definitions, including the following:

§ "Digital asset" means electronic information created, generated, sent, communicated, received, or stored by electronic means on a digital service or digital device. Digital account includes a username, word, character, code, or contract right under a terms-of-service agreement.

§ "Digital custodian" means a person that electronically stores digital property of a digital account holder or otherwise has control over digital property of the digital account holder.

§ "Digital property" means the ownership and management of and rights related to a digital account and digital asset.

§ "Digital service" means the delivery of digital information, such as data or content, and transactional services, such as online forms and benefits applications, across a variety of platforms, devices, and delivery mechanisms, such as websites, mobile applications, and social media.

§ "Digital account" means an electronic system for creating, generating, sending and receiving, storing, displaying, or processing electronic information that provides access to a digital asset or a digital service.

§ "Electronic information" would include data, text, images, sounds, audiovisual works, codes, computer programs, software, and databases.

§ "Electronic record" means electronic information inscribed on a tangible medium or stored in an electronic or other medium and retrievable in a perceivable form.

House Bill 5366 adds and amends provisions pertaining to conservators (MCL 700.5407 et al.). Subject to state and federal law, including copyright law, and the applicable terms-of-service agreement, a conservator would have the power to exercise control over digital property, exercise a right in digital property, or change a governing instrument affecting the digital property of the protected individual.

House Bill 5367 adds and amends provisions pertaining to personal representatives of deceased persons (MCL 700.3709 et al.) In addition to the above provisions, the bill specifies that a personal representative has the right to, and if necessary for purposes of administration, exercise control over the decedent's digital property. The written request for access to, or control of, digital property would be conclusive evidence in any action that the access to and/or control of the digital property by the personal representative is necessary for purposes of administration.

House Bill 5369 adds and amends provisions pertaining to an attorney-of-fact under a durable power of attorney (MCL 700.5501 et al.). The bill also specifies that unless provided in the DPOA or by court order and subject to state and federal law, including copyright law, and the applicable terms-of-service agreement, the attorney-in-fact could not exercise control over, exercise a right in, or change a governing instrument affecting the digital property. This provision would apply only to a DPOA executed on or after October 1, 2014.

House Bill 5370 adds and amends provisions pertaining to trustees (MCL 700.7817 et al.). The bill would specify that the powers of a trustee would include exercising control over and rights in digital property according to the terms of the trust, subject to state and federal law, including copyright law, and the applicable terms-of-service agreement.

BACKGROUND INFORMATION:

The full text of the Uniform Fiduciary Access to Digital Assets Act, as well as a prefatory note and comments that explain the act in more detail, can be obtained by contacting the National Conference of Commissioners on Uniform State Laws, 111 N. Wabash Avenue, Suite 1010, Chicago, IL 60602; by phone – 312-450-6600; or online at www.uniformlaws.org.

What can a person do now?

Until state and federal laws "catch up" with technology, and provide the legal framework by which designated fiduciaries may access a person's digital assets, and online service providers able to provide such access without running afoul of privacy protections contained in federal law and in terms of service agreements, the following tips offered by one of the attorneys who authored the NCCUSL Uniform Fiduciary Access To Digital Assets Act may be useful (italics added for emphasis):

First, you should make a list of your valuable or significant data, online accounts, and digital property. This could be a written list or an electronic list stored in your smartphone, in your computer, or in an online account. Make sure to indicate where each account or digital property item is located, how to access it, and why it's valuable or significant to you. And, make sure to keep the list up-to-date.

Second, if you have been storing valuable or significant data exclusively in online accounts (for example, your digital photos), it's important to regularly back up that data to local storage media—to your computer's hard drive, a USB flash drive, a CD, a DVD, etc.—so that your fiduciaries and family members will have access to that data without the additional obstacles that online accounts have. One obstacle that could be avoided is the Stored Communications Act, also known as the Electronic Communications Privacy Act, which creates privacy rights to protect the contents of certain electronic communications and files from disclosure by a provider of an electronic communication service or a remote computing service, unless an exception is met under that law. A second obstacle that could be avoided is a potential criminal charge for "exceeding authorized access" to online accounts, under federal or state laws, if a fiduciary or family member violates the access rules of that account's Terms of Service agreement. Some service providers prohibit you from sharing your password or allowing anyone else to access your account, but other providers do not have these prohibitions. It's important to read the Terms of Service agreement before attempting fiduciary access to an online account.

Third, you should contact your estate planning attorney to include plans for your digital property in your estate plan. Make sure your estate plan specifies your wishes about your property and appoints a fiduciary to act on your behalf with respect to all of your property, including your digital property, during incapacity and after death. This may include preparing a durable power of attorney, a will, and a revocable living trust (if appropriate for your situation). You should contact an estate planning attorney who is licensed to practice in your state concerning your own situation and any specific tax or legal questions that you may have. And, make sure that your estate planning documents explicitly authorize the companies that hold your electronic data to release that data to your fiduciaries during your incapacity and after your death, which is important for the Stored Communications Act's privacy protections.

This information was provided by James D. Lamm, Esq., estate planning and tax attorney of the Minneapolis law firm Gray Plant Mooty, in a September 10, 2014 blog post under Estate Planning for Passwords and Digital Property and entitled "Video Clip: Family Wants Access to Son's Digital Data After Death", available at http://www.DigitalPassing.com/

ARGUMENTS:

For:

In essence, the bills establish a mechanism by which a designated person could "stand in the shoes" of a digital account holder and have all the same rights of access to digital assets as the account holder (subject to the bills' limitations or restrictions specified by the account holder). By amending the Estates and Protected Individuals Code (EPIC), the bills custom-tailor provisions suggested by the Uniform Law Commission in the NCCUSL model act to fit the needs of Michigan residents. Accounting for the management of digital assets after death or incapacitation is a natural outflow of centuries of estate law directing the outcome of personal property.

Increasingly, people are living lives in a digital world. From personal correspondence to photographs to business dealings, the stuff of life is taking place electronically. But what happens to the digital data when the account user dies or, due to injury, age, or illness can no longer manage online accounts? That is where experts say state and federal law becomes murky and needs expeditious updating.

For instance, when 20-year-old Michigan-native Justin Ellsworth died in Iraq ten years ago from a roadside bomb while serving in the Marine Corp as a demolition expert, Yahoo denied his family access to Justin's email account passwords under terms of its service agreement that all users must agree to. At that time, Yahoo required certain court documents that would verify family members' identities and relationship to Justin. However, it was Yahoo's policy to delete accounts after 90 days of inactivity. If his family could not have provided such documentation within the 90 days, Justin's emails would have disappeared. This is hardly enough time, some claim, for a grieving family member to hire a lawyer and go to court to obtain access to online accounts that, within such a short time frame, may not even be known to exist.

Fast forward to 2014, ten years after Justin Ellsworth died, and there are news reports of a Minnesota family struggling to gain access to the text messages, e-mails, and social media accounts of their deceased 19-year-old son. And in Canada, where lawful access to digital accounts by other than the account holder is similar, reportedly, the family of a deceased Toronto teenager recently watched hopelessly as some online accounts automatically shut themselves down, deleting the teen's data forever.

But it isn't just access to the emails or Facebook account of a lost child that are at issue; spouses, adult siblings and children, caregivers, business partners, and so on are, for the most part, unable to access certain personal and business online accounts when the account holder dies or becomes incapacitated. Even if the account holder provided passwords for use in such a scenario, or a forensic computer expert was hired to retrieve passwords or break encryptions, the use of those passwords to access certain types of online data may be prohibited by a service provider's Terms of Use agreements or may be a criminal offense under laws intended to protect the privacy of individuals and to protect against criminal activity such as cyber stalking. In addition, online service providers are prohibited under certain federal laws from releasing access to stored data, as well as restricted by provisions in their own user agreements from providing passwords to unauthorized users.

House Bills 5366-5370 would address the issue by providing a legal framework, subject to other relevant state and federal laws (including copyright laws) and applicable terms-of-service agreements, for a person to include in a will, a trust, or a durable power of attorney authorization for an online service provider to allow a designated beneficiary access to the digital assets. Similarly, the bills would also allow a court-appointed fiduciary (such as a conservator appointed to manage the affairs of an incapacitated or protected individual) to access the person's online accounts.

Moreover, under the bills, blanket access to digital assets would not have to be given unless that is what the person intended. The bill language would allow the individual, or the court, to limit access to only those accounts or data within an account necessary to manage the person's estate or affairs. If a person wished that contents of emails or private sections of social media accounts or even content on a laptop remain private, it would be possible to provide such restrictions in the will, trust, or DPOA. Online service providers, referred to in the bills as "digital custodians," would not be liable in a lawsuit if they released data in compliance with the bills.

Response:

Some feel that adopting a model act is the better way to go rather than amending numerous separate provisions in EPIC. Then, all provisions pertaining to digital access, whether a will, trust, or power of attorney, would be concentrated in one place. That would make it easier for attorneys and clients when planning a client's estate rather than making them hunt for the applicable provision or provisions in a very large statute. A single stand-alone act is also easier to tweak or amend when changes in technology or law makes it necessary rather than amending numerous provisions scattered throughout EPIC.

Further, critics say, the bill package in its current form fails to address several important issues, such as the following:

§ Specifically allow fiduciary access to digital assets stored on electronic devices, such as a laptop, cellular phone, tablet device, etc.

§ Include fiduciary access by a guardian appointed under the Mental Health Code for a person with a developmental disability, a guardian for a minor if no conservator had been appointed, or a parent for a minor child if no other guardian had been appointed.

§ Include fiduciary access by an agent of a nondurable power of attorney.

§ Perhaps most importantly, the bills should void a provision in a terms-of-service agreement that limits a fiduciary's access to the digital assets of the account holder as being against the strong public policy of the state.

Few people read, let alone understand, the lengthy, legalese-filled terms-of-service agreements when downloading an application or setting up a social media or other online account. A terms-of-service agreement should require an account holder to knowingly opt out of allowing fiduciary access to digital assets. Otherwise, an agreement that automatically restricts any third-party access to the digital assets should be rendered unenforceable and access granted to those who can prove fiduciary designation via the specified court documents. Without such a provision, a digital custodian, through a terms-of-service agreement, could continue to deny access to a person that the account holder expected to have access under a will or other applicable instrument. As a result, many who thought they had adequately provided for the management of their digital assets under the bill package could be misled and their loved ones or other appointed beneficiary still denied access.

To that end, some feel that a Michigan-specific model act proposed by the Probate and Estate Planning Section of the State Bar of Michigan and Elder Law and Disability Rights Section of the State Bar of Michigan (Michigan Fiduciary Access to Digital Assets Act), or even the NCCUSL model act, would be a more comprehensive approach that should ensure that the intentions of Michigan residents are fulfilled upon death or incapacitation.

Against:

Privacy interests of account holders should be recognized. For example, a state or federal law should not set the default privacy at zero, according to committee testimony submitted by a trade association representing the interests of e-commerce and online businesses. Account holders may not expect all their private communications, including emails, texts, and instant messages, to become public after they die. And those who had previously communicated with that person also would not expect their emails or messages to be shared with others, especially if they were of an intimate or embarrassing nature. Moreover, federal law limits the ability of certain digital custodians to disclose stored communications, even to fiduciaries. Thus, a state law that forces such disclosure appears to conflict with provisions of federal statutes.

This doesn't mean the law doesn't need updating. It means that legislation shouldn't be rushed, and the privacy interests of the deceased or incapacitated, as well as those with whom they had communicated, need to be balanced with the need of the fiduciaries to perform their administrative duties.

POSITIONS:

The Michigan Bankers Association indicated support for the bills. (9-18-14)

The Probate and Estate Planning Section of the State Bar of Michigan and Elder Law and Disability Rights Section of the State Bar of Michigan both support the notion of a Fiduciary Access to Digital Assets law for Michigan but believe that the law could be improved and made more robust with some changes. (11-3-14)

The Supreme Court Administrative Office indicated a neutral position on the bills. (9-18-14)

Net Choice, a trade association for e-Commerce and online businesses, opposes the bills as written. (11-3-14)

Legislative Analyst: Susan Stutzky

Fiscal Analyst: Robin Risko

■ This analysis was prepared by nonpartisan House staff for use by House members in their deliberations, and does not constitute an official statement of legislative intent.