Once again this year, the General Assembly seeks to enact a bill to permit fiduciaries access to digital assets. The earlier effort was based on the original Uniform Fiduciary Access to Digital Assets Act drafted in July 2014 (“UFADAA”). This initial effort sought to place the fiduciary in the shoes of the accountholder for all purposes. UFADAA was drafted with participation from Facebook, Google, Yahoo, Microsoft and others in the industry. Nevertheless, the industry objected to the approach taken in the Uniform Act, raising issues of privacy and concerns that sensitive or confidential information would be unwittingly released to third parties. The industry insisted that the accountholder give express consent to disclosure and rejected the notion of “constructive consent”. Accordingly, the industry lobbied against the enactment in various states and the UFADAA failed as a national effort at uniformity.
The uniform law commissioners regrouped and negotiated a compromise: the Revised Uniform Fiduciary Access to Digital Assets Act (2015) (“RUFADAA”) which is now pending before the General Assembly. It is likely to pass.
Under the revised act, the user may consent to disclosure of protected electronic communications content either in an online tool provided by the account custodian or if no such designation is made, the user may consent to disclosure in a Will, power of attorney, trust instrument, or other planning document. This express consent will override the terms of service agreements that generally prohibit access or disclosure. Without express consent, the custodians may only disclose a catalogue of communications, not content, unless a court order grants a personal representative access to content, and court may direct disclosure only to the extent specific information is reasonably necessary for the administration of an estate.
RUFADAA puts the obligation squarely on the estate planning community. Planners must address these issues with clients and determine whether the client wishes to permit access or not. For those that would want to permit access to their fiduciary, the documents must have express authority given to the fiduciary. Moreover, because the designation made in an estate planning document only controls if a client has not designated someone in an online tool, the designations made by a single individual ought to be consistent.
Even with such express authority, there are limits to the effectiveness of the access. Recently, Apple and the FBI clashed over access to the San Bernardino bomber’s iPhone. Apple, for its part, would not participate in cracking the password raising privacy concerns. Cellebrite, an Israeli forensic company, reportedly has helped the FBI open the iPhone. [A resolution that seemingly provides no upside to Apple.]
Estate planners, of course, seldom are engaged in national security threats. These same issues, however, will increasingly arise in estates. A recent case involving a father who lost his 13 year old son to bone cancer offers a poignant illustration. The father wanted access to his son’s iPhone photographs and other material. The son had, in fact, given his father access to his iPhone and permitted him to register his thumbprint on the phone’s touch ID software. Unfortunately, the thumbprint ID did not work after the phone had been restarted thereby preventing him from using it to log into his son’s phone. He did not know his son’s passcode. Once again, Apple said that it was unable to crack the password code. Again, Cellebrite has offered to try to break the code to give access to the photographs.
RUFADAA is a step in the right direction to permit us to help clients give their fiduciary access to their digital information and content. As the companies perfect encryption and uncrackable passwords, however, this authority may not be enough. Conventional wisdom is that you should provide someone else access to your passwords so they are able to get into your accounts or phone if necessary. Given the short shelf life of passwords, however, this may be an unworkable solution.
These issues are not easy to resolve. We use our computers and handheld devices to store sensitive financial information and other material, so it is critical that a successor to the user is designated and incorporated as part of estate planning. At a minimum the estate planning community must make sure that their documents adequately provide for fiduciary access or, if the client does not want that, to clearly so provide.