Estate Planning for Digital Assets
Yesteryear, assets consisted mostly of tangible and intangible property and money, usually held in bank accounts. While most gratuitous transfers — gifts and bequests — will continue to consist of such property, many people have significant digital assets, such as software, online music and e-books, bitcoins, and money held in the online accounts, that must also be dealt with when they die. Questions that you should ask yourself include:
- What digital assets do you own?
- What rights do you have in regard to those assets?
- What digital assets can or should be transferred?
Many people no longer keep paper statements of their financial accounts, so it may be necessary for the personal representative of the estate to access those accounts to retrieve all the statements, to see what was being paid and possibly how much is still owed. Certain digital assets, such as a blog or website may have to be valued, and possibly sold, if it has value and no heirs want to continue it.
Along with usernames and passwords, you should provide information on how each account is used, if it is not obvious from the nature of the account and from the listed transactions, and you should provide answers to challenge questions so that your personal representative or your heirs are not locked out of your account.
If you keep all of your passwords in a password program, then you should list what that program is, where it is located, and the master password to the program. But you should also list the passwords separately, in case something goes wrong with the software. The password program may provide an option to print all of the passwords.
Because of privacy laws, one provision of the will should be to include the right to access, manage, modify, distribute, and dispose of your digital property and to obtain copies of any electronically stored information from any person or entity that possesses that information. If necessary and possible, include the right to decrypt any information or bypassing, resetting, or recovering any password or any other type of authentication.
What Rights Do You Have in Regard to Your Digital Assets?
Access to most online digital assets requires login credentials, which should be stored securely somewhere, but they should never be left in a will or trust document. You should inform the personal representative for your estate or a close family member, someone that you can completely trust, about the location of this document. Additional information will also need to be provided: automatic payments from bank accounts, including connected accounts such as PayPal accounts and checking accounts, and automatic payments from credit cards. These accounts will have to be closed at your death. Therefore, the executor of your estate would need to have passwords to effectively manage these accounts, or even to know about them. Some online providers may close accounts automatically if they are dormant.
Most software, e-books, and online music are licensed, so most of these assets are not owned by the end-user. The digital asset may be licensed per user or per device. In these cases, you have a license to use, view, or listen to them, but what can be done with such property and whether it can be transferred is governed by the terms of the license. Example: Microsoft License Terms. E-books and music are generally nontransferable and they cannot be legally copied, because most are protected by digital rights management (DRM) software.
Most websites are governed by their Terms of Service. One thing to note about the terms of service is whether there is a provision that specifies what happens after the death of the account owner. If not, most terms of service stipulate that the rights to the online asset are nontransferable. Although you could provide your heirs with login information, it probably would not be legal or it would be a violation of the terms of service. If your heirs live with you, then find out if there is a sharing provision for your family.
Social media websites generally have different policies regarding the death of an account owner. For instance, Facebook and Instagram allow the account to be deleted or to have your timeline to be memorialized once the company receives proof of your death and of the relationship between you and the person giving the instructions. Twitter generally does not give others access to a decedent's account, but will delete the account after receiving specific information. Twitter, for instance, requires additional information about the deceased, including a copy of the death certificate, and proof of your own identification.
The Law Governing the Transfer of Digital Assets
Property owned by the decedent that is held at online accounts, such as money in bank deposits, must be transferred by will, trust, or by a nonprobate transfer. Most banks, for instance, allow you to name a beneficiary of your account in the event of your death, and retirement accounts generally require that you name one or more beneficiaries. In these cases, the beneficiaries will have to provide proof of their identification and proof that the account owner has died, generally by providing a death certificate. The transfer of most other digital assets will be facilitated by supplying login credentials for each of the accounts.
Even with login credentials, access to digital assets may be restricted by law or by a Terms of Service of the service provider or custodian of the digital asset. Online accounts are generally governed by terms-of-service agreements and additional state and federal laws may limit access to these accounts. Additional care should be taken to prevent unauthorized users from obtaining the account information; otherwise, bank accounts could be emptied before they are transferred to the rightful heirs.
The Uniform Fiduciary Access to Digital Assets Act provides rules for how personal representatives of estates can access online accounts. The Act provides some protection against privacy, since the executor does not have carte blanche access to all of the decedent's online accounts, such as email. Access to electronic communications, such as text messages, email, and social media accounts, are restricted unless the personal representative or other fiduciary received the decedent's consent in a will, trust document, power of attorney, or by some other means.
This Uniform Law Commission webpage provides information on which states have implemented the Digital Assets Act or is in the process of implementing it, and even includes tracking information on how the legislation is developing. Even if your state has not enacted the Digital Assets Act, the Act itself does provide good guidance on how to manage digital assets of a decedent.
The Digital Assets Act adopts a 3-tiered approach for accessing digital assets. The 1st tier of the law gives priority to the online providers method of handling inactive accounts of a decedent, such as Google's Inactive Account Manager. Google's tool for instance, allows you to set up a certain email that will be sent to specified persons when your account has been inactive after a certain amount of time. Additionally, Google requests a phone number for the contact so that they can be called to confirm their identity. You can allow your contact to download all the information in your accounts or to delete one or more accounts or all of the accounts.
If an online tool is not available or if the decedent did not use the tool, then the 2nd tier of the law depends on any directions given by the decedent in a will, trust document, power of attorney, or by some other means.
If no other information was provided about online accounts, then the 3rd tier stipulates that the terms of service will govern, which, in most cases, restricts access to the account by anyone other than the account owner.
There are various steps that you should take to ensure that all of your digital assets are covered:
- Create a list of all online accounts and passwords and keep it in a safe place. Using a password manager may be advantageous, since some of them provide a means to reveal all passwords that were used and the websites that they were used on that can be accessed using only a single password. It will also allow your personal representative to see the websites that you visited recently. An online cloud account can also be used, such as Microsoft OneDrive or Dropbox. In fact, it would be a good idea to store all of your estate documents, insurance policies, tax returns, and any other important documents on the website – encrypted, of course! Cloud storage will ensure that all documents are in one or more places, automatically backed up, and the documents can contain links to the relevant websites of your digital assets. Include your digital asset plan in your will or trust document, but do not provide passwords that can easily be read by anyone.
- A will or trust document should include specific bequests, but should also include a general plan to cover those accounts that were not listed in the estate document. After all, online accounts are constantly opened and closed, and most people do not update their estate documents immediately. If a trust is set up, then a pour-over will should have directions about any online accounts that were not included in the trust document. Besides login information, instructions should be provided for each digital asset as to how it should be managed or transferred and to whom.
- There should be specific instructions for the personal representative as to what they are permitted to access. For instance, should they be allowed to read your emails and text messages?
- Photos and video should also be backed up locally, either to thumb drive, external hard drive, DVDs or a home network drive.
- When picking a personal representative, it may be prudent to pick someone who has at least some technical know-how, especially in regard to how websites work in general. Although this is becoming less of a problem as more people migrate to the Internet, there are still many people who have never been online.
Most states require that wills be witnessed as evidence of their authenticity. However, a document supplementing a will that provides passwords and other information should serve as evidence that the decedent actually wrote the document, although â€œshouldâ€ does not mean that the courts will accept that evidence. Indeed, states should soon allow proof of authenticity by allowing the use of private keys to encrypt wills. Then the public keys can be made public so that anyone can decrypt the will, which will serve as proof that the decedent was the author of the will.
Bitcoins or other cryptocurrencies are generally stored in a digital wallet, usually an app on the phone or laptop. A user ID and password will generally be required to use Bitcoins. Digital wallets are generally software that stores private keys which generate public keys to process Bitcoin transactions.
Anyone who has your private key can steal your Bitcoins, even if they are held off-line. If the private keys are lost, then the Bitcoins will be lost; therefore, it would behoove you to backup the private keys. Note however, even if the Bitcoins are held off-line, they may be stolen if you used a private key that was given to you by another user or company. This could happen if that other user's or company's computer was hacked and the private keys were obtained, in which case, the Bitcoins can be spent with those private keys. Therefore, if you receive private keys from another user or company, then you should transfer them to another digital wallet under a newly generated private key so that it cannot be stolen.
There are different types of wallets. Web wallets or online wallets store Bitcoins on a Web server, but you do not actually own those Bitcoins. Instead, the company uses their own private keys to process transactions for which you reimburse them.
Mobile wallets are software stored on mobile phones, which makes them convenient and easy to use, but if the phone is lost or stolen, then the Bitcoins will be lost. Bitcoins can also be stored on computers, but they have the same security issues as phones, though they are less likely to be lost or stolen. The best way to protect Bitcoins is to store them off-line, in so-called off-line or cold-storage wallets. This offers the most security but the least convenience, since it is not connected to the Internet. But for the same reason, it cannot be spent without transferring it to a thumb drive or some other means.
A paper wallet, or so-called cold storage, is simply a printout of all the private keys. Private keys can actually be printed and saved, since the private keys are nothing more than alphanumeric sequences. Remember, if you received the private keys from another user or company, then you should transfer the Bitcoins to use new private keys.
You can own any number of wallets, and it can offer more security to have Bitcoins stored in different wallets on different devices. Additionally, you can bequeath those wallets to particular heirs without stipulating the amount that it contains, which will only be known to the person receiving the passwords. Unlike passwords for online accounts, Bitcoin wallet passwords cannot generally be recovered. Another safety measure is to keep small amounts of bitcoins in any mobile wallet, so that if it is lost or stolen, then the loss will be less.
Bitcoin wallets create private keys internally to use for transactions. Therefore, you must backup the entire wallet to save all of your Bitcoins. A good way to backup the wallet is to encrypt it and back it up to cloud storage in several places, such as Microsoft's OneDrive or Google Drive or Dropbox or others. By encrypting the wallet, even if someone gains access to your online cloud accounts, your wallets will still be secured. Additionally, if something would happen to any of the online services or if the software files would become corrupted on one service, then you still have backups on the other services. Additionally, you should use a strong password to ensure that a copy is kept secure, since if you lose the password, you will lose any Bitcoins associated with that password. A strong password should contain at least 16 characters, including lowercase and uppercase letters, numbers, punctuation marks, and other characters. Generally, such passwords are hard to memorize, so you should have a secure copy of those passwords, stored off-line, where you will easily be able to remember where you put them, even years later. You must also be sure that trusted family members know where the passwords are, because without the passwords, the Bitcoins will be lost.