Planning for Digital Assets in California, Now With Less Uncertainty!

• Publication year: 2017
• Author: By Michael Rosen-Prinz, Esq.

PLANNING FOR DIGITAL ASSETS IN CALIFORNIA, NOW WITH LESS UNCERTAINTY!

By Michael Rosen-Prinz, Esq.^*

I. INTRODUCTION

Californians who use email accounts or own other digital assets,¹ which includes almost everyone in California, should breathe a sigh of relief. On September 24, 2016, Governor Brown signed AB-691-The Revised Fiduciary Access to Digital Assets Act, effective January 1, 2017 ("Cal-RUFADAA").² Cal-RUFADAA added Part 20 to Division 2 of the Probate Code, consisting of sections 870 through 884. The language of the Probate Code sections added by Cal-RUFADAA was substantially based on the Uniform Law of the same name ("RUFADAA") drafted by the Uniform Law Commission ("ULC") in 2015.³

What does Cal-RUFADAA do? At its core, Cal-RUFADAA confirms the right of fiduciaries to receive disclosure of digital assets held by a custodian after the original user's death.⁴ It is easiest to understand this, and why it is important, with a simple example. Consider an email account provided by a custodian or online service provider, such as Google (Gmail) or Yahoo. When an individual opens an email account, she receives a license to use the services provided by the service provider, governed by the terms of service ("TOS") that form a contract between the provider and the user. The user will generally have the ability to send, receive, and store email. That individual might have meaningful personal conversations over email, but also might engage in business dealings, receive bank and other financial statements, or even use the email account as a form of online storage for files or writings. A user will retain property rights over the content of the email account, but the user's ability to access the account or share access to it will be governed by the custodian's TOS. When the user dies, a fiduciary may not be able to access the user's email account or the user's property in that account. The property might be a valuable component of the decedent's estate or necessary for efficient estate administration. By failing to gain access to the account, the fiduciary may be derelict in her fiduciary duties to administer the decedent's estate or trust.

The author's previous article on this topic discussed various types of digital assets, general considerations for planning for digital assets, tips for administration of estates containing digital assets, and the relevant laws prior to the enactment of Cal-RUFADAA.⁵ This article does not repeat the same information, but instead focuses almost exclusively on Cal-RUFADAA. Part I describes the legal environment and problems leading to the enactment of Cal-RUFADAA. Part II, which encompasses the largest part of the article, discusses the provisions of Cal-RUFADAA. Finally, Part III offers a few practical suggestions for trusts and estates attorneys. Additional practical advice is provided in an accompanying "Tips of the Trade" published in this issue of the Quarterly.

One final note about the use of terminology in this article: Under Cal-RUFADAA, a "custodian" is a person who carries, maintains, processes, receives, or stores a digital asset of a user.⁶ The federal Stored Communications Act ("SCA")⁷ discussed below refers to a "service provider," or just a "provider," in reference to the specific services that the Act governs. This article refers to custodians, except in discussions directly referencing the SCA, in which case they are referred to as service providers. A company that provides email accounts or other services that involve maintaining custody of an individual's electronic communications will generally fit under both terms.

A. Prior Existing Law Affecting Fiduciary Access 1. Stored Communication Act

Of the existing laws affecting digital assets, the SCA, a federal law enacted as part of the Electronic Communications Privacy Act of 1986 ("ECPA"),⁸ has had the single greatest effect on fiduciary access. In large part, RUFADAA was drafted, and Cal-RUFADAA enacted, to clarify the circumstances under which a user will have been deemed to grant consent to a fiduciary's access to the content of a user's electronic communications. Despite the fact that most fiduciaries have broad powers, the primary dispute among estate planning attorneys, technology companies and privacy organizations concerns a user's consent to access. The reason is that under the SCA, service providers who provide "electronic communications services" and "remote computing services" to the public are restricted from releasing the content of a user's electronic communications. Although discussed in detail in many other articles,⁹ it is enough to say that providers who offer email or any other messaging services to the public (which excludes employers who provide this service only to employees) are providing electronic communication services and remote computing services, and are therefore subject to the SCA.¹⁰

[Page 10]

Under the SCA, the content of electronic communications, and the non-content record or catalog of electronic communications, are treated differently.¹¹ Using email as an example, the subject line and text would be deemed content, while the date of the message and the identity of the sender and recipient would be non-content. In relevant part, the SCA prohibits disclosure of the content of electronic communications without consent from the sender or recipient; even if consent is provided, such disclosure is at the discretion of the provider.¹² This law has caused providers to be reluctant to disclose the contents of electronic communications of deceased users to the executor of the user's estate or other authorized fiduciary. Providers fear that they could be found liable for violating the SCA because the deceased user did not consent to the disclosure. Generally, prior to the enactment of Cal-RUFDAA or other similar laws, when a fiduciary has been expressly granted powers over digital assets and the right to access the content of electronic communications, it was believed by academics that consent to fiduciary disclosure was implied, and that disclosure would be permitted under the SCA,¹³ although there was no specific legal authority for fiduciaries to make such a claim.

2. Computer Fraud and Abuse Act

The federal Computer Fraud and Abuse Act¹⁴ ("CFAA") is an anti-hacking law.¹⁵ The act criminalizes unauthorized access of computers "used in or affecting interstate or foreign commerce or communication."¹⁶ Although unlikely to be prosecuted, a fiduciary that accesses a decedent's computer or online account covered by the CFAA without explicit consent to do so, and in the absence of Cal-RUFADAA or a similar law, could be in violation of the CFAA.¹⁷ One common example is when a fiduciary discovers a password of the decedent, but has not been granted explicit permission to use that password. By logging in with that password, the fiduciary could be deemed to have accessed the computer or account of the decedent without authorization. Again, it is difficult to imagine a federal prosecutor pursuing such a case, but an attorney must consider her level of comfort in advising a client to violate federal law.

3. California Comprehensive Computer Data Access and Fraud Act

The California Comprehensive Computer Data Access and Fraud Act¹⁸ ("CCCDAFA") criminalizes the action of anyone who "[k]nowingly and without permission uses or causes to be used computer services."¹⁹ It is similar to the CFAA in intent.

B. Dueling Model Acts-UFADAA vs. PEAC

Given the difficulty facing fiduciaries attempting to both comply with federal privacy and criminal laws, as well as effectively administer trusts and estates, two model acts were proposed. The Uniform Fiduciary Access to Digital Assets Act ("UFADAA") was drafted by the ULC in 2014.²⁰ UFADAA's approach was to mandate fiduciary access to digital assets held by custodians, including the contents of electronic communications, and to confirm that fiduciaries were authorized to use or access any other digital assets.²¹ Privacy rights organizations and technology companies virulently opposed UFADAA, in large part because fiduciaries were deemed to have received consent to access a user's digital assets simply through their fiduciary role, and not by any explicit grant of consent, which these organizations and companies believed was a violation of the original user's privacy.²²

Around the same time, NetChoice, a tech industry trade organization, proposed its own model act as an alternative to UFADAA: the Privacy Expectation Afterlife and Choices Act ("PEAC").²³ PEAC allows personal representatives to obtain a court order to receive disclosure of digital assets.²⁴ The personal representative, however, must, among other onerous requirements, indemnify the custodian of digital assets prior to receiving disclosure of those assets.²⁵

Neither act was successful in widespread adoption, likely due to opposition by supporters of the competing act. PEAC was enacted in Virginia, while UFADAA was only made law in Delaware.²⁶

C. One Fiduciary Access to Digital Assets Act to Rule Them All-RUFADAA

In light of the strong resistance to enactment of UFADAA, the ULC worked with technology businesses and privacy organizations to draft RUFADAA in 2015.²⁷ RUFADAA addressed what the ULC believed to be the primary concerns with UFADAA. RUFADAA, despite its title, did not grant fiduciaries "access" to the contents of electronic communications or other digital assets held by custodians but, instead, allowed them to receive "disclosure."²⁸ Furthermore, custodians were not required to make such disclosure based solely on the requestor's fiduciary status. Instead, if a fiduciary was seeking disclosure of the contents of electronic communications, the fiduciary would need to provide evidence of the original user's consent to disclosure, and if, necessary, obtain a court order verifying that consent.²⁹

[Page 11]

RUFADAA covers fiduciaries acting under a will or power of attorney; personal representatives acting for a...