It’s no secret that the law is slow to catch up to technological and societal changes. The internet is still largely governed by laws passed when it was in its infancy (if not earlier), the Supreme Court is only just beginning to apply the Fourth Amendment to cell phones, and, as one family’s case painfully illustrates, fiduciaries in Massachusetts still do not have a clear right to access the digital assets of a decedent or incapacitated person.
The law as it stands today: Ajemian v. Yahoo! Inc.
John Ajemian died without a will in August 2006 as a result of a bicycle accident. Among his assets is a Yahoo! Mail email account. Upon their appointment as co-administrators of John’s estate, his siblings, Robert and Marianne, requested Yahoo!’s assistance to access the email account. Yahoo! agreed to provide certain metadata about the emails, but refused to provide access to the contents of the messages, arguing that (1) it was within its rights to do so under the terms of service governing the account, and (2) disclosing the contents of the emails would violate the federal Stored Communications Act. Robert and Marianne filed suit to gain access to the account in September 2009, and the case has been in litigation ever since.
Although the Probate and Family Court initially dismissed the case on the grounds that the forum selection clause in Yahoo!’s terms of service mandated that the suit be filed in California, the Appeals Court vacated the dismissal in 2013, and remanded the case to the Probate and Family Court to determine whether the Stored Communications Act prohibited Yahoo! from disclosing the contents of a decedent’s emails to the representatives of their estate. The Probate and Family Court subsequently granted summary judgment in favor of Yahoo!, which the Supreme Judicial Court recently reversed on the grounds that (1) the Stored Communications Act does not prohibit Yahoo! from disclosing the contents of the emails, and (2) there was an issue of material fact as to whether the terms of service constitute an enforceable contract.
Why fiduciary access is more important than ever
When John Ajemian died in 2006, Facebook was barely two years old and had not yet surpassed 100 million users. When Robert and Marianne Ajemian first filed suit against Yahoo! in 2009, Facebook had only just surpassed 300 million users and Twitter was just beginning to enter the mainstream. As of the writing of this article, Facebook has surpassed two billion
users and both Facebook and Twitter have become so influential that Congress has held hearings about their impact on the 2016 federal elections.
Beyond social media, the growth of the internet means that it is now possible to conduct all of one’s banking digitally, without the need for paper checks, paper statements or paper bills. In such a situation, the only indication that a person even has an account with a financial institution might be through their emails.
As more and more people access their email exclusively through the internet (as opposed to through a program, such as Microsoft Outlook, which downloads a copy of all emails to the account holder’s personal computer), the ability of a fiduciary to access these accounts becomes increasingly imperative. With no legislation governing access to digital assets by fiduciaries, the ability to gain access to such assets is left to the individual service providers. Some providers now allow some form of fiduciary access, which must generally be setup beforehand by the account holder (e.g., Google’s “Inactive Account Manager” and Facebook’s “Legacy Contact”), but there are still providers, including Yahoo!, which deny fiduciaries access as a matter of policy. Without access to digital assets, fiduciaries may be unable to fulfill their duties.
RUFADAA and the way forward: Balancing fiduciary access with the account holder’s privacy interests
Fortunately, many states have begun to address these issues, mainly by enacting the Revised Uniform Fiduciary Access to Digital Assets Act, or “RUFADAA” (the original Uniform Fiduciary Access to Digital Assets Act, “UFADAA,” was heavily opposed by technology companies and privacy advocates). Under RUFADAA, instructions provided by an account holder regarding fiduciary access, either through a tool provided by the service provider (such as the Inactive Account Manager and Legacy Contact tools mentioned previously) or through a will, power of attorney, trust, or other written record, are legally enforceable. In the absence of instructions provided by the account holder, the account’s terms of service will govern, and if the terms of service are silent on the issue, RUFADAA’s default rules will govern. Thirty-seven states have enacted RUFADAA into law and one state (Delaware) has enacted UFADAA (the principal difference between UFADAA and RUFADAA is that, under UFADAA, fiduciaries are presumed to have access to digital assets unless the account holder explicitly denies them such access). RUFADAA was introduced in an additional six states (plus the District of Columbia) in 2017. Although RUFADAA’s careful balancing of the privacy interests of the account holder with the needs of the fiduciary make it a promising solution to the problem of fiduciary access, it has yet to be introduced in Massachusetts (though two other bills addressing the issue have been introduced).
Unfortunately, until such time as the Massachusetts Legislature sees fit to address this issue, many more Massachusetts residents are likely to encounter the situation faced by the Ajemians.