Legacy Locker

Last Friday, our CEO and Founder Jeremy Toeman presented the case for Legacy Locker to a room packed with estate planning attorneys from around the country at the American Bar Association’s (ABA) Real Property Trust and Estate Joint Tax Conference. The ABA is the largest voluntary professional association in the world. With more than 400,000 members, the ABA provides law school accreditation, continuing legal education, information about the law, programs to assist lawyers and judges in their work and initiatives to improve the legal system for the public.

Jeremy’s speech reinforced the idea that online assets have value, and estate planners now need to ensure their client’s online content is protected and preserved. The topic focused on the tangible value of online accounts and assets, how they should be incorporated into estate plans and how Legacy Locker is a valuable tool toward that end.

Panelist Members Included:

Moderator:
Karin C. Prangley, Krasnow Saunders Cornblath LLP, Chicago, IL

Panelists:
Robert N. Karelitz, Fiduciary Trust, Boston, MA
Karin C. Prangley, Krasnow Saunders Cornblath LLP, Chicago, IL
Jeremy Toeman, Legacy Locker, San Francisco, CA

Jeremy speaks about the importance of online assets and Legacy Locker from Jeremy Toeman on Vimeo.

Governments are traditionally behind the curve when it comes to formulating policy around new technology. That is why I was surprised to learn that states like Connecticut, Indiana and Rhode Island now require websites (the “custodians” of electronically stored documents or information) to provide the estate’s personal representative access to online content.

Indiana’s official provision is *IC 29-1-13-1.1* :

* Electronically stored documents of deceased
* Sec. 1.1. (a) As used in this section, “custodian” means any person who electronically stores the documents or information of another person.
(b) A custodian shall provide to the personal representative of the estate of a deceased person, who was domiciled in Indiana at the time of the person’s death, access to or copies of any documents or information of the deceased person stored electronically by the custodian upon receipt by the custodian of:
(1) a written request for access or copies made by the personal representative, accompanied by a copy of the death certificate and a certified copy of the personal representative’s letters testamentary; or
(2) an order of a court having probate jurisdiction of the deceased person’s estate.
(c) A custodian may not destroy or dispose of the electronically stored documents or information of the deceased person for two (2) years after the custodian receives a request or order under subsection (b).
(d) Nothing in this section shall be construed to require a custodian to disclose any information:
(1) in violation of any applicable federal law; or
(2) to which the deceased person would not have been permitted access in the ordinary course of business by the custodian.
/As added by P.L.12-2007, SEC.1./

Parsing the legalese for a moment, this means that the State of Indiana now officially recognizes the value in requiring the inclusion of online assets into the gross estate. Connecticut and Rhode Island have similar provisions but only apply to email accounts (please email me if you know of any additional states). Furthermore, the Indiana provision outlines the elaborate procedure for actually gaining access to online content in Section (b). This could potentially increase the cost of wrapping up an estate due to the burdensome and time consuming procedure for accessing these online assets.

A major issue that I have not seen discussed yet is that Indiana’s progressive measure sets up a conflict between what the State of Indiana wants for their citizenry and what websites will actually disclose. Section (d) Sub 1 & 2 basically take the teeth out of this provision by not requiring disclosure if such disclosure violates applicable federal law (i.e. Digital Millennium Copyright Act) or the decedent would not have been permitted access during the normal course of business (i.e. violates a website’s Terms of Service or Privacy Policy). The latter is a shakier argument but may still work if a website can successfully assert that the deceased had a license to use said website and that license expired upon death.

States like Connecticut, Indiana and Rhode Island want your next of kin to have access to online content and you need to help ensure it. You don’t want your loved ones to be denied access because a website asserts a provision like Indiana’s Section (d) Sub 1 or 2 as a valid exception to enforcement of probate code. Legacy Locker is the perfect resource to circumvent such an escape clause completely and allow your estate representative to include online content into your cumulative estate.

Gregg Delman
Director of Business Development

Disclaimer:
This Blog/Web Site is made available by Legacy Locker, Inc. for educational purposes only, not to provide legal advice. The Blog/Web Site should not be used as a substitute for competent legal advice from a licensed professional attorney in your state.

Please note that the material contained in this blog is not legal advice and is not to be relied upon in a court of law. Furthermore, any federal tax advice contained in this communication, including attachments and enclosures, is not intended or written to be used, and may not be used, for the purpose of (i) avoiding tax-related penalties under Internal Revenue Code or (ii) promoting, marketing or recommending to another party any tax related matters addressed herein.

No matter how protected and technologically advanced a website may be, it’s all for naught if your passwords are weak or your security hints are easily discoverable.

“TwitterGate” is the most recent reminder that many of our passwords are weak and our hinting infrastructure (the supportive questions asked to either refine a secure login or help a person remember an original password) is a giant gaping hole waiting to be exploited. In a quick nutshell: a hacker used publicly available information found on social networking websites and other information-rich sources on the internet to gain a somewhat complete personal picture of Twitter senior employees. The hacker pieced together information from different sources to form a map of an individual’s life that ultimately allowed him to make educated guesses as to what hint answers might be. Through brute technological force, the hacker found out all the personal information he needed to crack into Twitter employees’ Gmail accounts and ultimately gain access to a treasure trove of information.

What does this tell us? That while operating independently our accounts are safe, the online ecosystem of an individual provides enough information to compromise us if we’re not very careful about the personal data we use to gain access to our accounts. Most password hints are items that our best friends usually know about us: favorite movie, pet’s name, favorite actor, street we grew up on, etc. At Legacy Locker, we are very concerned about people utilizing easily discoverable recent historic information or basic personal preferences in this manner. The prevailing thought here is that we need to fundamentally rethink the way we choose our passwords, hints and other secure information. According to a recent publication by professors at Carnegie Mellon, even social security numbers can be guessed based on available information found on Facebook profiles.

Aside from choosing highly improbably guessed passwords, it is important to use hints that are known only to you and no one else. Don’t use clues that have a finite universe of answers, instead use hints that are opinion-based or only you know the answer to. Good examples include your favorite historical figure, the name of your first kiss (even the other girl or boy involved is unlikely to know it was your very first) and your SAT score.

Don’t let the fear of forgetting a password cause you to use easily discoverable hints. Think creatively, have some fun with it and put real thought into your personal security infrastructure so that all of your online assets remain secure and above all, private.

One final word on the subject: make sure your Legacy Locker password is unique and not re-used on any other sites!  This way you can even use Legacy Locker as a “password vault” in case you forget the rest!

UPDATE:
Check out this Slate.com article entitled, “Fix Your Terrible, Insecure Passwords in Five Minutes.”

Gregg Delman
Director of Business Development

When thinking about your “Online Assets”, have you ever wondered what happens to YOUR photos?

Last week, I flew back east to help my grandmother move out of her apartment in Brooklyn. She dusted off about a dozen old picture albums from the 1920’s onward and painstakingly went through each and every photograph. That’s when it occurred to me: I won’t have picture albums. All I have are Facebook, Flickr and Picasa albums. When I’m an old man, the only thing I will be dusting off is my laptop.

So how will I bore my grandchildren with all of the photos from my lifetime? Unless I go through the hassle of downloading each picture to a backup drive and re-label everything accordingly, the answer is that I’d better plan a way for my progeny to access my pictures. It’s wonderful that my photos will never degrade but what’s the point if they’re lost or inaccessible? Also, what if something happens to me suddenly and unexpectedly? Unless my albums are public, there is no easy way to access and then download all of the thousands of pictures I’ve uploaded to the various photo sharing websites. Another question I had was whether I even own those pictures once I’ve uploaded them to the cloud.

So I did some digging about various website’s photo policies.

Facebook (http://www.facebook.com/terms.php)
When you upload photos to Facebook, you’re agreeing to give the site the right to do anything they want with any of your photos for any reason. Once you remove your photos from Facebook, a copy of it may still exist in their data archives, but their user agreement states it will no longer be utilized by the site for any purpose. So basically, you’re trusting Facebook with all of your personal memories. Regardless, third party access to the site content of an individual may be challenging in the first place (see previous posting on “Looking at the Facebook Death Policy”).

Flickr (http://www.flickr.com/creativecommons/)
Flickr is a little fancier in that it allows you to control who can do what with your photos. However, this policy only extends to other users and not the company itself. So, Flickr can use your photos, but you can limit other people’s ability to copy your photos. It’s also important to review its owner’s policies (Yahoo!) concerning photo content. Basically, you’re agreeing to let Yahoo! do whatever it wants with your content, which your next of kin will probably need to obtain a court order to access if user names and passwords are not available.

Photobucket (http://photobucket.com/terms), Picasa (http://picasa.google.com/intl/en_US/web/tos.html), Kodak (http://www.kodakgallery.com/TermsOfService.jsp) and Shutterfly (http://www.shutterfly.com/help/terms.jsp)
The good news is that not all websites claim ownership rights to your content. The above sites all allow you to keep full ownership rights of your content. The only catch is that these companies retain all patent, trademark and copyright to any content you submit, post or display, and you are responsible for protecting those rights. Furthermore, by submitting, posting or displaying content, you grant these websites a worldwide, non-exclusive, royalty-free license to reproduce, adapt, distribute and publish such content, including RSS or other content feeds, and other services. In addition, by submitting, posting or displaying content which is intended to be available to the general public, you grant a worldwide, non-exclusive, royalty-free license to reproduce, adapt, distribute and publish such content for the purpose of displaying, distributing and promoting their services.

Despite retaining some rights, these websites will discontinue licensed use within a commercially reasonable period after your content is removed. Remember, this is completely opposite Flickr’s and Facebook’s stated policy. For those of you who really value your online content, make sure you’re using a service that recognizes your ownership rights. Also, take precautions to ensure future generations will have access to the content you’ve spent a lifetime creating.

Gregg Delman
Director of Business Development

Disclaimer:
This Blog/Web Site is made available by Legacy Locker, Inc. for educational purposes only, not to provide legal advice. The Blog/Web Site should not be used as a substitute for competent legal advice from a licensed professional attorney in your state.

Please note that the material contained in this blog is not legal advice and is not to be relied upon in a court of law. Furthermore, any federal tax advice contained in this communication, including attachments and enclosures, is not intended or written to be used, and may not be used, for the purpose of (i) avoiding tax-related penalties under Internal Revenue Code or (ii) promoting, marketing or recommending to another party any tax related matters addressed herein.