Legacy Locker

An interesting article went live on the NYT Gadgetwise blog yesterday about a subject near and dear to our business; specifically the piece was about dealing with the digital afterlife, and what is referred to as “morning after” messaging.  The article referred to Legacy Locker (and a few other sites) and stated “many of them charge an annual fee and there’s no guarantee that the companies will outlast your lifetime.”   Following that brusque dismissal, the focus of the piece is on the opinion of Adele McAlear, a marketing and social media expert.

Adele raises many excellent questions regarding digital life and the importance of planning for the future of your digital assets. She also provides several suggestions on how to plan for that future.  However, we believe that while the advice is good in theory, the practical implications are fairly lacking, here are some specific examples.

From Gadget Wise:

“Ms. McAlear recommends leaving your final instructions as an encrypted file on your computer or place them in a sealed envelope or safety deposit box. ‘Just make sure that your digital executor knows where to look and will remember the password,’ she said.”

This sounds like a great idea – except that practically speaking, there’s no easy way to do any of those things.  An encrypted file on a computer is subject to security breaches, hard drive failures, accidental deletion, and a host of other issues.  And finding a digital executor who “knows where to look and will remember the password…”?  Sounds good, but it’s missing the “How, exactly, would this happen?”  It’s a great suggestion with no practical way to execute it.

In my case for instance, nobody knows how my computer’s folder structure works except me.  My PC is personal and private, both by intention and by happenstance.  By the same token, I wouldn’t be able to find anything on my wife’s computer unless she tells me where to look. Also, it’s entirely possible that I don’t want a single individual to administer all of my accounts.  Maybe my wife should handle my Facebook and my email accounts, but my close friend and business partner should administer my blog or sell my domain names.

Essentially, what this post is suggesting is precisely what Legacy Locker does, only without the infrastructure or processes, and without any security, backup, redundancy, or ease of access. Consider:

• Legacy Locker lets you add as many individual accounts (“digital assets”) as you like, including things like your email addresses, your Flickr and Facebook, even the password to your PC
• Each of those assets can be assigned to different beneficiaries who will administer those accounts, and each asset can include accompanying instructions like “please delete my profile here” or “please contact all my friends to let them know when the funeral will take place”
• Legacy Locker has secure encryption and redundant storage for these assets to make sure no gets access to them until they’re supposed to
• Only the information specified will go to a given beneficiary, and you can select as many beneficiaries as you like
• Information and assets are automatically delivered after the account holder’s death is confirmed.  That’s as opposed to a letter in a safety deposit box that might lie unopened, or an encrypted file that’s likely to stay encrypted because someone forgot the password

The post further suggests that everyone

“… keep an inventory of all your log-ins and passwords for all your accounts, such as e-mail, social networks, photo- and video-sharing sites, blogs, Web sites, forums, online gaming, Skype, IM, PayPal, eBay and so on.”

My question is, where should they keep that stuff?  In an excel spreadsheet on your hard drive?  That’s subject to theft, failure, corrupted files, loss, accidental deletion, and numerous other dangers.  Write them down on scraps of paper and keep them in your safety deposit box?  That’s incredibly inefficient, hard to update,  and hard to keep track of (I can’t even think of the last time I went to my bank’s branch during work hours – can you?).

The post also tells us to

“Be sure to specify what you would like to be done with your digital legacy. Do you want your accounts closed? Status changed? Avatars removed?”

Again, while we agree that this is the right thing to do, we think Legacy Locker is the simplest, most straightforward way to actually get it done.  Our service allows you to, in a simple, step-by-step manner, methodically add all of your digital assets to your locker, create special instructions, and specify the appropriate recipient to a given asset.  Without Legacy Locker, a person concerned with their digital accounts after their passing have a lot of hoops to jump through in order to ensure that:

1. their digital assets are accounted for
2. there’s a good way for someone to actually receive those assets
3. the storage and eventual transfer of that information is secure, redundant and up to date

Towards the end, an additional suggestion reads:

“You would do best to choose someone who is Internet savvy and understands how social networks and online accounts function…”

Once again, that’s a great suggestion.  But those people don’t exactly grow on trees.  Not everyone has access to a trusted person who who is a social media expert and techno-whiz, and is also a person with whom you trust your entire digital life. In some ways, this is like telling everyone that instead of seeing a doctor professionally, they should be friends with someone who has medical training and have them treat you when you’re ill.  Or to be friends with someone who’s good at “fixing stuff” rather than see a mechanic when your car starts to spurt smoke from under the hood.

We live in a society of specialization, where professionals become educated and experts in their respective fields.  Legacy Locker is a team of experts who specialize in the best, most secure way to transfer digital information in the event of death or disability.  Trying to ad-hoc a process for transferring critical information is likely to result in loss of data, security failure, and / or a serious imposition on someone you’re trying to shoe-horn into a role that may not be comfortable for them.  Legacy Locker allows you to break parts of your digital legacy into discrete chunks, store and transfer those securely, and apportion them to the people most appropriate to a given task.

We started Legacy Locker for a reason.  There simply was no good way to ensure that the content, accounts, information and other paraphernalia of digital life will be managed or transferred in the event of your death.  We agree with every one of the concerns raised in the NYT article – it’s precisely because of those same concerns that we started this company.  We take this problem very seriously, and we work hand in hand with estate planning attorneys and other estate planning professionals to ensure that we are in lock step with the practical realities of digital estate planning. These are the right questions.  But without Legacy Locker, they’re not the right answers.

Last Friday, our CEO and Founder Jeremy Toeman presented the case for Legacy Locker to a room packed with estate planning attorneys from around the country at the American Bar Association’s (ABA) Real Property Trust and Estate Joint Tax Conference. The ABA is the largest voluntary professional association in the world. With more than 400,000 members, the ABA provides law school accreditation, continuing legal education, information about the law, programs to assist lawyers and judges in their work and initiatives to improve the legal system for the public.

Jeremy’s speech reinforced the idea that online assets have value, and estate planners now need to ensure their client’s online content is protected and preserved. The topic focused on the tangible value of online accounts and assets, how they should be incorporated into estate plans and how Legacy Locker is a valuable tool toward that end.

Panelist Members Included:

Moderator:
Karin C. Prangley, Krasnow Saunders Cornblath LLP, Chicago, IL

Panelists:
Robert N. Karelitz, Fiduciary Trust, Boston, MA
Karin C. Prangley, Krasnow Saunders Cornblath LLP, Chicago, IL
Jeremy Toeman, Legacy Locker, San Francisco, CA

Jeremy speaks about the importance of online assets and Legacy Locker from Jeremy Toeman on Vimeo.

Governments are traditionally behind the curve when it comes to formulating policy around new technology. That is why I was surprised to learn that states like Connecticut, Indiana and Rhode Island now require websites (the “custodians” of electronically stored documents or information) to provide the estate’s personal representative access to online content.

Indiana’s official provision is *IC 29-1-13-1.1* :

* Electronically stored documents of deceased
* Sec. 1.1. (a) As used in this section, “custodian” means any person who electronically stores the documents or information of another person.
(b) A custodian shall provide to the personal representative of the estate of a deceased person, who was domiciled in Indiana at the time of the person’s death, access to or copies of any documents or information of the deceased person stored electronically by the custodian upon receipt by the custodian of:
(1) a written request for access or copies made by the personal representative, accompanied by a copy of the death certificate and a certified copy of the personal representative’s letters testamentary; or
(2) an order of a court having probate jurisdiction of the deceased person’s estate.
(c) A custodian may not destroy or dispose of the electronically stored documents or information of the deceased person for two (2) years after the custodian receives a request or order under subsection (b).
(d) Nothing in this section shall be construed to require a custodian to disclose any information:
(1) in violation of any applicable federal law; or
(2) to which the deceased person would not have been permitted access in the ordinary course of business by the custodian.
/As added by P.L.12-2007, SEC.1./

Parsing the legalese for a moment, this means that the State of Indiana now officially recognizes the value in requiring the inclusion of online assets into the gross estate. Connecticut and Rhode Island have similar provisions but only apply to email accounts (please email me if you know of any additional states). Furthermore, the Indiana provision outlines the elaborate procedure for actually gaining access to online content in Section (b). This could potentially increase the cost of wrapping up an estate due to the burdensome and time consuming procedure for accessing these online assets.

A major issue that I have not seen discussed yet is that Indiana’s progressive measure sets up a conflict between what the State of Indiana wants for their citizenry and what websites will actually disclose. Section (d) Sub 1 & 2 basically take the teeth out of this provision by not requiring disclosure if such disclosure violates applicable federal law (i.e. Digital Millennium Copyright Act) or the decedent would not have been permitted access during the normal course of business (i.e. violates a website’s Terms of Service or Privacy Policy). The latter is a shakier argument but may still work if a website can successfully assert that the deceased had a license to use said website and that license expired upon death.

States like Connecticut, Indiana and Rhode Island want your next of kin to have access to online content and you need to help ensure it. You don’t want your loved ones to be denied access because a website asserts a provision like Indiana’s Section (d) Sub 1 or 2 as a valid exception to enforcement of probate code. Legacy Locker is the perfect resource to circumvent such an escape clause completely and allow your estate representative to include online content into your cumulative estate.

Gregg Delman
Director of Business Development

Disclaimer:
This Blog/Web Site is made available by Legacy Locker, Inc. for educational purposes only, not to provide legal advice. The Blog/Web Site should not be used as a substitute for competent legal advice from a licensed professional attorney in your state.

Please note that the material contained in this blog is not legal advice and is not to be relied upon in a court of law. Furthermore, any federal tax advice contained in this communication, including attachments and enclosures, is not intended or written to be used, and may not be used, for the purpose of (i) avoiding tax-related penalties under Internal Revenue Code or (ii) promoting, marketing or recommending to another party any tax related matters addressed herein.

No matter how protected and technologically advanced a website may be, it’s all for naught if your passwords are weak or your security hints are easily discoverable.

“TwitterGate” is the most recent reminder that many of our passwords are weak and our hinting infrastructure (the supportive questions asked to either refine a secure login or help a person remember an original password) is a giant gaping hole waiting to be exploited. In a quick nutshell: a hacker used publicly available information found on social networking websites and other information-rich sources on the internet to gain a somewhat complete personal picture of Twitter senior employees. The hacker pieced together information from different sources to form a map of an individual’s life that ultimately allowed him to make educated guesses as to what hint answers might be. Through brute technological force, the hacker found out all the personal information he needed to crack into Twitter employees’ Gmail accounts and ultimately gain access to a treasure trove of information.

What does this tell us? That while operating independently our accounts are safe, the online ecosystem of an individual provides enough information to compromise us if we’re not very careful about the personal data we use to gain access to our accounts. Most password hints are items that our best friends usually know about us: favorite movie, pet’s name, favorite actor, street we grew up on, etc. At Legacy Locker, we are very concerned about people utilizing easily discoverable recent historic information or basic personal preferences in this manner. The prevailing thought here is that we need to fundamentally rethink the way we choose our passwords, hints and other secure information. According to a recent publication by professors at Carnegie Mellon, even social security numbers can be guessed based on available information found on Facebook profiles.

Aside from choosing highly improbably guessed passwords, it is important to use hints that are known only to you and no one else. Don’t use clues that have a finite universe of answers, instead use hints that are opinion-based or only you know the answer to. Good examples include your favorite historical figure, the name of your first kiss (even the other girl or boy involved is unlikely to know it was your very first) and your SAT score.

Don’t let the fear of forgetting a password cause you to use easily discoverable hints. Think creatively, have some fun with it and put real thought into your personal security infrastructure so that all of your online assets remain secure and above all, private.

One final word on the subject: make sure your Legacy Locker password is unique and not re-used on any other sites!  This way you can even use Legacy Locker as a “password vault” in case you forget the rest!

UPDATE:
Check out this Slate.com article entitled, “Fix Your Terrible, Insecure Passwords in Five Minutes.”

Gregg Delman
Director of Business Development