Life is going digital. People increasingly commingle their financial and personal affairs in online accounts, creating a quandary upon their deaths. Personal representatives1 and heirs may have legitimate needs for accessing a decedent’s accounts, but those accounts may also contain information the decedent wished to remain secret. To date, states seeking to legislate around this issue have considered the Stored Communications Act2 (SCA), though the SCA was not meant for probate scenarios.3 The SCA prohibits electronic-communication companies from disclosing a person’s communications to third parties without his or her “lawful consent.”4 Since 2015, a majority of states have enacted legislation governing fiduciary access to digital assets5 that — due to political pressures — presumes that lawful consent requires a decedent’s express authorization, such as in a will.6 Recently, in Ajemian v. Yahoo!, Inc.,7 the Supreme Judicial Court of Massachusetts held that personal representatives may provide lawful consent on a decedent’s behalf, even in the absence of an express authorization in the decedent’s will.8 Ajemian thus undermines the presumption upon which a majority of states’ legislation relies, creating an opportunity for a cleaner policy debate about what the default rules of digital inheritance should be.
John Ajemian died in 2006.9 He left a Yahoo!, Inc. (Yahoo) email account but no will, no instructions for his account,10 and no record of his password.11 John’s siblings Robert and Marianne asked Yahoo for access to that account, first so they could inform John’s friends of his passing and memorial service, and subsequently — upon becoming court-appointed personal representatives of John’s estate — to identify his assets.12 Yahoo confirmed that it retained the contents of John’s account but declined their request.13 Yahoo took the position that the SCA prevented such disclosure.14 Moreover, Yahoo’s Terms of Service agreement included provisions allowing Yahoo to “discard any [of a user’s] Content . . . for any reason” and to act “without prior notice” to “bar any further access to [a user’s] files.”15
After negotiations, Yahoo provided the Ajemians with email header information16 but not the contents of John’s emails.17 Further negotiations failed. In September 2009, Robert and Marianne filed a motion in the Probate and Family Court seeking access to the email contents.18 The probate judge dismissed the complaint on procedural grounds, but the Appeals Court overturned that decision.19
On remand, Judge Casey of the Norfolk Probate and Family Court found that the SCA prevented Yahoo from disclosing the contents of John’s emails and allowed Yahoo’s cross-motion for summary judgment.20 First, he found that the SCA’s agency exception, which allows disclosure to an agent,21 did not apply because personal representatives act on behalf of the appointing court, so they are not a decedent’s agents.22 Additionally, he found that the SCA’s lawful consent exception, which allows disclosure “with the lawful consent of the originator or an addressee or intended recipient of such communication,”23 did not allow Robert and Marianne to lawfully consent on John’s behalf.24 Judge Casey also found that the contents of John’s emails were the property of his estate and, accordingly, that Robert and Marianne “would be entitled to take possession of the emails if permitted by the SCA.”25 Judge Casey separately determined that he could not decide on summary judgment whether Yahoo’s Terms of Service agreement constituted an enforceable contract, since there remained genuine issues of material fact as to whether Yahoo’s Terms of Service “were reasonably communicated to the decedent.”26
The Ajemians appealed, and the Supreme Judicial Court of Massachusetts transferred the case to itself, on its own motion.27
The Supreme Judicial Court vacated and remanded.28 Writing for the panel, Justice Lenk29 agreed that the agency exception did not apply.30 However, the court found that the lawful consent exception allows a personal representative to provide lawful consent on a decedent’s behalf and concluded that the SCA does not prohibit Yahoo from disclosing the contents of John’s emails to Robert and Marianne.31
As it faced a question of first impression,32 the court undertook a statutory interpretation analysis to assess the SCA’s lawful consent provision. Relying on the presumption against preemption, the court presumed that Congress did not intend to encroach on probate law — an area traditionally governed by state regulation — when it enacted the SCA.33 Moreover, it reasoned that interpreting the SCA as limiting lawful consent to express consent would “significantly curtail” personal representatives from performing their duties, especially as financial information — that often came in paper form at the time of the SCA’s enactment — now often exists solely in digital form.34 The court noted that the statutory language does not preclude consent by a personal representative and, moreover, that Congress had elected not to use the language “express consent.”35 It also cited legislative history that indicated that the enacting Congress intended for the SCA to apply to “unautho-rized interception of electronic communications,” rather than estate management.36 The court ultimately “conclude[d] that the personal representatives may provide lawful consent on the decedent’s behalf to the release of the contents of the Yahoo e-mail account.”37
The court agreed that the enforceability of Yahoo’s Terms of Service could not be decided on summary judgment due to remaining issues of material fact, and it remanded the case for further proceedings.38
Chief Justice Gants concurred in part and dissented in part.39 He agreed with the majority’s interpretation of the SCA.40 However, he believed that the court should have gone further and granted Robert and Marianne’s motion for summary judgment.41 Chief Justice Gants observed that Yahoo had not challenged the lower court’s finding that the emails were the property of John’s estate.42 Thus, even if the Terms of Service agreement were fully enforceable, such that Yahoo could discard a user’s contents without risk of liability, it nonetheless “[could not] justify the destruction of . . . e-mail messages after a court orders that they be provided to the user or his or her personal representatives [as s]uch destruction would constitute contempt of a court order.”43
On March 26, 2018, the U.S. Supreme Court denied Yahoo’s parent company’s petition for a writ of certiorari.44
Ajemian implicates an issue of growing relevance: how to weigh a decedent’s privacy against personal representatives’ needs and heirs’ desires. Most states, though not Massachusetts, have recently enacted legislation to address this question, including notably the Revised Uniform Fiduciary Access to Digital Assets Act (RUFADAA).45 RUFADAA conforms to an interpretation of the SCA that Ajemian now calls into doubt, as RUFADAA requires a decedent’s explicit consent for a personal representative to access the decedent’s electronic messages.46 By interpreting the SCA to allow personal representatives to provide lawful consent on behalf of a decedent, Ajemian undermines an assumption on which a majority of states’ legislation relies, opening up the possibility of redefining the default rules of digital estate planning.
The decision in Ajemian contemplates a debate between the needs to manage a decedent’s estate and to maintain a decedent’s privacy. As people increasingly bank online47 and produce digital property of monetary value48 during life, yet leave behind few paper records upon death, access to a decedent’s digital assets is increasingly important for a personal representative. Whereas a personal representative used to look through a decedent’s paper records49 and collect a decedent’s physical mail to learn of the decedent’s financial accounts,50 that information might now be available exclusively in a digital account.51 Moreover, family members may desire access to secure sentimental digital property, such as photographs.52 However, deeply personal information, not even meant for family members, may similarly reside in a given online account.53 Consider messages to doctors, lawyers, or even paramours, as examples.54 While physical records and mail might similarly contain such personal information — and in this way, the tension between privacy and estate administration has always existed — the digital age brings a new question of scale. The potential scope of the privacy invasion becomes much larger as the amount of stored information and the ease with which it can be searched increase. Moreover, digital accounts often contain messages going back several years, whereas a personal representative collecting physical mail would only receive such communications on a prospective basis.55
This debate has broad relevance. Most Americans use the internet regularly,56 yet a majority do not have a will.57 Moreover, others have stale wills that no longer reflect their preferences.58 It is uncontroverted that a decedent who leaves a will authorizing his or her personal representatives to access the contents of his or her emails provides lawful consent.59 Thus, the difficult question is how to respond when a decedent leaves no such record. Default rules will be important, as a decedent’s intent is often unknown.60 Indeed, it is likely that many have not contemplated this issue. Moreover, as people who have wills are “typically older, wealthier, and more educated,”61 the underresourced are those for whom this default presumption will matter most. A potential alternative solution that is more accessible to the broader public is the use of online tools, such as Facebook’s Legacy Contact62 or Google’s Inactive Account Manager.63 However, these tools have not yet become commonplace. As of December 2017, Facebook and Google were the only two major providers that offered such tools.64
The Uniform Law Commission (ULC) has attempted to bring clarity to this issue. In 2014, it promulgated the original Uniform Fiduciary Access to Digital Assets Act65 (UFADAA), intending it “to remove barriers to a fiduciary’s access to electronic records.”66 The draft Act gave personal representatives “the right to access . . . content of an electronic communication” unless the decedent explicitly stated otherwise.67 However, “UFADAA imploded in state legislative halls” due to privacy-related concerns raised by NetChoice — a coalition of internet companies including Yahoo, Google, and Facebook68 — and its allies.69 This pressure led the ULC to promulgate a revised version — RUFADAA — the next year.70
In contrast to its predecessor, RUFADAA requires a decedent’s explicit consent for a personal representative to access the contents of a decedent’s communications. Specifically, RUFADAA requires that a personal representative provide a “record evidencing the user’s consent to disclosure” to gain such access,71 so nondisclosure is the default rule if the decedent did not express any preferences.
RUFADAA attributes its explicit consent requirement to the SCA,72 though political pressures are what drove it to interpret the SCA’s lawful consent provision as necessitating explicit consent. Indeed, the “legislative U-turn” by the ULC — from UFADAA’s treatment of decedent consent to RUFADAA’s — suggests that this was a move of “legislative pragmatism.”73 Indeed, NetChoice endorsed RUFADAA.74 Moreover, without NetChoice’s opposition, RUFADAA has been very successful; since 2015, three-quarters of states have enacted it.75 It is planned for introduction in 2018 in six more states and the District of Columbia.76 As of this writing, Massachusetts has not yet enacted RUFADAA77 or any other such legislation.78
Though the SCA governs privacy for electronic communications, it is incongruous for the SCA to impact probate questions because the SCA was not meant for estate administration and is wildly out of date. Congress enacted the SCA in 1986 to protect citizens’ privacy.79 However, the threats that Congress legislated against were hackers and intrusive government bodies seeking to spy on citizens, not personal representatives seeking to marshal assets.80 Moreover, Congress could not have anticipated the extent of the digital explosion that has occurred since 1986.81 For instance, online banking was not available to U.S. consumers until 1995.82 Despite this, the relevant portions of the SCA have not been amended since the SCA’s 1986 enactment, rendering them decades out of date.83
Notice what this means. As a result of political compromise, email succession law in a vast majority of states relies on a politically compelled and previously untested interpretation of an outdated act that did not contemplate fiduciary administration — not to mention cloud storage — when it was enacted.
Ajemian reframes the policy debate by rejecting the premise that the SCA bars personal representatives’ access to decedents’ electronic communications, and this leaves Massachusetts in an interesting position. Because Massachusetts has not yet enacted RUFADAA, it now has greater latitude to consider what the default digital intestacy rules should be in a contemporary context. If this debate plays out in Massachusetts so that personal representatives secure broader access, other states and the ULC may take that opportunity to revisit the language of RUFADAA. However, this result is subject to contingencies. As Ajemian involved a state court interpreting a federal statute, the extent to which other jurisdictions will follow suit remains to be seen. Moreover, the feasibility of widespread change would depend on other states’ legislatures’ willingness to about-face. In any event, until Massachusetts legislators provide direction on this question, Massachusetts estate planners must sit in limbo.