Provides for the administration of digital assets; defines terms; authorizes a user to use an online tool to direct the custodian to disclose or not to disclose some or all of the user's digital assets, including the content of electronic communications; provides that this article does not impair the rights of a custodian or a user under a terms-of-service agreement to access and use digital assets of the user; provides for a procedure for disclosing digital assets; makes related provisions.
NEW YORK STATE ASSEMBLY MEMORANDUM IN SUPPORT OF LEGISLATION submitted in accordance with Assembly Rule III, Sec 1(f)
 
BILL NUMBER: A9910A
SPONSOR: Weinstein (MS)
 
TITLE OF BILL:
An act to amend the estates, powers and trusts law, in relation to the
administration of digital assets
This is one in a series of measures being introduced at the request of
the Chief Administrative Judge upon the recommendation of his Surro-
gate's Court Advisory Committee.
The wide use of digital assets has created an urgent need for legis-
lation dealing with the administration of these assets upon the death or
incapacity of the user. As a practical matter, there should be no
difference between a fiduciary's ability to gain access to information
from an online bank or other Internet-based business and the fiduciary's
ability to gain access to information from a business with a brick and
mortar building. This measure would amend the EPTL to restore control of
the disposition of digital assets back to the individual and removes
such power from the service provider.
This measure gives fiduciaries authority to gain access to, manage,
distribute and copy or delete digital assets. It addresses four types of
fiduciaries, namely: a personal representative (executor or administra-
tor) of a decedent's estate; a guardian of a ward or protected person;
an agent acting pursuant to a power of attorney; and a trustee.
In the past, where property was mostly in tangible there was little
doubt of its ownership and control. Indeed, the law recognizes that when
a property owner dies or becomes unable to manage his or her property,
such owner may appoint a fiduciary to manage the property. The role of a
fiduciary subsumes the duty of loyalty, care and confidentiality. The
system has worked well throughout our history. This measure does not
break new legal ground, but merely applies the laws governing fiduciar-
ies to a new type of property.
Service providers protect themselves by requiring a user to agree to a
Terms of Service ("TOS") agreement prior to creating an online account.
In the absence of state laws dealing with the disposition of digital
assets, individuals will likely be subject to the service provider's TOS
if it has a policy regarding the transfer or disposal of the account and
its content. Some service providers have a policy that indicates what
will happen upon the death of a user, but most have no explicit policy.
In addition, there are federal laws that criminalize, or penalize, the
unauthorized access of computers and digital accounts and prohibit most
service providers from disclosing account information to anyone without
the user's consent. These laws include the Electronic Computer Privacy
Act (the "ECPA"); the Stored Communications Act (the "SCA"), which is
part of the ECPA, and the Computer Fraud and Abuse Act ("CFAA"). The
CFAA prohibits unauthorized access to computers and protects against
anyone who "intentionally accesses a computer without authorization or
exceeds authorized access." The SCA contains two relevant prohibitions.
First, the SCA makes it a crime for anyone to "intentionally access
without authorization a facility through which an electronic communi-
cation service is provided" as well as to "intentionally exceed an
authorization to access that facility." Second, the SCA prohibits an
electronic communications service from knowingly divulging the contents
of a communication that is stored by or maintained on that service
unless disclosure is made "to an addressee or intended recipient of such
communication or an agent of such addressee or intended recipient" or
"with the lawful consent of the originator or an addressee or intended
recipient of such communication."
The SCA is often the basis on which service providers refuse to release
the contents of a deceased user's account. In addition to federal priva-
cy laws, there are state privacy laws. All fifty states, including New
York, have enacted criminal laws penalizing unauthorized access to
computer systems. Consequently, without legislation, many service
providers will likely continue to refuse to provide access or to release
content upon the death or incapacity of a user on the basis of privacy
concerns or for fear of facing certain liability.
This measure is based largely on a proposal from the Uniform Law Commis-
sion namely RUFADAA (Revised Uniform Fiduciary Access to Digital Assets
Act) which is a compromise designed to address the serious problems
outlined above and, as well, the concerns of the service providers and
civil libertarians. The only changes from such act are those necessary
to conform it to existing New York law.
This measure, which would have no fiscal impact on the State, would take
effect immediately
 
2016 LEGISLATIVE HISTORY:
Senate 7604 (Senator Bonacic) (referred to Judiciary)
Assembly 9910 (M. of A. Weinstein) (advanced to 3rd Rdg., Cal. 717