With the increasing penetration of ICT and the changing culture of the society, users of ICT are accumulating virtual assets of various kinds. For example, people buy domain names through registrars with substantial costs. They may buy web hosting and ASP services. They also hold e-mail accounts and online memberships for many paid service. Many professionals build assets such as “Content”, “Photographs” etc with IPR and place them in the “Cloud”. There are social networking sites such as secondlife.com, facebook.com etc where the users might have built some virtual assets which have the possibility of being converted into cash of the physical world. There could also be accounts such as e-gold, e-commodities etc and which are physical world assets converted into e-assets.
All these assets are today kept at the disposal of an ICT user with the use of an online account maintained normally with a “User Password”.
In other words, whoever holds the password, holds the assets. They hold the virtual key to the virtual asset.
Let’s now imagine the unfortunate event of the death of the virtual asset holder. Now as per the usual expectations, the asset holder is not supposed to have shared his passwords with any person including his own kith and kin. He is also not supposed to have written down his passwords anywhere. In such an event the assets get frozen for no fault of the legal heirs.
The assets include e-mail accounts which may contain valuable correspondence about many of the physical world contracts and assets that the deceased person could have built during his lifetime. If the e-mail account is not accessible by the legal heirs, their rights guaranteed by law could be adversely affected.
Having granted recognition of a “Digital Contract” entered into by a person with the use of electronic documents, there is a need for the regulators to also pass necessary supplementary laws to enable the owner of the digital contractual rights to transfer his rights through the inheritance laws.
Looking at the Indian Cyber Laws as envisaged in the Information Technology Act 2000 (ITA 2000) set to be substantially amended through the Information technology amendment act 2008 (ITA 2008), the current position in India is that there is no clarity on the legal aspects of “Virtual Assets”. Further, ITA 2000 and ITA 2008 has not given recognition to “Will” in electronic form.
In such a situation, if a person approaches a Court of law in India and asks for a succession certificate on the websites owned, passwords posessed etc by a deceased, it is difficult to envisage how the Court would view the request. Similarly, if a person leaves a will in written form but includes in the will his virtual assets some described fully and and some not so fully, (say the passwords which are subject to change from time to time”, will a Court grant a “Letter of Probate”?
Alternatively, if a claimant approaches yahoo.com or gmail.com and requests that he be provided the password of the deceased because he is the legal heir, how will such organization handle the “claim”?
The undersigned calls the society to therefore start thinking on how we go about to protect the virtual assets of persons.
Though the “inheritance laws” are different statutes than the IT laws such as ITA 2000, there is a possibility of providing a relief for such cases under the ITA 2008 through the rules being framed.
For example, the ITA 2008 is going to prescribe “Reasonable Security Practices” to protect “Sensitive Personal Information”.
“Information Security” includes not only prevention of access by unauthorized persons, but also ensuring that the information is “Available” to the authrorised person. Under the OECD principles, as well as the Data Protection Act of EU countries, it is one of the “Rights” of a data subject to access his information which has to be guaranteed by the data controller. In some cases, the liabilities of data protection applies only to data of a “Living person” and hence is not applicable to the data of the deceased persons. This does not however mean that the data of a deceased person can be placed in public domain. In fact “Copyright” on the web content created by a person may vest with his legal heirs for the next 60 plus years ! and therefore has to be accessible to the legal heirs.
Hence “Reasonable Security” includes making the data available to the “Legal heirs”. Hence the rules to be drafted under ITA 2008 can incorporate how the data of a deceased person can be made available to the legal heirs. This would be an obligation cast on the “Intermediaries” who will hold the data.
Naavi.org therefore suggests incorporation of the following provisions in the ITA 2008 rules:
1.Every intermediary shall demand and obtain the name/s of persons to whom the assets in the name of the service users is nominated. The nominees will be required to provide proof of death of the account holder and submit a claim on the account.
2. Every intermediary should create a “Claims-Ombudsman” to handle the claims.
3. Disputes arising due to inheritance not resolved by the ombudsman should be met through an “Arbitration” for which provision has to be made by the service provider.
4.Virtual assets of persons reported deceased need to be archived securely to enable the claimants to complete the legal formalities that may be necessary for the claims to be settled and should not be removed automatically after expiry of some time in which the account has been inactive.
5.Before removing any data on account of an account being inactive, the service provider should make efforts to reach out to the account holder’s last known physical address.
6. Just as the Banking system turns over the money in unclaimed accounts to the Government, the unclaimed virtual assets of a person should be archived with either a Government agency or a trusted private agency designated by the service provider and accepted by the account user as a part of the terms and conditions of the account creation.
Naavi who presently provides the Cyber Evidence Archival Center is developing a “Virtual Inheritance Assistance Center” at www.ceac.in which will provide necessary guidance to Intermediaries (e-commerce sites, web hosting or domain name registration companies) on setting up of necessary procedures for inheritance management for their clients. It will also provide support and assistance to the public to claim and retrieve virtual assets of deceased persons.
Naavi of www.naavi.org
4 users commented in " Inheritance of Virtual Assets "
Follow-up comment rss or Leave a TrackbackA pure hypothetical story. In fact incorrect and useless as well. Na Vijayshanker (Naavi) you must consult some good legal person who can tell you when a law comes into force. The information technology amendment act 2008 has still not been notified and till it is nitified it is useless. even the law minister mr. molly has said new amendments would be made to the existing cyber law of India. Even other techno-legal experts of India have clarified the issue as well. With a highly defective and weak cyber law your story seems to be a fairy tale. Are you expecting our legislators to enact laws on the lines suggested by you? When they cannot even enact the basic cyber law, this sort of law making is simply beyond their capabilities. Wake up and be realistic mr naavi.
Dear Jayesh, (alias ….)
Don’t You think that you are flying at a tangent and attacking ITA 2008. Any way you seem to be totally ignorant on what is happening on the ITA 2008 front. Please do collect necessary information before misquoting Ministers. What Mr Moily has spoken of is that the amendments to ITA 2000 would be notified at the earliest and not that amendments to ITA 2008 would be taken up.
This article is not on ITA 2008 except to the extent it points out that the rules are in the making and therefore there is a possibility of some of these suggestions to be incorporated.
This is a forum for debate and I am placing my views. If it is considered by the legislators, it is fine. If not, it will be one other suggestion which I will keep pursuing. Like many other suggestions of mine, it will become a reality some time later.
Time will tell who is sleeping and who needs to wake up.
I can suggest one thing; usually in all other legislations we learn from the past and make laws that suite to the present day, whereas with regard to the IT Act we need to foresee the disputes/issues in the cyber world and frame appropriate law, because if we go in conventional way by the time we make a law it become obsolete.
It is also nothing wrong to envisage amendments to upcoming law (ITA2008) because the area is very dynamic. I even suggest that we should come up an amended IT Act periodically, let us say for every 3/5 years then only we will be abreast to changing nature of the cyber offences.
Let us not undermine our capabilities. We need to realize that we are the first few countries to come up with a law (IT A 2000) with regard to cyber offences.
i need to find a insurance and i need to get the reciepts from back bank statements. the bank whouldnt give them to me whats the law on this.can you help my mother pass i need to find lost insurance policey and that why i need this question anserwed.
Leave A Reply