“Your secrets are safe with us”: The struggle between privacy rights and fair access to digital records of the deceased

Science, Technology, and the Law

“Your secrets are safe with us”: The struggle between privacy rights and fair access to digital records of the deceased

“When I am dead I will not care

How future generations fare,

For I will be so unaware. . . .”[1]

          -Robert William Service

 

In 2004, my father passed away. He left a will that gave all of his assets to my mother. My mother had to make sure she had all the account information and any relevant passwords since without my father around, we would be locked out of all the important accounts.

Not only did my father have protected financial accounts, but he also had a computer that was connected to the servers that he had installed in his office. Being an inquisitive pre-teen at the time, I would use my father’s computer and just “explore” not only the web, but also my father’s computer itself. My father was gone and I wanted to learn more about him. His office, and his computer, became substantially more valuable to me because I could learn more about him and he was not there to tell me to stop snooping around.

My father was a private man that rarely spoke about his upbringing. There might have been things that he as my father did not want me to find out about him, such as his terrible smoking habit. Even though my father had passed and was not there to kick me out of his office, my father’s desire for privacy was still present. For example, there were still locked cabinets in his office. There were also some files that I could not access on his computer.

My personal story coincidently reflects the struggle between the privacy rights of a deceased individual and the right of information as well as execution of that person’s estate. This struggle has intensified substantially with the societal dependence on technology. Society has reached the point where, arguably, everyone may have some form of a “digital estate” or at least some form of digital assets. Essentially, a person’s “digital estate” includes things like financial and social media accounts that are used for everything in your daily life, like banking and loan repayments.[2]

 

  1. Grieving Families and Digital Records

 

As I said previously, my father passed away in 2004. Before his passing, he entrusted everything to my mother in a will. At the time, not every single aspect of life was accessible through a smartphone. For example, my mother would have to know all the relevant information beforehand so she could call a representative and discuss the account or matter. This is no longer the case.

In 2006, John Ajemian passed away.[3] John did not have a will and his siblings were appointed as personal representatives of his estate.[4] As representatives of his estate, John’s siblings contacted Yahoo to receive a copy of his sent and received e-mails from his Yahoo e-mail account.[5] Yahoo refused.[6] Since Yahoo’s original refusal, this case has been litigated for more than a decade.[7]

In the Ajemian case, John was an adult who passed away and his siblings were court ordered to execute his estate[8]. Unfortunately, many people die suddenly and not only is there a need for access to their digital accounts to aid in executing estates, but sometimes just for basic answers. Four cases that showcase this unfortunate situation are that of the Stassen, Rash, Linn, and Ellsworth families.

Ben Stassen was a student at the University of Wisconsin when he took his own life in 2010.[9] His parents attempted to access his digital accounts not only as heirs of his estate, but also as grieving parents.[10] When the Stassen family contacted Google for a copy of their son’s records, Google complied without any problems.[11] However, Facebook flatly rejected the Stassen’s request for Ben’s records.[12] After a long legal battle, Facebook eventually agreed to disclose Ben’s records to his parents, if they agreed to never disclose or share the contents of the records.[13] The Stassens begrudgingly agreed.[14]

Unfortunately, the Rash family also lost a son to suicide.[15] Like the Stassens, the Rash family wanted to see their son’s Facebook profile in an attempt to understand why their son chose to take his own life.[16] Unable to access their son’s Facebook profile, the Rash family requested the information directly from Facebook.[17] However, Facebook refused to give them information citing federal and state privacy laws.[18] Eventually, after a year since their son’s death, the Rash family was given limited information from their son’s Facebook account by Facebook.[19]

In 2004, Lance Corporal Karl Linn was killed after his unit was ambushed in Iraq.[20]  During his time in Iraq, Linn would connect with the outside world using his Mailbank.com account to publish posts and pictures of his activities in Iraq.[21] After learning about their son’s death, the Linns contacted Mailbank.com Inc.[22] Much like Facebook in the Stassen and Rash cases, Mailbank.com said that they “empathiz[e] with the family’s situation, [but] its first priority is to protect the privacy of its customers.”[23] It is unclear whether the Linn family ever received their son’s records from Mailbank.

Similar to Lance Corporal Linn, Lance Corporal Justin Ellsworth was killed in Iraq while defusing a roadside bomb in 2004.[24] Justin’s father, John Ellsworth, wanted to access his son’s Yahoo e-mail account but was denied, similar to the Ajemian siblings.[25] Eventually, John Ellsworth was able to have a Michigan court order Yahoo to transfer the contents of Justin’s Yahoo e-mail account.[26] This eventually led to Yahoo giving the Ellsworths a CD that contained over 10,000 pages of material from Justin’s account.[27]

Even though Mailbank, Facebook, and Yahoo may empathize with the families of the deceased, they continuously uphold the privacy rights of their original customer. Google sums this up bluntly, “[p]eople expect Google to keep their information safe, even in the event of their death.”[28] While people may admire these technological platforms and services for their stern approach to protecting data, the lack of access to records after a client’s death is troubling. For many of the cases previously mentioned, the records of the e-mail or social media services held priceless answers and information for those families. Eric Rash, was 15 with dreams of going to Harvard Law School, and then killed himself without leaving a note to explain why.[29] In cases like Eric Rash, the digital records of these services may hold the key to closure and understanding. However, as Helen, the mother of Ben Stassen said, “[m]ost people will never be able to do what we were able to do. We could prevail because we are educated, we had means, we had tenacity…and Jay [Ben Stassen’s father] is a lawyer.”[30]

There are several problems with the current handling of privacy protections for the dead by these service providers. As showcased above, parents and family members are either completely denied access to their relative’s records or engaged in a legal battle that added to the emotional suffering of grieving family members. This is not including the financial cost of litigating these matters in court. Currently, most of the major service providers have detailed instructions that show the many necessary documents and steps family members need to potentially gain access to the specific records. For example, Google requires a list of detailed information as well as a signed court order.[31] Below are two screenshots from Google’s form to request documents of a deceased person’s records:

 

 

 

 

Out of the previously mentioned cases, Google was the service provider that readily gave the family members the requested documents.[32] Presumably, that happened after the family members provided a court order, a valid driver’s license, a valid death certificate, among other verifiable data.

Contrary to Google’s record of fulfilling requests, Yahoo takes a different approach. Below is a screenshot from Yahoo’s page about fulfilling such requests.

 

Based on the previously mentioned cases, Yahoo has a negative reputation for fulfilling these types of requests. Additionally, it is Yahoo’s official company policy for the deceased’s account to be suspended or deleted.[33] Furthermore, this policy has continued after the purchase of Yahoo by Verizon.[34] The current terms of Yahoo clearly state that “any rights to [the account] terminate upon the account holder’s death.”[35]

The comparison between the approaches of Google and Yahoo exemplify two issues: 1) the arbitrariness of giving account data to survivors of an estate and 2) the arbitrariness of privacy protections for the dead.

When dealing with requests for records of deceased parties, there is no regulated response. Each service provider comes to its own conclusion and process of how to respond to such requests. Not only is this a problem for executors of an estate, but it could also be a problem for the original owner of the records who is now deceased. Many people die suddenly and do not have the opportunity or the means to write a will, let alone write all their passwords and directions to access their digital accounts. The internet service providers have good intentions behind their hawkish protection of the deceased’s records. Unfortunately, it hampers not only the family members’ abilities to execute the deceased’s estate, but protecting the records may be against the wishes of the deceased. Also, even if an account holder has provided all their account login information for their family members, this is usually considered a violation of the terms of service and the account can be suspended or terminated.[36] This has led to cases like Ajemian and will continue to lead to similar cases.

However, on the opposite end of this argument, there might be records that the deceased never wanted to be exposed, especially to family members. For example, an LGBT teenager discussing their romantic relationship while trying to not let their strictly conservative parents find out about their sexual orientation. Even though they have passed away, they may have never wanted their parents to know certain aspects of their life. Thus, it is not unreasonable for service providers to continue to fulfill their duty to a customer’s privacy, until they have a substantial reason not to.

Another concern that unfortunately arises from these positions is whether a parent’s right as a parent to watch over their child is in conflict with privacy laws. Many of the cases that are reported on are from parent’s who have lost young children. Mr. Fabberetti, who has gone to great lengths to access his deceased son’s iPhone, has stated that a child should not have an iPhone. He continues to say that it prevents the parents from monitoring the child, which is needed to protect children, especially minors.[37] These parents believe they not only have a right to their children’s accounts as heirs to the deceased’s estate, but are automatically entitled to it as parents. It is also interesting to note the difference between how service providers address age. Some internet service providers say that “you need an adult’s permission” or they have installed an age block system. There is also legislation in place to protect children from having their data recorded and abused.[38] Then, if the child dies, the parents cannot access the information. This shows the immediate conflict between the right of the parents to know the actions of their child and the privacy of the child.

However, even if a parent has the account information to access their child’s account, they may face some difficulties. For example, in a case from Germany, the parent’s had all the login information for their child’s Facebook account.[39] However, when Facebook was notified of the child’s death, they locked the account and prevented anyone from accessing the account.[40] It appears to be hypocritical for these companies to follow steps to protect users who are children, but then to completely change their approach once the user has passed away. The data and the records of the user do not change once a user has passed away, but the companies act like the data has changed. Therefore, it appears that there is an unusual approach to where parents are entitled to their living children’s digital assets, that is then revoked when the child dies.

The different approaches of the service providers also emphasize the differences in handling of data of the deceased. It is interesting to note that parties requesting data could potentially receive all the records in their entirety, only some of the records, some of the records but without data of third parties, or a complete denial of any records. It is confusing that providers vary on their dedication to privacy. Please revisit the hypothetical of the teenager. The teenager never wanted the outside world, especially their parents to see their digital records. If that is the desire of the account holder, the service provider has a duty to not disclose their information. If this information, that was supposed to be protected, is then released it could lead to several claims including breach of contract and negligence. This may even lead to potential litigation where the data of a deceased person was revealed and the estate brought forth a complaint against the disclosure of the data.             Thus, even if the internet service providers wanted to be more forthcoming with records, they could find themselves involved in multiple lawsuits.

The current disclosure of such records is controlled by a mixture of the terms and services of the companies themselves as well as the Electronic Communications Privacy Act (ECPA) and the Computer Fraud and Abuse Act (CFAA).[41] The ECPA aims to protect the data held by public electronic communication services (ECS) and remote computing services (RCS) from the government without following proper procedures. The ECPA defines an ECS as “any service which provides to users thereof the ability to send or receive wire or electronic communications.”[42] It goes on to define a RCS as “the provision to the public of computer storage or processing services by means of an electronic communications system.”[43] To simplify the definitions, an ECS is any provider that allows for communication between members of the public such as any social media or e-mail service provider. A RCS is a provider that stores items or files for members of the public such as Dropbox. Therefore, the ECPA covers nearly every digital service, especially the titans of the industry like Facebook, Yahoo, and Google.

ECS and RCS providers do not only have to worry about U.S. privacy laws, but also international privacy laws, specifically European laws. For example, the family of a German girl, who died after falling in front of a train, also tried to petition Facebook for access to the girl’s account.[44] Similar to the Rash family, this family was attempting to access the account to determine if the young woman’s death was an accident or a suicide provoked by bullying.[45] Following the pattern established in the U.S., Facebook constantly rejected the request.[46] The German case is even more complicated since it involves Facebook’s “memorialized” feature. When Facebook receives a notification that a Facebook profile holder has died, they “memorialize” the page. This means that the photos and posts that the account holder shared remain visible, but it is impossible to log into the account.[47] The court based their decision on a telecommunications secrecy law that was previously ruled to protect the privacy of telephone conversations as well as emails.[48] Facebook repeated the familiar refrain stating: “At the same time we are sympathetic towards the family and respect their wish. We are making every effort to find a solution which helps the family at the same time as protecting the privacy of third parties who are also affected by this.”[49]

Apple has also come under fire by parties in the U.S. and Europe for its dedication to its customer’s privacy after death. Even though Apple is known for building computer and smartphones, Apple has multiple services, like its cloud storage feature and email service, that could categorize it as either or both an ECS or a RCS. After the terrorist attack in San Bernardino, California, the FBI asked for Apple’s assistance in creating a “backdoor” program that would allow for FBI investigators to circumvent the terrorist’s iPhone passcode mechanism.[50] Apple refused.[51] The case was headed to court until the FBI managed to access the iPhone on its own.[52] In a less famous scenario, an Italian father pleaded with Apple executive Tim Cook to unlock his dead son’s iPhone to access the files left on it.[53] Apple again refused.[54]

Therefore, not only are grieving family members being forced to work around terms of service contracts, but they also have to deal with ECS and RCS providers worried about not breaking ECPA and other international statutory privacy protections. Family members also may have to worry that they themselves are not breaking the CFAA in attempting to access the records. The fact that there are so many obstacles for the government to access digital records makes it even more difficult for family members and executors of estates.

It appears that the service providers are doing their best to protect themselves within the established contract of the terms and services agreements while also not earning the ire of international governments. The current framework for the request of records of a deceased person is dependent on the service provider and should be more efficient and regulated. It makes no sense for grieving family members to go through multiple requests for important data just to go to court and have varying levels of success which may not only create a more emotional burden, but may also lead to more financial and legal problems.

 

  1. Death and the Internet Search

 

Besides the immediate records that compromise a digital estate, another privacy concern for the deceased is the information of oneself indexed by search engines. People around the world have various reasons to keep their digital anonymity, ranging from preference to physical protection from possible violence. There may be an argument that after death, a deceased person is not entitled to privacy related to public information such as whatever comes up in a traditional search engine search request. However, regardless of personal beliefs, it should be the decision of the individual person whether they want to be listed in search engine results or not. Some European courts have ruled that someone can be delisted in the EU.[55] Currently, there is very little, if any, case law about delisting someone from search engine results after they have passed away.

In Spain, a Paraguayan citizen brought a claim against Google for rejecting his petition for delisting.[56] He further argued that for him to be truly delisted, the delisting request needs to be global.[57] La Audiencia Nacional, also known as the Spanish National Court, ruled that there is a right in Spain to be delisted.[58] However, that court refused to extend the right of delisting to all European Union citizens and ruled that the complainant did not have standing because they lacked sufficient connection to the European Union.[59]

However, this presents the following legal quandaries: 1) What if someone wants to be delisted globally? 2) What about people circumventing geographical IP blocks and reaching a different version of a search engine that is not following the delisting requests? 3) What does all of this mean for people who want to exercise their right to be forgotten once they pass away?

Currently, delisting is at the mercy of the service provider and national governments. For example, the national data agency of France is a big proponent of complete and global delisting.[60] However, the courts in U.S. have blocked foreign court orders for delisting in the United States saying that it directly infringes on the 1st Amendment and free speech protections.[61]Also as stated in the Spanish case with the Paraguayan citizen, the Audiencia Nacional seemed to imply that the Audiencia Nacional in Spain could only allow for delisting in Spain, nowhere else.[62] With the differing opinions of delisting in national courts, global delisting appears to not be possible.

To further complicate a request for delisting, internet users can access different variations of search engines that may not adhere to the delisting requests. For example, as an internet user in the United States, I can access a search engine for a different country such as Google.cl for Chile or Google.fr for France. This was also a similar concern in the LICRA v. Yahoo cases that occurred in France and in the U.S. France has a law that prohibits the exhibition of Nazi propaganda for sale and also prohibits French citizens from purchasing or possessing such material.[63] Yahoo followed the French law and prevented access to the Nazi auctions through the French variation of Yahoo, www.yahoo.fr.[64] Eventually, La Ligue Contre Le Racisme Et L’Antisemitisme (LICRA) discovered that they could still access the offensive material on yahoo.com in France.[65] Thus, showing that for true delisting to occur, it must be global.

All these ambiguities create problems for people who want to exercise their right to be forgotten. For example, if someone was trying to avoid a person or group of people from finding them, delisting is a very useful tool. Another concern is an issue of legacy for people who have passed away. For example, it is not unheard of for people to commit crimes in their youth to then change and have their previous charge expunged. It is also not unheard of for someone to be charged with a crime to then be acquitted or have the case dismissed. With search engines able to provide thousands and maybe millions of results solely based on a person’s name adds to the potential that some unsavory facts or lies may be shown to the search engine user. For example, there is a website called Mugshots.com that publishes mug shots of thousands of mug shots of people who have been arrested, but who may not have been convicted of a crime.[66] There are several websites similar to Mugshots.com that post mug shots even though a person’s record may be expunged or the case was dismissed.[67] Besides the obvious harm that this may cause a living person, this may be information that a deceased person would not want family and friends to discover.

 

  • Data Breaches and the Deceased

 

Besides the privacy rights that a deceased person may have or may want to exercise, deceased parties may still be at risk of their data being exposed. With substantial and numerous data breaches happening to several businesses and service providers, even if a company takes its privacy very seriously, it may inadvertently provide unauthorized third parties access to millions of records.

There are three reasons why data breaches are relevant to the protections of deceased parties: 1) It is hypocritical for entities to tout their vigorous privacy protection guidelines, only to be hacked, 2) The attitude of vigorous privacy protection can also lead people to a gray or black market requesting the services of hackers 3) The remedies given to living parties when their privacy is breached by these companies should apply to deceased parties as well.

As stated previously, Yahoo vows that its customer’s privacy is valued so much, that they terminate a deceased account holder’s account.[68] However, Yahoo suffered a massive data breach in 2013.[69] Yahoo had originally reported that 1 billion accounts were affected, only to later say that the actual number of affected accounts was 3 billion, essentially every single Yahoo account that existed at the time.[70] When faced with requests from grieving family members, Yahoo acts like a privacy hawk, but then suffers a data breach of essentially its entire service. Unfortunately, it is not unheard of for websites and service providers, big and small, to suffer from some type of cyber-attack or data breach. However, it does raise many metaphorical eyebrows that a company as old and as savvy to privacy concerns as Yahoo would find itself in such a precarious situation to have its entire user database breached.

Also, before the massive breach, Yahoo was in the middle of another scandal after a college student was able to easily access Vice-Presidential candidate Sarah Palin’s e-mail account.[71] David Kernell was a college student who was able to make his way into Sarah Palin’s email account by guessing her security question and resetting her email account password.[72] Kernell they posted the new password on a public forum and Palin’s emails were published by WikiLeaks.[73] To put that in perspective, a college student was able to access a politician’s email by simply resetting her password. All he needed was her email address and basic information about her that was readily accessible on Wikipedia.[74]

In another example of recklessness, Facebook has recently suffered intense backlash for its handling of the Cambridge Analytica scandal. Unlike the immense data breach that affected Yahoo, Facebook suffered a more controversial breach. A researcher working for a third party research firm created an application to be used on Facebook. The application offered users personality quizzes for mountains of data in return.[75] This data included personal data including where the user lived, things they liked, and depending on the account’s privacy settings, who the account’s friends were.[76] What is even more concerning is that if the application had access to see the account’s “friends”, it potentially had access to the information of every one of the “friends” accounts.[77] Then, instead of bringing the parties to court or contacting law enforcement, Facebook simply removed the application and requested that the parties certify paperwork that stated that they had destroyed the information.[78] Now Facebook is facing intense backlash from the public as well as founder and CEO, Mark Zuckerberg, testifying for several hours before Congress.[79]

When grieving family members try to access their loved ones Facebook or Yahoo profile, they are met with resistance. However, nefarious characters can find ways to attack or manipulate these services. This inability to protect their consumers’ data greatly tarnishes these service providers’ statements that cite the principals of privacy and privacy laws. Granted, under the ECPA, public electronic communication services (ECS) and public remote computing services (RCS) are required to wait for court documents, such as court orders or subpoenas, to hand over particular records.[80] This unfortunate legal structure creates a legal process that makes it agonizingly difficult for proper parties to access relevant records of the deceased. However, the recklessness of the providers makes it almost comically easy for nefarious parties to access the same data to abuse it.

This extreme imbalance not only is causing problems for the service providers, as seen by the resulting backlash to Yahoo and Facebook, but it is also creating a grey or black market at the same time. If grieving families are facing not only the grief of their loss, but also several hurdles from the service providers for the records, then it cannot be surprising how they could seek out the help of hackers to access the records. This is already happening.

Recall the Italian father, who pleaded with Apple CEO Tim Cook to unlock his child’s iPhone. Apple refused. Even though the situation looked bleak for Mr. Fabbretti, he received some unexpected help. After Mr. Fabbretti’s story of attempting to access his son’s iPhone made its way through the press, Israeli mobile forensics firm, Cellebrite, reached out to provide their services to Mr. Fabbretti.[81] According to the interview that Mr. Fabbretti gave CNN, Cellebrite was very successful and could “see” the files, but could not yet access them.[82]

This is creating a dangerous market where grieving and vulnerable people are enticed to reach out to hackers or cyber forensic firms to access the records of their loved ones. However, if Cellebrite potentially has the FBI for clients, then chances are that average people will reach out to a hacker over their local cyber forensic firm.[83] It is also possible that a determined person may just guess or reset a password with a specific internet search, just like David Kernell.

The ever growing possibility of data breaches is making this position even more difficult for service providers. What makes this situation even more complicated is that parties can bring legal action against service providers for these data breaches. For example, a U.S. District Judge ruled that a case against Yahoo citing several complaints, including negligence and breach of contract stemming from the massive breach, could proceed.[84] If remedies are available for the violation of privacy to living parties, they should also extend to deceased parties. It would create a double standard for entities to be liable for the leaking of private data of living persons, but not for the deceased. The person who is deceased is more vulnerable in this situation than other parties because they may not have a representative or an estate who can afford to bring suit against a service provider. People have all types of reasons to hold on to personal details after death. Regardless of what their reasons might be, they should be entitled to having their privacy respected.

 

  1. Attempts to Address Digital Estate Complications

 

The Uniform Law Commission (ULC) and internet service providers have attempted to ease some concerns over digital assets of the deceased with their own sets of proposed laws. The ULC is a non-partisan advocacy group that aims to create legislation that “brings clarity and stability to critical areas of state statutory law.”[85] The ULC has proposed the Revised Uniform Fiduciary Access to Digital Assets Act (RUFADAA).[86] The proposed legislation simply stretches existing probate law to include digital assets and makes it clear that it does not attempt to alter existing law, including contract law.[87] Under a comment of section 3 of the RUFADAA, the ULC wrote “This act does not change the substantive rules of other laws, such as agency, banking, conservatorship, contract, copyright, criminal, fiduciary, privacy, probate, property, security, trust, or other applicable law except to vest fiduciaries with authority, according to the provisions of this act, to access or copy digital assets of a decedent, protected person, principal, settlor, or trustee.”[88] This proposed law only adds some clarity to people who may have the ability and forethought to write a will and are using an internet service provider that allows for the release of documents under their terms of service. As stated earlier, not all internet service providers allow for such access, like Yahoo. For better or for worse, the RUFADAA, or variations of it, have been passed or introduced in almost all of the states in the U.S.[89]

The advocates of the internet content providers have proposed the Privacy Expectation Afterlife and Choices Act (PEAC).[90] The law is similar to the RUFADAA, with just some language that is more beneficial to the companies. This includes no timely compliance requirement and a section that allows for a court to “quash an unduly burdensome request.”[91] Not only does it have similar language as the RUFADAA, but it gives more power to the internet service providers themselves. Not surprisingly, PEAC was passed in 2016 in California, home of Silicon Valley.[92]

Both proposals fail to address people who do not have wills, the other parties who may be included or mentioned in the digital assets, and the immense power that the terms of service still hold and any additional rights a parent may or may not have. Both of these proposals simply stretch current probate law to include digital assets. There is a substantial difference between a grandfather’s letters and his computer Facebook history that includes pictures, sent and received messages, likes, posts, and countless other data. Traditional probate law is not equipped to handle the nuances of the internet and its burgeoning technologies. Simply stretching current probate law does not adequately address the privacy issues that internet service providers and their users face. These proposals also fail to analyze other U.S. federal statutes including the Computer Fraud and Abuse Act (CFAA) and the Electronic Communications Privacy Act (ECPA). The CFAA has such broad language and is intended to combat hacking into accounts. It is possible that accessing a deceased person’s account, regardless of intention, may be a violation under the section 1030(a)(2) of the CFAA.[93] Also under section 2702 of the ECPA, consent is required for public-serving ECS and RCS entities to give any records that are either “communications” or “customer records”.[94] Therefore, any party that is involved with a communication, like a third party that received an email, has to consent for another party to view that email. Thus, it does not change the current framework where it is almost guaranteed that either the grieving family members or internet content service providers will violate one of the statutes.

 

  1. The CFAA applied to Digital Assets

 

The concern of violating the CFAA may appear as hyperbole, but it has already been used in indictments against people who may have simply breached a company’s terms of service agreements. There are two major cases where federal prosecutors brought forth charges under the CFAA for either making fake accounts or bypassing captchas. In U.S. v. Drew, Lori Drew created a Myspace account under the alias of a young boy, “Josh Evans”, to interact with a young girl, Ms. Megan Meier.[95] After sending flirtatious messages as the young boy, Ms. Drew sent messages to Ms. Meier as “Josh” telling her that he was moving away and then later that he no longer liked Ms. Meier and that “the world would be a better place without her in it.”[96] Ms. Meier then killed herself after receiving that message from “Josh” and Ms. Drew subsequently deleted the fake Myspace account after learning of Ms. Meier’s suicide.[97] Drew was then charged with 3 counts of violating the CFAA under sections 1030(a)(2)(C) and 1030(c)(2)(B)(ii).[98] Drew was found guilty of misdemeanor violations of the CFAA by a jury, but had that conviction dismissed after a federal judge ruled that the application of the CFAA in this scenario would criminalize a breach of a website’s terms of service.[99]

However, in U.S. v. Lowson, the federal government brought charges under the CFAA against a group of ticket resellers who had used a variety of schemes to circumvent Ticketmaster’s security measures.[100] The government and the defendants had various responses to the CFAA counts, with the defendants arguing that the circumvention techniques were a breach of the terms of service, not criminal violations of the CFAA.[101] The Electronic Frontier Foundation (EFF) came out in support of the defendants, arguing that this prosecution dangerously expands the scope of the CFAA and would also create criminal liability to breaching terms of service agreements.[102] Eventually, the defendants plead guilty to the CFAA charges.[103]

The Drew and Lowson cases emphasize the inconsistencies of how the courts apply CFAA violations as well as addressing how to punish a breach of the terms of service contracts of internet content providers. This makes the complicated situation even worse since family members of the deceased may be breaking the terms of service agreements of the company by accessing the deceased’s account. Another issue is that the current framework of the RUFADAA not only does not affect the original terms of service contract signed by the deceased user, but with the case law established by Lowson and Drew, the CFAA may be used to enforce the terms of service agreements. Therefore, companies like Yahoo and Facebook determine what they want to hand over to request parties. Regardless of the value that a Yahoo email account may have to a grieving family, Yahoo is protected with its own term of service agreement, the backing of the RUFADAA, and the enforcement under the CFAA. This only makes the process clearer, easier, and more beneficial to the companies, not the grieving family members.

This impractical framework starts with the ECPA and ends with the service providers. Due to the current vagueness and broadness of the ECPA and the CFAA, along with adhering to local laws, service providers have to be more than careful with their users’ data. Furthermore, internet service providers complicate the framework by having varying procedures for request of deceased records, response to requests, and how much, if any, records are handed over.

The framework has to be changed. Granted, due to international laws it is difficult to have a universal approach for these service providers with a global reach. Regardless, the current framework is damaging not only to the family members asking for records, but also the service providers themselves. In the United States, this can be changed by editing the ECPA and the CFAA while also passing legislation directly addressing the problem of digital records of the deceased. By editing the ECPA as well as the CFAA and introducing a complimenting piece of legislation, Congress can provide clear instructions to service providers and interested parties on how to properly allow for providing digital records of a deceased person.

 

  1. Possible Solutions

 

Congress needs to add language that clarifies and clearly limits the scope of both the ECPA and the CFAA. This will allow for a better understanding of the allowed procedures for family members and the internet service providers. After the clarification of the ECPA and the CFAA, there should be a dedicated bill that addresses all of the ambiguities between privacy rights of the deceased and the privacy rights of the living, roles of parents, what to do when a deceased person has left no will or paperwork stating their wishes, what can and cannot be accessed, among other things. With all the legal complexities that are involved there needs to be a law that does more than simply stretch probate law.

What is most important is that the wishes of the deceased are followed. However, if the deceased is under the age of 18, parents should have control over the deceased’s devices and accounts. Therefore, grieving families like the Rash family would hopefully get the answers they are looking for. This age limit would also follow the other established legal thresholds, like the voting age, between being a minor and an adult.

This proposed law should also limit the power of the terms of service agreement in regards to account access once a person is deceased. If a party can provide all the relevant verifiable information, and prove that access to the account does not go against the wishes of the deceased, then they should be given access. It could also potentially be more burdensome for a company like Yahoo to completely destroy an account over allowing a verified party accessing it.

There also needs to be written language, or possibly in the terms of service, that dictates what can or cannot be provided when a user passes away without a will or any evidence showing a preference. It may be easier for all parties involved if there is an “opt-in” or “opt-out” feature for account holders that are older than 18. The internet service provider can decide which option is the default option. Then the internet service providers have to make it clear to users what their default option is, what the other option means, and how to change it if necessary.

However, it is understandable that such a law would allow for the accidental exposure of the data of an unsuspecting party. A particular example would be the release of Facebook messages that would show the other party involved in the conversation, who may or may not want to be named. This particular example seems to have been a concern in the case of the young girl from Germany.[104] This is a valid concern as it could lead the service providers into costly litigation. This specific problem can be solved in three different ways.

The first option is specific redaction. Once a request for a deceased person’s records is accepted, an employee of the internet service provider creates PDF files of the documents and either redacts them through software or by hand. Granted this is a painstaking process, but hiring people for this job would probably be cheaper than lawsuits like the one Yahoo is currently facing.[105] The current estimate is $10,000 worth of damages per plaintiff, under the Kansas Consumer Protection Act.[106] If that number applies to each plaintiff that could be an astronomical number that could potentially bankrupt Yahoo. However, even if it is more likely that any award or settlement will be much lower, it would still be cheaper to avoid the situation entirely.

The second is reaching out to every single contact that is mentioned and asking for their consent to be included openly in the deceased records. This allows for a much more complete representation of the deceased’s records. However, trying to obtain the consent of each additional party included in the requested records creates two more problems: 1) What happens if the additional party says no or does not respond, and 2) is it even possible to protect every single additional party’s privacy based on the sheer magnitude? If a party declines to consent to sharing their data, or does not respond, their data has to be protected. Therefore, this data can either be redacted or removed from the set of records given to the requesting entity. Additionally, the vast reach of social media has allowed for its users to have hundreds if not thousands of friends, likes, and posts among other things. If a deceased party has an incredibly large file filled with thousands of messages and posts, these service providers should still be able to handle the task. Such a task would not only protect the company from very large litigation cases, but it would also be cheaper than hiring more attorneys for those large litigation cases and then possibly settling those cases.

The third option is to combine both and include a payment structure. Service providers could streamline their service and charge for the extra due diligence of not only handing over the records to requesting parties, but also covering the financial burden of paying employees to prepare the documents either with redaction or consent. Also, this could provide requesting parties with more options. Some requestors may want more complete records while others just want a more “bare-bones” production. The service providers can then provide different services and with different prices. A payment option for these records may seem like bad optics or even cruel, especially since there is an argument that these records are the property of the deceased user and should be given freely to the estate. That is understandable, but it is better than the current system where requesting parties spend substantial money on lawyers to argue for them in court against the internet service providers which may or may not work. With the payment structure, families not only have more of a say in the production of the records, but it also incentivizes companies to follow through with the program because it provides another way for the company to make money and to offset any labor costs.

Delisting is a much harder concept to address. This is due to the substantial difference between the differing societal values of the U.S. and E.U. The U.S. is very protective of its free speech protections and believes that the act of forced delisting by a search engine is chilling the speech of search engines.[107] This is further complicated by European courts requesting delisting actions, but not able to address it globally. For example, a user in New York City can access the Google search engine focused on the country of Chile and vice versa. This difference of values is emphasized not only in the differing national reactions to delisting by Google, but also the case of Nazi memorabilia being sold on a Yahoo auction.[108] Almost like the Google delisting case, Yahoo was ruled against in the EU. Then, the court in the U.S. ruled in favor of Yahoo, just like Google, under free speech protections.[109]

These cases exemplify the differing opinions in societal values between the EU and the U.S. This fundamental difference likely will not change and therefore these international court splits will continue. It appears that the only way for delisting requests to be global is for international courts to agree that the requesting party’s privacy rights are valued over the search engine’s freedom of speech. The only other option is that if the search engine voluntarily delists the subject from all of its variations.

 

  • Conclusion

 

The digital privacy rights of deceased people are intertwined with the digital privacy rights of the living. Deceased people do not have the ability to access their accounts or prove that they consented or not to their family members accessing their digital estate. The governing laws in the U.S. have been substantially vague and make major internet service providers hesitant to release any information, regardless of intention. This is because most, if not all, of the deceased party’s data is intertwined with the data of other parties. The mixture of vague privacy laws, regional differences, and different approaches to privacy, create a confusing and complex relationship between privacy rights of the deceased and the execution of their estate.

Internet service providers have a duty to their users to protect their data at all times. However, grieving family members may need access to the deceased’s digital assets as part of the deceased’s overall estate, to find unfortunate answers, or for closure. There should be a clear and established balance that allows for access to relevant records while also protecting the privacy of the deceased and other users. Currently, the framework appears to be a negative experience for everyone involved and is a gamble for the families as they usually have to hire lawyers and await the response of the internet content providers. Legislators and content service providers must come together to reach solutions that will help consumers allow for transfer of their data and to provide clear instructions for family members to access this data, while also protecting the privacy of other clients. The privacy of all clients, living or dead should be the main concern for all internet service providers. However, the balance between privacy and access to records must be fair and clear and can only be achieved with a joint effort between legislators and internet service providers.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

[1] William, Robert. “Finality Poem by Robert William Service.” Maya Angelou Biography, www.poetrysoup.com/famous/poem/finality_11860.

[2] Raphaelson, Elliot. “Don’t Forget Digital Assets in Estate Plan.” Chicagotribune.com, Chicago Tribune, 31 May 2017, www.chicagotribune.com/business/success/savingsgame/tca-don-t-forget-digital-assets-in-estate-plan-20170531-story.html.

[3] Ajemian v. Yahoo!, Inc., 84 N.E.3d 766, 769, 478 Mass. 169, 171–72 (Mass. 2017).

[4] Ajemian v. Yahoo!, Inc., 84 N.E.3d 766, 769, 478 Mass. 169, 172 (Mass. 2017).

[5] Id.

[6] Id.

[7] Id.

[8] Ajemian v. Yahoo!, Inc., 84 N.E.3d 766, 769, 478 Mass. 169, 172 (Mass. 2017).

[9] Boyle, Louise. “Grieving Parents Battle Facebook for Access to 15-Year-Old Son’s Profile after He Committed Suicide.” Daily Mail Online, Associated Newspapers, 19 Feb. 2013, www.dailymail.co.uk/news/article-2280800/Facebook-bans-parents-accessing-sons-profile-committed-suicide.html. (this article states that Ben Stassen died in 2011, but many more sources have the year as 2010)

[10]Epstein, Emily Anne. “Family Fights to Access Son’s Facebook Account after His Suicide to Finally Gain Closure over Tragic Death.” Daily Mail Online, Associated Newspapers, 1 June 2012, www.dailymail.co.uk/news/article-2153548/Family-fights-access-sons-Facebook-Gmail-accounts-suicide.html.

and Foxman, Simone. “When the next Ernest Hemingway Dies, Who Will Own His Facebook Account?” Quartz, Quartz, 13 Aug. 2013, qz.com/113576/when-the-next-ernest-hemingway-dies-who-will-own-his-facebook-account-2/.

[11] Foxman, Simone. “When the next Ernest Hemingway Dies, Who Will Own His Facebook Account?” Quartz, Quartz, 13 Aug. 2013, qz.com/113576/when-the-next-ernest-hemingway-dies-who-will-own-his-facebook-account-2/.

[12] Id.

[13] Id.

[14] Id.

[15] Boyle, Louise. “Grieving Parents Battle Facebook for Access to 15-Year-Old Son’s Profile after He Committed Suicide.” Daily Mail Online, Associated Newspapers, 19 Feb. 2013, www.dailymail.co.uk/news/article-2280800/Facebook-bans-parents-accessing-sons-profile-committed-suicide.html.

[16] Id.

[17] Id.

[18] Id.

[19] Id.

[20] “VCU News.” VCU Mourns Loss of Lance Cpl. Karl Linn, Virginia Commonwealth University, www.news.vcu.edu/article/VCU_Mourns_Loss_of_Lance_Cpl_Karl_Linn.

[21] Cha, Ariana Eunjung. “After Death, a Struggle for Their Digital Memories.” The Washington Post, WP Company, 3 Feb. 2005, www.washingtonpost.com/wp-dyn/articles/A58836-2005Feb2.html

[22] Id.

[23] Id.

[24] Id. and pg. 199 of george mason article

[25] Cha, Ariana Eunjung. “After Death, a Struggle for Their Digital Memories.” The Washington Post, WP Company, 3 Feb. 2005, www.washingtonpost.com/wp-dyn/articles/A58836-2005Feb2.html

[26] Lopez, Alberto B. “POSTHUMOUS PRIVACY, DECEDENT INTENT, AND POST-MORTEM ACCESS TO DIGITAL ASSETS.” George Mason Law Review, 2016, pp. 183–242.

[27] Id.

[28] “Submit a Request Regarding a Deceased User’s Account.” Google, Google, support.google.com/accounts/troubleshooter/6357590?hl=en.

[29] Boyle, Louise. “Grieving Parents Battle Facebook for Access to 15-Year-Old Son’s Profile after He Committed Suicide.” Daily Mail Online, Associated Newspapers, 19 Feb. 2013, www.dailymail.co.uk/news/article-2280800/Facebook-bans-parents-accessing-sons-profile-committed-suicide.html.

[30] Foxman, Simone. “When the next Ernest Hemingway Dies, Who Will Own His Facebook Account?” Quartz, Quartz, 13 Aug. 2013, qz.com/113576/when-the-next-ernest-hemingway-dies-who-will-own-his-facebook-account-2/.

[31]“Submit a Request Regarding a Deceased User’s Account.” Google, Google, support.google.com/accounts/troubleshooter/6357590?hl=en.

[32] Foxman, Simone. “When the next Ernest Hemingway Dies, Who Will Own His Facebook Account?” Quartz, Quartz, 13 Aug. 2013, qz.com/113576/when-the-next-ernest-hemingway-dies-who-will-own-his-facebook-account-2/.

[33] “Options Available If a Yahoo Account Owner Passes Away | Yahoo Help – SLN2021.” Yahoo!, Yahoo!, help.yahoo.com/kb/SLN2021.html.

[34] “Oath Terms of Service.” Oath Terms of Service | Oath Policies, policies.oath.com/us/en/oath/terms/otos/index.html

[35] Id.

[36] “Oath Terms of Service.” Oath Terms of Service | Oath Policies, policies.oath.com/us/en/oath/terms/otos/index.html

[37] The Italian architect told CNNMoney that he met with mobile forensics firm Cellebrite on Thursday. Cellebrite offered to help Fabbretti get into the locked iPhone 6 belonging to his son Dama. “Grieving Father Optimistic He Can Crack His Dead Son’s IPhone.”CNNMoney, Cable News Network, money.cnn.com/2016/04/08/technology/leonardo-fabbretti-iphone/index.html.

[38] “Children’s Online Privacy Protection Rule (‘COPPA’).” Federal Trade Commission, Federal Trade Commission, 5 Apr. 2018, www.ftc.gov/enforcement/rules/rulemaking-regulatory-reform-proceedings/childrens-online-privacy-protection-rule.

[39] Connolly, Kate. “Parents Lose Appeal over Access to Dead Girl’s Facebook Account.” The Guardian, Guardian News and Media, 31 May 2017, www.theguardian.com/technology/2017/may/31/parents-lose-appeal-access-dead-girl-facebook-account-berlin.

[40] Id.

[41] Electronic Privacy Information Center. “EPIC – Electronic Communications Privacy Act (ECPA).” Electronic Privacy Information Center, epic.org/privacy/ecpa/.

[42]18 USCA § 2510 (2018).

[43]18 USCA § 2711 (2018).

[44] Connolly, Kate. “Parents Lose Appeal over Access to Dead Girl’s Facebook Account.” The Guardian, Guardian News and Media, 31 May 2017, www.theguardian.com/technology/2017/may/31/parents-lose-appeal-access-dead-girl-facebook-account-berlin.

[45] Id.

[46] Id.

[47] Id.

[48] Id.

[49] Id.

[50] Zapotosky, Matt. “FBI Has Accessed San Bernardino Shooter’s Phone without Apple’s Help.”The Washington Post, WP Company, 28 Mar. 2016, www.washingtonpost.com/world/national-security/fbi-has-accessed-san-bernardino-shooters-phone-without-apples-help/2016/03/28/e593a0e2-f52b-11e5-9804-537defcc3cf6_story.html?utm_term=.8e05da551cae.

[51] Id.

[52] Id.

[53] Rome, Agence France-Presse in. “Father Asks Apple Head Tim Cook to Unblock Dead Son’s IPhone.” The Guardian, Guardian News and Media, 31 Mar. 2016, www.theguardian.com/technology/2016/mar/31/father-apple-tim-cook-unblock-dead-son-iphone-leonardo-fabbretti.

[54] http://money.cnn.com/2016/04/08/technology/leonardo-fabbretti-iphone/index.html

[55] “Right to Be Forgotten and Global Delisting: Some News from Spain.” Center for Internet and Society, 13 Apr. 1970, cyberlaw.stanford.edu/blog/2017/12/right-be-forgotten-and-global-delisting-some-news-spain

[56] “Right to Be Forgotten and Global Delisting: Some News from Spain.” Center for Internet and Society, 13 Apr. 1970, cyberlaw.stanford.edu/blog/2017/12/right-be-forgotten-and-global-delisting-some-news-spain

[57] Id.

[58] Id.

[59] Id.

[60] Id.

[61] Yahoo! Inc. v. La Ligue Contre Le Racisme Et L’Antisemitisme, 379 F.3d 1120, 1122-24 (C.A. Cal. 2004)

[62] “Right to Be Forgotten and Global Delisting: Some News from Spain.” Center for Internet and Society, 13 Apr. 1970, cyberlaw.stanford.edu/blog/2017/12/right-be-forgotten-and-global-delisting-some-news-spain

[63] Yahoo! Inc. v. La Ligue Contre Le Racisme Et L’Antisemitisme, 379 F.3d 1120, 1122-23 (C.A. Cal. 2004)

[64] Yahoo! Inc. v. La Ligue Contre Le Racisme Et L’Antisemitisme, 379 F.3d 1120, 1122-23 (C.A. Cal. 2004)

[65] Yahoo! Inc. v. La Ligue Contre Le Racisme Et L’Antisemitisme, 379 F.3d 1120, 1122-23 (C.A. Cal. 2004)

[66] “Home.” Mugshots.com, mugshots.com/.

[67] “FAQ.” Mugshots.com, mugshots.com/faq.html.

[68] “Oath Terms of Service.” Oath Terms of Service | Oath Policies, policies.oath.com/us/en/oath/terms/otos/index.html

[69] https://www.wired.com/story/yahoo-breach-three-billion-accounts/

[70] https://www.wired.com/story/yahoo-breach-three-billion-accounts/

[71] Zetter, Kim. “Palin E-Mail Hacker Says It Was Easy.” Wired, Conde Nast, 4 June 2017, www.wired.com/2008/09/palin-e-mail-ha/. Zetter, Kim. “Group Posts E-Mail Hacked From Palin Account — Update.” Wired, Conde Nast, 4 June 2017, www.wired.com/2008/09/group-posts-e-m/. Zetter, Kim. “Sarah Palin E-Mail Hacker Sentenced to 1 Year in Custody.” Wired, Conde Nast, 4 June 2017, www.wired.com/2010/11/palin-hacker-sentenced/.

[72] Id.

[73] Id.

[74] Id.

[75] Lapowsky, Issie. “Cambridge Analytica Took 50M Facebook Users’ Data-And Both Companies Owe Answers.” Wired, Conde Nast, 19 Mar. 2018, www.wired.com/story/cambridge-analytica-50m-facebook-users-data.

[76] Id.

[77] Id.

[78] Id.

[79] Balakrishnan, Anita. “Zuckerberg: There’s Been No Dramatic Drop-off in Users despite ‘Delete Facebook’ Memes.” CNBC, CNBC, 11 Apr. 2018, www.cnbc.com/2018/04/10/zuckerberg-in-joint-senate-committee-hearing-no-facebook-user-dropoff.html.

[80] “18 U.S. Code § 2702 – Voluntary Disclosure of Customer Communications or Records.” LII / Legal Information Institute, www.law.cornell.edu/uscode/text/18/2702.  “18 U.S. Code § 2703 – Required Disclosure of Customer Communications or Records.” LII / Legal Information Institute, www.law.cornell.edu/uscode/text/18/2703.

[81] The Italian architect told CNNMoney that he met with mobile forensics firm Cellebrite on Thursday. Cellebrite offered to help Fabbretti get into the locked iPhone 6 belonging to his son Dama. “Grieving Father Optimistic He Can Crack His Dead Son’s IPhone.”CNNMoney, Cable News Network, money.cnn.com/2016/04/08/technology/leonardo-fabbretti-iphone/index.html.   (see https://www.cellebrite.com/en/home/)

[82] Id.

[83] Id.

[84] Stempel, Jonathan. “Data Breach Victims Can Sue Yahoo in the United States: Judge.”Reuters, Thomson Reuters, 12 Mar. 2018, www.reuters.com/article/us-verizon-yahoo-breach/data-breach-victims-can-sue-yahoo-in-the-united-states-judge-idUSKCN1GO1TL.

[85] “About.” ULC, www.uniformlaws.org/Narrative.aspx?title=About+the+ULC.

[86]  2015, Copyright ©, et al. “REVISED UNIFORM FIDUCIARY ACCESS TO DIGITAL ASSETS ACT (2015).” REVISED UNIFORM FIDUCIARY ACCESS TO DIGITAL ASSETS ACT (2015).

http://www.uniformlaws.org/shared/docs/Fiduciary%20Access%20to%20Digital%20Assets/2015_RUFADAA_Final%20Act_2016mar8.pdf

[87]Id.

[88]Id.

[89]http://www.uniformlaws.org/Act.aspx?title=Fiduciary%20Access%20to%20Digital%20Assets%20Act,%20Revised%20(2015)

[90] “Privacy Expectation Afterlife and Choices Act (PEAC).” NetChoice, 13 Jan. 2015, netchoice.org/library/privacy-expectation-afterlife-choices-act-peac/.

[91]2015, Copyright ©, et al. “REVISED UNIFORM FIDUCIARY ACCESS TO DIGITAL ASSETS ACT (2015).” REVISED UNIFORM FIDUCIARY ACCESS TO DIGITAL ASSETS ACT (2015).

http://www.uniformlaws.org/shared/docs/Fiduciary%20Access%20to%20Digital%20Assets/Comparison%20of%20UFADAA%20PEAC%20and%20Revised%20UFADAA.pdf

[92] “Status.” Bill Text – ABX2-15 End of Life., leginfo.legislature.ca.gov/faces/billStatusClient.xhtml?bill_id=201520160AB691.

[93] “18 U.S. Code § 1030 – Fraud and Related Activity in Connection with Computers.” LII / Legal Information Institute, www.law.cornell.edu/uscode/text/18/1030.

[94] “18 U.S. Code § 2702 – Voluntary Disclosure of Customer Communications or Records.” LII / Legal Information Institute, www.law.cornell.edu/uscode/text/18/2702.

[95] U.S. v. Drew, 259 F.R.D. 449, 452 (C.D.Cal. Aug. 28th 2009).

[96] Id.

[97] Id.

[98] Id.

[99] Id. at 467

[100] U.S. v. Lowson, Criminal No. 10-114 –(KSH) 2010 WL 9552416, at *5 (D.N.J. Oct. 12, 2010)

[101] Id. at *8 (D.N.J.,2010)

[102] “US v. Lowson.” Electronic Frontier Foundation, 5 Oct. 2011, www.eff.org/cases/u-s-v-lowson.

[103] Zetter, Kim. “Wiseguys Plead Guilty in Ticketmaster Captcha Case.” Wired, Conde Nast, 4 June 2017, www.wired.com/2010/11/wiseguys-plead-guilty/.

[104] Connolly, Kate. “Parents Lose Appeal over Access to Dead Girl’s Facebook Account.” The Guardian, Guardian News and Media, 31 May 2017, www.theguardian.com/technology/2017/may/31/parents-lose-appeal-access-dead-girl-facebook-account-berlin.

[105] In re: YAHOO! INC. CUSTOMER DATA SECURITY BREACH LITIGATION. Barbara Stras, Individually and on Behalf of All Others Similarly Situated, 16-MD-027520LHK, 5:16-CV06990-LHK 2016 WL 9710969 (N.D.Cal. Dec. 19. 2016).

[106] In re: YAHOO! INC. CUSTOMER DATA SECURITY BREACH LITIGATION. Barbara Stras, Individually and on Behalf of All Others Similarly Situated, 16-MD-027520LHK, 5:16-CV06990-LHK 2016 WL 9710969 (N.D.Cal. Dec. 19. 2016).

[107]Yahoo! Inc. v. La Ligue Contre Le Racisme Et L’Antisemitisme, 379 F.3d 1120, 1121-23 (C.A. Cal. 2004)

[108] Yahoo! Inc. v. La Ligue Contre Le Racisme Et L’Antisemitisme, 379 F.3d 1120, 1122-23 (C.A. Cal. 2004)

[109] Id.

Leave a Reply

Your email address will not be published. Required fields are marked *