In an important ruling this summer, the Eighth Circuit Court ofAppeals decided that an online marketing firm was entitled todefense cost coverage under two different types of liabilitypolicies for the same spyware download incident.

On July 23, 2010, ruling in Eyeblaster Inc. v. Federal Ins.Co., the court found concurrent coverage under both a generalliability insurance policy and a separate Information and NetworkTechnology errors and omissions liability policy in circumstanceswhere the online marketer company installed software on aconsumer's computer system, allegedly corrupting the consumer'soperating system.

THE POLICIES

Eyeblaster Inc. creates, delivers and manages online interactiveadvertising, and from Dec. 5, 2006 to Dec. 5, 2007, it was insuredunder two concurrent policies issued by Federal InsuranceCompany:

(1) An occurrence-based CGL policy covering occurrences thatcause damage to tangible property.

(2) A claims-made E&O policy, which covered claims forfinancial loss. These claims could be caused by a wrongful act inconnection with a product's failure to perform its intendedfunction or to serve its intended purpose, resulting in damage tointangible property.

Under the E&O policy, intangible property included software,data and other electronic information.

Both policies were “duty to defend” forms.

UNDERLYING ALLEGATIONS

In the underlying tort action, David Sefton sued Eyeblaster forallegedly “enticing” him to “visit” an Internet website which,according to Mr. Sefton, Eyeblaster fraudulently led him to believewas connected with America Online.

According to Mr. Sefton's complaints, this “visit” resulted inspyware, tracking cookies, executable code, java script and otheralleged rogue programs being downloaded onto his computer. Theseprograms allegedly hijacked the computer and caused changes to hiscomputer's security settings, renamed his computer's system files,redirected his web browser and installed pop-up advertisements.

He further alleged that the introduction of spyware caused hiscomputer to freeze up, resulting in lost data for a tax return andforcing him to retain a computer technician.

He also claimed that Eyeblaster's software allowed commercialsurveillance that could result in cyber-stalking, identification ofconfidential web visitations and personally identifiableinformation, and invasion of privacy and solitude.

Based on the foregoing, Mr. Sefton sued Eyeblaster in Texas,alleging violations of the Computer Fraud and Abuse Act, 18 U.S.C.1030, the Texas Business and Commercial Code, deceptive tradepractices and prima facie tort under Texas law, trespass,conversion, fraud, nuisance, invasion of privacy, intrusion uponseclusion, and conspiracy.

Specifically, he alleged that Eyeblaster intentionally accesseda protected computer without authorization, that the deceptivetrade practice violations were committed knowingly, that Eyeblasterintended to deceive him, intended that he would rely on itsmisrepresentations, and that the unwanted installation of spywareonto the user's computer can certainly be said to be an intentionalact by the distributor of the spyware to use or intermeddle withthe consumer's computer and processing power.

COVERAGE DENIED

Eyeblaster tendered the claim to Federal under both the CGL andE&O policies, and Federal denied coverage under both.

o In denying CGL policy coverage, Federal tookthe position that there was no “property damage” caused by anaccident or occurrence, as required by the policy.

In other words, there was no “physical injury to tangibleproperty, including resulting loss of use of that property [andthere was no] loss of use of tangible property that is notphysically injured.”

The definition of “tangible property” excluded “any software,data or other information that is in electronic form.”

o In denying E&O policy coverage, Federalsaid there was no “wrongful act” within the meaning of thepolicy.

In other words, there was no “error, unintentional omission ornegligent act,” because, in Federal's view, Eyeblaster intended toplace its software on Mr. Sefton's computer.

In light of Federal's coverage declination, Eyeblaster suedFederal in the U.S. District Court for the District of Minnesota,seeking a declaration that Federal owed it both a duty to defendand a duty to indemnify.

The court, however, agreed with Federal finding that Eyeblasteracted intentionally in creating software intended to be downloaded(precluding E&O coverage). The court also held that there wasno damage to tangible property as required for CGL policy coveragebecause only the software–not the hardware–of Mr. Sefton's computerwas damaged.

Eyeblaster appealed the trial court's decision, and the EighthCircuit agreed with Eyeblaster, reversing the district court onboth scores.

LOSS OF USE?

With respect to the CGL policy, the Eighth Circuit court notedthat “property damage” was defined to include “loss of use oftangible property that is not physically injured.” The court foundthat Mr. Sefton's underlying complaints alleged that “his computerwas 'taken over and could not operate,' 'froze up,' and would 'stoprunning or operate so slowly that it will in essence becomeinoperable.'”

The court further quoted Mr. Sefton's complaints alleging thathe “experienced 'a hijacked browser–a browser program thatcommunicates with websites other than those directed by theoperator,' and 'slowed computer performance, sometimes resulting incrashes.'”

Mr. Sefton further asserted that “his computer ha[d] three yearsof client tax returns that he cannot transfer because he believesthe spyware files would also be transferred, and he therefore mustreconstruct those records on a new computer.”

According to the court, “[h]e thus argues that his computer isno longer usable, as he claims among his losses 'the cost of hisexisting computer.'”

The court observed that the term “tangible property” was notdefined in Eyeblaster's CGL policy except to exclude “software,data or other information that is in electronic form.”

Under the court's construct, “[t]he plain meaning of tangibleproperty includes computers, and the Sefton complaint allegesrepeatedly the 'loss of use' of his computer.” As such, the courtconcluded “that the allegations are within the scope of the generalliability policy,” citing previous rulings. (See related textbox,“Other Rulings.”)

At the same time, the court found that the underlyingallegations were not excluded by the CGL policy's impairedproperty/property not physically injured exclusion, because therewas no evidence that Mr. Sefton's computer system could be restoredto use by removing Eyeblaster's software. The court found itequally unclear from the record whether Eyeblaster's software couldbe removed from his computer.

Finally, the court summarily rejected assertions by Federal that“expected or intended” and “intellectual property laws or rights”exclusions of the CGL policy were applicable.

As such, it determined that Federal, at a minimum, owedEyeblaster a duty to defend against Mr. Sefton's underlyinglawsuit.

INTENTIONAL NON-NEGLIGENT ACTS

Moving to Eyeblaster's E&O policy, the court held thatFederal had a concurrent duty to defend under that form.

After first acknowledging Federal's concession that there was“financial injury,” the court evaluated whether Eyeblastercommitted a “wrongful act,” defined in the policy as: “an error, anunintentional omission, or a negligent act.”

The Eighth Circuit panel noted that in a prior decision in 2008in St. Paul Fire & Marine Ins. Co. v. Compaq ComputerCorp., the court “defined 'error' in a technology E&Opolicy to include intentional, non-negligent acts but to excludeintentionally wrongful conduct.”

Applying this principle to the facts before it, the court foundthat Mr. Sefton's complaints alleged that “Eyeblaster installedtracking cookies, Flash technology and JavaScript on his computer,all of which are intentional acts. However, Federal can point to noevidence that doing so is intentionally wrongful.”

“As Eyeblaster points out in an affidavit filed with thedistrict court, Federal's parent company utilizes JavaScript, Flashtechnology and cookies on its own website,” the court noted.

“Federal cannot label such conduct as intentionally wrongfulmerely because it is included in Mr. Sefton's complaint,” the courtsaid. Instead, “Federal has a duty to show that the use of suchtechnology is outside its policy's coverage.”

Federal, however, did not point to any evidence that theallegations concerning tracking cookies, Flash technology and other“intentional acts” were either negligent or wrongful. “UnderSt. Paul, therefore, the Sefton complaint does allege awrongful act,” covered by E&O policy language.

As such, the court concluded that Federal had a duty to defendthe Sefton litigation under Eyeblaster's E&O policy.

IMPLICATIONS

While there are contrary decisions as to the existence of“property damage” under a CGL policy in the context of third-partycyber claims, Eyeblaster demonstrates the importance of awell-crafted insurance policy, particularly in our evolvingtechnological age.

It is axiomatic that courts are protective of policyholders,many reaching to find coverage where none was intended to exist orwas never contemplated. Needless to say, it is incumbent oninsurers to continually review and refine their CGL, E&O andother policy wordings.

They need to work to ensure that they clearly and unambiguouslycover only those claims and losses for which coverage is intended,and preclude coverage for those matters for which it is not–whetherby way of a policy's insuring agreement, exclusions, conditions, orotherwise.

At a minimum, CGL underwriters should review and, asappropriate, refine their policies' definitions of “propertydamage” and exclusions.

In turn, E&O underwriters must carefully define “wrongfulact” as it relates to intended and unintended acts and results andpay close attention to their policies' exclusions to ensure thatthe coverage limitations are properly articulated.

At the same time, it has become increasingly important forunderwriters and claims professionals to closely monitor and stayon top of developing case law trends and state and federallegislation in order to:

o Understand the ways in which new technologies may implicatecoverage.

o Prudently craft their wordings and policies to providecoverage only for those risks for which premiums have beenpaid.

Richard J. Bortnick is a member of CozenO'Connor in the West Conshohocken, Pa., office. He is chair of theprofessional liability practice area within the global insurancegroup. He may be reached at [email protected].

Stephanie Gantman is an associate in the globalinsurance group of Cozen O'Connor in Philadelphia. She may bereached at [email protected].