Coverage For Spyware Granted Under Two Policies Concurrently, Court Says

In an important ruling this summer, the Eighth Circuit Court of Appeals decided that an online marketing firm was entitled to defense cost coverage under two different types of liability policies for the same spyware download incident.

On July 23, 2010, ruling in Eyeblaster Inc. v. Federal Ins. Co., the court found concurrent coverage under both a general liability insurance policy and a separate Information and Network Technology errors and omissions liability policy in circumstances where the online marketer company installed software on a consumer's computer system, allegedly corrupting the consumer's operating system.

THE POLICIES

Eyeblaster Inc. creates, delivers and manages online interactive advertising, and from Dec. 5, 2006 to Dec. 5, 2007, it was insured under two concurrent policies issued by Federal Insurance Company:

(1) An occurrence-based CGL policy covering occurrences that cause damage to tangible property.

(2) A claims-made E&O policy, which covered claims for financial loss. These claims could be caused by a wrongful act in connection with a product's failure to perform its intended function or to serve its intended purpose, resulting in damage to intangible property.

Under the E&O policy, intangible property included software, data and other electronic information.

Both policies were “duty to defend” forms.

UNDERLYING ALLEGATIONS

In the underlying tort action, David Sefton sued Eyeblaster for allegedly “enticing” him to “visit” an Internet website which, according to Mr. Sefton, Eyeblaster fraudulently led him to believe was connected with America Online.

According to Mr. Sefton's complaints, this “visit” resulted in spyware, tracking cookies, executable code, java script and other alleged rogue programs being downloaded onto his computer. These programs allegedly hijacked the computer and caused changes to his computer's security settings, renamed his computer's system files, redirected his web browser and installed pop-up advertisements.

He further alleged that the introduction of spyware caused his computer to freeze up, resulting in lost data for a tax return and forcing him to retain a computer technician.

He also claimed that Eyeblaster's software allowed commercial surveillance that could result in cyber-stalking, identification of confidential web visitations and personally identifiable information, and invasion of privacy and solitude.

Based on the foregoing, Mr. Sefton sued Eyeblaster in Texas, alleging violations of the Computer Fraud and Abuse Act, 18 U.S.C. 1030, the Texas Business and Commercial Code, deceptive trade practices and prima facie tort under Texas law, trespass, conversion, fraud, nuisance, invasion of privacy, intrusion upon seclusion, and conspiracy.

Specifically, he alleged that Eyeblaster intentionally accessed a protected computer without authorization, that the deceptive trade practice violations were committed knowingly, that Eyeblaster intended to deceive him, intended that he would rely on its misrepresentations, and that the unwanted installation of spyware onto the user's computer can certainly be said to be an intentional act by the distributor of the spyware to use or intermeddle with the consumer's computer and processing power.

COVERAGE DENIED

Eyeblaster tendered the claim to Federal under both the CGL and E&O policies, and Federal denied coverage under both.

o In denying CGL policy coverage, Federal took the position that there was no “property damage” caused by an accident or occurrence, as required by the policy.

In other words, there was no “physical injury to tangible property, including resulting loss of use of that property [and there was no] loss of use of tangible property that is not physically injured.”

The definition of “tangible property” excluded “any software, data or other information that is in electronic form.”

o In denying E&O policy coverage, Federal said there was no “wrongful act” within the meaning of the policy.

In other words, there was no “error, unintentional omission or negligent act,” because, in Federal's view, Eyeblaster intended to place its software on Mr. Sefton's computer.

In light of Federal's coverage declination, Eyeblaster sued Federal in the U.S. District Court for the District of Minnesota, seeking a declaration that Federal owed it both a duty to defend and a duty to indemnify.

The court, however, agreed with Federal finding that Eyeblaster acted intentionally in creating software intended to be downloaded (precluding E&O coverage). The court also held that there was no damage to tangible property as required for CGL policy coverage because only the software–not the hardware–of Mr. Sefton's computer was damaged.

Eyeblaster appealed the trial court's decision, and the Eighth Circuit agreed with Eyeblaster, reversing the district court on both scores.

LOSS OF USE?

With respect to the CGL policy, the Eighth Circuit court noted that “property damage” was defined to include “loss of use of tangible property that is not physically injured.” The court found that Mr. Sefton's underlying complaints alleged that “his computer was 'taken over and could not operate,' 'froze up,' and would 'stop running or operate so slowly that it will in essence become inoperable.'”

The court further quoted Mr. Sefton's complaints alleging that he “experienced 'a hijacked browser–a browser program that communicates with websites other than those directed by the operator,' and 'slowed computer performance, sometimes resulting in crashes.'”

Mr. Sefton further asserted that “his computer ha[d] three years of client tax returns that he cannot transfer because he believes the spyware files would also be transferred, and he therefore must reconstruct those records on a new computer.”

According to the court, “[h]e thus argues that his computer is no longer usable, as he claims among his losses 'the cost of his existing computer.'”

The court observed that the term “tangible property” was not defined in Eyeblaster's CGL policy except to exclude “software, data or other information that is in electronic form.”

Under the court's construct, “[t]he plain meaning of tangible property includes computers, and the Sefton complaint alleges repeatedly the 'loss of use' of his computer.” As such, the court concluded “that the allegations are within the scope of the general liability policy,” citing previous rulings. (See related textbox, “Other Rulings.”)

At the same time, the court found that the underlying allegations were not excluded by the CGL policy's impaired property/property not physically injured exclusion, because there was no evidence that Mr. Sefton's computer system could be restored to use by removing Eyeblaster's software. The court found it equally unclear from the record whether Eyeblaster's software could be removed from his computer.

Finally, the court summarily rejected assertions by Federal that “expected or intended” and “intellectual property laws or rights” exclusions of the CGL policy were applicable.

As such, it determined that Federal, at a minimum, owed Eyeblaster a duty to defend against Mr. Sefton's underlying lawsuit.

INTENTIONAL NON-NEGLIGENT ACTS

Moving to Eyeblaster's E&O policy, the court held that Federal had a concurrent duty to defend under that form.

After first acknowledging Federal's concession that there was “financial injury,” the court evaluated whether Eyeblaster committed a “wrongful act,” defined in the policy as: “an error, an unintentional omission, or a negligent act.”

The Eighth Circuit panel noted that in a prior decision in 2008 in St. Paul Fire & Marine Ins. Co. v. Compaq Computer Corp., the court “defined 'error' in a technology E&O policy to include intentional, non-negligent acts but to exclude intentionally wrongful conduct.”

Applying this principle to the facts before it, the court found that Mr. Sefton's complaints alleged that “Eyeblaster installed tracking cookies, Flash technology and JavaScript on his computer, all of which are intentional acts. However, Federal can point to no evidence that doing so is intentionally wrongful.”

“As Eyeblaster points out in an affidavit filed with the district court, Federal's parent company utilizes JavaScript, Flash technology and cookies on its own website,” the court noted.

“Federal cannot label such conduct as intentionally wrongful merely because it is included in Mr. Sefton's complaint,” the court said. Instead, “Federal has a duty to show that the use of such technology is outside its policy's coverage.”

Federal, however, did not point to any evidence that the allegations concerning tracking cookies, Flash technology and other “intentional acts” were either negligent or wrongful. “Under St. Paul, therefore, the Sefton complaint does allege a wrongful act,” covered by E&O policy language.

As such, the court concluded that Federal had a duty to defend the Sefton litigation under Eyeblaster's E&O policy.

IMPLICATIONS

While there are contrary decisions as to the existence of “property damage” under a CGL policy in the context of third-party cyber claims, Eyeblaster demonstrates the importance of a well-crafted insurance policy, particularly in our evolving technological age.

It is axiomatic that courts are protective of policyholders, many reaching to find coverage where none was intended to exist or was never contemplated. Needless to say, it is incumbent on insurers to continually review and refine their CGL, E&O and other policy wordings.

They need to work to ensure that they clearly and unambiguously cover only those claims and losses for which coverage is intended, and preclude coverage for those matters for which it is not–whether by way of a policy's insuring agreement, exclusions, conditions, or otherwise.

At a minimum, CGL underwriters should review and, as appropriate, refine their policies' definitions of “property damage” and exclusions.

In turn, E&O underwriters must carefully define “wrongful act” as it relates to intended and unintended acts and results and pay close attention to their policies' exclusions to ensure that the coverage limitations are properly articulated.

At the same time, it has become increasingly important for underwriters and claims professionals to closely monitor and stay on top of developing case law trends and state and federal legislation in order to:

o Understand the ways in which new technologies may implicate coverage.

o Prudently craft their wordings and policies to provide coverage only for those risks for which premiums have been paid.

Richard J. Bortnick is a member of Cozen O'Connor in the West Conshohocken, Pa., office. He is chair of the professional liability practice area within the global insurance group. He may be reached at rbortnick@cozen.com.

Stephanie Gantman is an associate in the global insurance group of Cozen O'Connor in Philadelphia. She may be reached at sgantman@cozen.com.