On July 23, 2010, the Court of Appeals for the Eighth Circuit issued an important decision in Eyeblaster, Inc. v. Federal Ins. Co., 2010 U.S. App. LEXIS 15152, No. Civ. A. 08-3640 (8th Cir. July 23, 2010), finding concurrent coverage under both a General Liability ("CGL") insurance policy and a separate Information and Network Technology Errors and Omissions Liability ("E&O") policy in circumstances where an online marketing company installed software on a consumer's computer system, allegedly corrupting the computer's software operating system.
Eyeblaster, Inc. ("Eyeblaster") creates, delivers, and manages online interactive advertising. For the period of December 5, 2006, to December 5, 2007, it was insured under two concurrent policies issued by Federal Insurance Company ("Federal"): (1) an occurrence-based CGL policy covering occurrences which cause damage to tangible property, and (2) a claims-made E&O policy which covered claims for financial loss caused by a wrongful act in connection with a product's failure to perform its intended function or serve its intended purpose, resulting in damage to intangible property. As to the latter policy, intangible property included software, data, and other electronic information. Both policies were "duty to defend" forms.
In the underlying tort action, David Sefton ("Sefton") sued Eyeblaster for allegedly "enticing" him to "visit" an Internet website which, according to Sefton, Eyeblaster fraudulently led him to believe was connected with America Online. According to Sefton's complaints, this "visit" resulted in the download onto his computer of spyware, tracking cookies, executable code, java script, and other alleged rogue programs. These programs allegedly hijacked Sefton's computer and caused changes to his computer's security settings, renamed his computer's system files, redirected his web browser, and installed pop-up advertisements. He further alleged that the introduction of spyware caused his computer to freeze up, resulting in lost data for a tax return and forcing him to retain a computer technician. Sefton also claimed that Eyeblaster's software allowed commercial surveillance that could result in cyber-stalking, identification of confidential web visitations and personally identifiable information, and invasion of privacy and solitude.
Based on the foregoing, Sefton sued Eyeblaster in Texas, alleging violations of the Computer Fraud and Abuse Act, 18 U.S.C. § 1030, the Texas Business and Commercial Code, deceptive trade practices and prima facie tort under Texas law, trespass, conversion, fraud, nuisance, invasion of privacy, intrusion upon seclusion, and conspiracy. Specifically, Sefton alleged that Eyeblaster intentionally accessed a protected computer without authorization, that the deceptive trade practice violations were committed knowingly, that Eyeblaster intended to deceive Sefton, intended that he would rely on its misrepresentations, and that the unwanted installation of spyware onto the user's computer can certainly be said to be an intentional act by the distributor of the spyware to use or intermeddle with the consumer's computer and processing power.
Eyeblaster tendered the claim to Federal under both the CGL and E&O policies. Federal denied coverage under both policies based on the positions that there was: (1) no "property damage" caused by an accident or occurrence, as required by the CGL policy, i.e., no "physical injury to tangible property, including resulting loss of use of that property ... ; or loss of use of tangible property that is not physically injured" (the definition of "tangible property" excluded "any software, data or other information that is in electronic form"), and (2) no "wrongful act" within the meaning of the E&O policy, i.e., no "error, unintentional omission or negligent act," as, in Federal's view, Eyeblaster intended to place its software on Sefton's computer.
In light of Federal's coverage declination, Eyeblaster sued Federal in the U.S. District Court for the District of Minnesota, seeking a declaration that Federal owed it both a duty to defend and a duty to indemnify.
Following discovery, the parties filed cross-motions for summary judgment. The court granted Federal's motion and denied Eyeblaster's, finding: (1) no coverage under the CGL policy because there was no damage to tangible property, insofar as Sefton's complaints alleged only damage to his computer's software, not its hardware, and (2) no coverage under the E&O policy because Eyeblaster acted intentionally in creating software which it intended to be downloaded to Sefton's computer. According to the court, the fact that Eyeblaster may not have intended the resulting injury to Sefton's software was not dispositive. Hence, it determined that Federal had no duty to defend or indemnify.
Eyeblaster appealed the trial court's decision, arguing that the court was wrong as to coverage under both the CGL and the E&O policies. The Eighth Circuit agreed with Eyeblaster, reversing the district court on both scores.
With respect to the CGL policy, the court noted that "property damage" was defined to include "loss of use of tangible property that is not physically injured." The Eighth Circuit found that Sefton's underlying complaints alleged that "his computer was 'taken over and could not operate,' 'froze up,' and would 'stop running or operate so slowly that it will in essence become inoperable.'" The court further quoted Sefton's complaints alleging that he "experienced 'a hijacked browser—a browser program that communicates with websites other than those directed by the operator,' and 'slowed computer performance, sometimes resulting in crashes.'" Sefton further asserted that "his computer ha[d] three years of client tax returns that he cannot transfer because he believes the spyware files would also be transferred, and he therefore must reconstruct those records on a new computer." According to the court, "[h]e thus argues that his computer is no longer usable, as he claims among his losses 'the cost of his existing computer.'"
The court observed that the term "tangible property" was not defined in Eyeblaster's CGL policy except to exclude "software, data or other information that is in electronic form." Under the court's construct, "[t]he plain meaning of tangible property includes computers, and the Sefton complaint alleges repeatedly the 'loss of use' of his computer." As such, the court concluded "that the allegations are within the scope of the General Liability policy," citing America Online, Inc. v. St. Paul Mercury Ins. Co., 207 F. Supp. 2d 459, 470 (E.D. Va. 2002) (district court found loss of use of tangible property when complaint alleged that AOL caused loss of use of computers and computer functionality, but concluded no coverage existed because allegations were otherwise excluded), aff'd, 347 F.3d 89 (4th Cir. 2003), and State Auto Prop. & Cas. Ins. Co. v. Midwest Computers & More, 147 F. Supp. 2d 1113, 1116 (W.D. Okla. 2001) (in a case with "property damage" language identical to that of the Eyeblaster policy, the court held that "[b]ecause a computer clearly is tangible property, an alleged loss of use of computers constitutes 'property damage' within the meaning of plaintiff's policy"); but see, America Online, Inc. v. St. Paul Mercury Ins. Co., 347 F.3d 89 (4th Cir. 2003) (court rejected policyholder's argument that insofar as its software package "altered the customers' existing software, disrupted their network connections, caused them loss of stored data, and caused their operating systems to crash," there was property damage under a CGL policy covering liability for "physical damage to tangible property;" the court identified the configuration instructions, data, and information as intangible and abstract).
At the same time, the court found that the underlying allegations were not excluded by the CGL policy's impaired property/property not physically injured exclusion, because there was no evidence that Sefton's computer system could be restored to use by removing Eyeblaster's software. The court found it equally unclear from the record as to whether Eyeblaster's software could be removed from his computer. Finally, the court summarily rejected Federal's assertions that the Eyeblaster CGL policy's "expected or intended" and "intellectual property laws or rights" exclusions applied. As such, it determined that Federal, at a minimum, owed Eyeblaster a duty to defend with respect to Sefton's underlying lawsuit.
Moving on to Eyeblaster's E&O policy, the court held that Federal had a concurrent duty to defend under that form. After first acknowledging Federal's concession that there was "financial injury," the court evaluated whether Eyeblaster committed a "wrongful act," defined in the policy as: "an error, an unintentional omission, or a negligent act." The Eighth Circuit panel noted that in the court's prior decision in St. Paul Fire & Marine Ins. Co. v. Compaq Computer Corp., 539 F.3d 809, 815 (8th Cir. 2008), it "defined 'error' in a technology errors and omissions policy to include intentional, non-negligent acts but to exclude intentionally wrongful conduct." Applying this principle to the facts before it, the court found that Sefton's complaints alleged that "Eyeblaster installed tracking cookies, Flash technology, and JavaScript on his computer, all of which are intentional acts. However, Federal can point to no evidence that doing so is intentionally wrongful. As Eyeblaster points out in an affidavit filed with the district court, Federal's parent company utilizes JavaScript, Flash technology, and cookies on its own website. Federal cannot label such conduct as intentionally wrongful merely because it is included in the Sefton complaint; Federal has a duty to show that the use of such technology is outside its policy's coverage. Federal points to no evidence that the allegations concerning tracking cookies, etc. spoke of intentional acts that were either negligent or wrongful. Under St. Paul, therefore, the Sefton complaint does allege a wrongful act." As such, the court concluded that Federal similarly had a duty to defend the Sefton litigation under Eyeblaster's E&O policy.
While there are contrary decisions as to the existence of "property damage" under a CGL policy in the context of thirdparty cyber claims, Eyeblaster demonstrates the importance of a well-crafted insurance policy, particularly in our evolving technological age. It is axiomatic that courts are protective of policyholders, many reaching to find coverage where none was intended to exist or was never contemplated. Needless to say, it is incumbent on insurers to continually review and refine their CGL, E&O, and other policy wordings to ensure that they clearly and unambiguously cover only those claims and losses for which coverage is intended and preclude coverage for those matters for which it is not, whether by way of a policy's insuring agreement, exclusions, conditions, or otherwise. At a minimum, CGL underwriters should review and, as appropriate, refine their policies' definitions of "property damage" and exclusions. In turn, E&O underwriters must carefully define "wrongful act" as it relates to intended and unintended acts and results and pay close attention to their policies' exclusions to ensure that the coverage limitations are properly articulated. At the same time, it has become increasingly important for underwriters and claims professionals to closely monitor and stay on top of developing case law trends and state and federal legislation in order to: (1) understand the ways in which new technologies may implicate coverage, and (2) prudently craft their wordings and policies to provide coverage only for those risks for which premiums have been paid. We at Cozen O'Connor are available and stand ready to assist underwriters and claims professionals in these efforts.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.