Minnesota Court Rejects Coverage For Spyware Claims
A recent opinion of the federal district court in Minneapolis has for the first time construed the extent of liability insurance coverage for “spyware” claims. At issue in Eyeblaster, Inc. v. Federal Ins. Co., No. 07-4379 (D. Minn. October 7, 2008), was the availability of general liability or professional liability insurance coverage for a lawsuit brought in federal court in Houston wherein the plaintiffs claimed that Eyeblaster, a worldwide business involved in the creation, delivery and management of online internet advertising, had fraudulently enticed him to visit its website so that Eyeblaster could surreptitiously download its spyware onto its computer allowing it to install tracking cookies, executable code, java script and jifs that changed his security settings, installed pop-up advertising, renamed files and redirected his computer and web browsing. The plaintiff contended that this spyware had also caused his computer to freeze up, causing him to lose data on a tax return on which he was working and that required him to hire a computer technician to repair the damage.
Eyeblaster tendered the defense of the Texas lawsuit to Chubb, which had provided both GL and E&O coverage to it. Chubb denied any duty to defend and this coverage litigation ensued.
As a preliminary matter, Judge Montgomery declared that the plaintiff’s allegation that his computer froze up failed to allege any physical injury to tangible property, citing the Fourth Circuit’s opinion in America Online, Inc. v. St. Paul Mercury Ins. Co., 347 F.3d 89 (4th Cir. 2003). As with the America Online case, Judge Montgomery observed that the policy language clearly stated that “tangible property” does not include software. Although implying that damage to a computer hard drive would have been covered, the court declared that injury to software or lost data was not itself covered under the GL policy.
As to the E&O policy, the court ruled that the alleged intentional acts of Eyeblaster in placing spyware on the plaintiff’s computer failed to seek recovery for a covered “wrongful act.” Despite “fleeting references” to misrepresentation, trespass and invasion of privacy, the court ruled that the substance of the allegations were intentional conduct that failed to allege an “error, unintentional omission or negligent act” within the scope of coverage. The court noted that, “Had Eyeblaster intended to give its customers one type of software but instead mistakenly provided them with a different version that caused a problem, this error would be covered under the language of the E&O policy.”
In this case, however, where the insured specifically intended that the software would install itself on the plaintiff’s computer, the court ruled that the E&O policy did not apply whether or not the insured had also intended such acts to cause injury to the plaintiff.
Eyeblaster had argued to the district court that any such interpretation of its policy would render the coverage illusory because the very nature of its business required it to place cookies, flash technology and java script on user’s computers. Judge Montgomery rejected this argument, holding that the E&O policy would still require coverage in certain cases of this sort such as where the insured had installed incorrect software. The court observed that, “The E&O policy covers a bundle of risks and while this act by Eyeblaster may possibly be uninsurable, the policy is not illusory because there is no coverage.”
