Time to Check Whether Your Insurance Policies Cover Lawsuits Alleging Misuse of Advertising Software and Cookies

In the past six months approximately 6 class action lawsuits have been filed in Los Angeles federal district court against various companies for, among other things, violations of the Computer Fraud and Abuse Act (“CFAA”), Title 18 U.S. C. § 1030, based on advertising technology that tracks a computer’s web surfing practices. Unlike traditional cookies, the type of technology alleged in these complaints supposedly cannot be deleted from a computer. The corporate defendants in these cases, including CNN, Fox News, News Corp. and the Wall Street Journal, are certain to be checking whether their insurance policies cover the attorney’s costs to defend these lawsuits.

Having defended a number of similar cases myself, the cost of a legal defense can be costly. A recent case decided by the 8th Circuit Court of Appeals, Eyeblaster, Inc. v. Federal Insurance Co., 613 F.3d 797 (2010), addressed whether two insurance policies covered defense costs for a lawsuit based on on-line advertising practices and held that an insurer improperly refused to provide defense cost coverage. This is an important case for companies that advertise on the Internet.

The insured Eyeblaster, as described by court, “is a worldwide online marketing campaign management company that advertisers, advertising agencies, and publishers use to run campaigns across the Internet and other digital channels.” Id. at 799. Eyeblaster creates interactive ads and tracks the performance and effectiveness of these ads through cookies placed on consumer computers. It does not, however, “use spyware or introduce malicious contact such as spam, viruses, or malware.” Id.

A consumer sued Eyeblaster alleging, among other things, violations of the CFAA claiming that “his computer was infected with a spyware program from Eyeblaster . . . [that] caused his computer to immediately freeze up,” and that “he lost all data on a tax return on which he was working and that he incurred many thousands of dollars of loss.” Id. at 800. Once “his computer became operational again,” after supposedly being fixed by a computer technician, he still experienced “numerous pop-up ads; a hijacked browser that communicates with websites other than those directed by the operator; random error messages; slowed computer performance that sometimes results in crashes and ads oriented toward his past web viewing habits.” Id.

Eyeblaster requested its insurer, Federal Insurance Co., to provide it with a defense of the lawsuit, as set forth under its General Liability and Network Technology Errors or Omissions policies. Federal denied coverage claiming that the lawsuit in question did not obligate the insured under either policy to provide a legal defense. Eyeblaster sued, but the district court agreed with Federal.

On appeal Eyeblaster challenged two principal findings of the district court – 1) that the lawsuit did not involve damage to physical property as required by the General Liability policy, and 2) that the lawsuit “had not alleged that Eyeblaster committed a wrongful act (as defined by the [Information and Network Technology Errors or Omissions] policy in connection with a product failure or in performing or failing to perform its services.” Id.

The Circuit court reversed the district court and held that the policies obligated Federal to defend the lawsuit. The court rejected the district court’s finding on the General Liability policy that “the complaint does not allege damage to tangible property because it only claims damage to software, which is by definition excluded.” While the policy does not define tangible property, the court relied on its plain meaning to include the computer that the Plaintiff alleged “repeatedly” in the complaint that he lost the ability to use. Id. at 801-02.

The court also found that Federal did not meet its burden in showing that the exclusion, entitled, “Damage to Impaired Property or Property Not Physically Injured” applied. The court held that the computer at issue in the lawsuit “cannot be considered ‘impaired property’ because no evidence exists that the computer can be restored to use by removing Eyeblaster’s product or work from it.” Id. at 802. Thus, the court found that “[i]t is not clear that an Eyeblaster product or Eyeblaster’s work ever existed on . . . [the] computer, and thus it is equally unclear that such product or work could be removed from the computer.” Id.

As to the Information and Network Technology Errors or Omissions policy which “specifically covers intangible property, such as software, data, and other electronic information,” the court found that “Federal cannot [meet its burden to prove it has no duty to defend] and demonstrate that each claim in the . . . complaint falls outside the coverage of the policy.” Id. at 804. The court emphasized that while the complaint “alleges that Eyeblaster installed tracking cookies, Flash technology and JavaScript on . . . [the] computer, all of which are intentional acts” that Federal “can point to no evidence that doing so is intentionally wrongful.” Id. The court relied on an Eyeblaster Affidavit that “Federal’s parent company utilizes JavaScript, Flash technology, and cookies on its own website” and Federal’s failure to produce any “evidence that the allegation concerning tracking cookies, etc. spoke of intentional acts that were either negligent or wrongful.” Id.

Given the recent filings of CFAA civil suits based on advertising tracking software, any business that uses technology in its advertising campaign or as a means to track its customers should carefully check its insurance policies to be certain that it is covered for defense costs if it finds itself swept up in this recent rash of lawsuits directed at on-line advertising practices.