William Gibson coined the phrase “cyberspace” in his popular science fiction novel “Neuromancer” “to describe the real and cultural dynamics of people and machines working within the confines of computer-based networks.” Alexander C. Gavis, The Offering and Distribution of Securities in Cyberspace: A Review of Regulatory and Industry Initiatives, 52 Bus. Law 317, 319 n.6 (1996) (quoting G. Burgess Allison, The Lawyer’s Guide to the Internet 331 (1995)). Because of the rise of e-commerce, cyberspace perils pose significant litigation exposure. There are a panoply of risks that may arise in the third-party tort liability insurance context.
E-commerce risks can be segregated into two categories: 1) media risks and 2) system risks.
A “media risk” arises primarily from the content of a website. Media risks include defamation or trade libel, which can be caused by materials being knowingly published by webpage owners or maliciously inserted onto a webpage by hackers, invasions of the right of privacy including theft of consumer data, misuse of private customer information, false-light publications, and the use of the name or image of another without permission.
In one case, a competitor sued a Florida corporation for invasion of privacy because it had placed negative information about the competitor on its website. See Lofton v. Turbine Design Inc., 100 F.Supp.2d 404 (N.D. Miss. 2000). The Court ruled in favor of the defendant, noting that the maintenance of a passive website does not confer personal jurisdiction.
Additionally, a company that had sought to improve its processing of internet payments by purchasing credit reports of its users faced a privacy action. See Kvalheim v. CheckFree Corp., 2000 WL 209058 (S.D. Ala. 2000).
Media risks involve potential infringements of trademark, copyright, trade dress, trade secrets or other intellectual property, and may involve violations of unfair trade practices or consumer protection statutes, anti-trust violations, and restraints of trade.
A “system risk” arises because e-commerce hardware or data of third-parties that can result from malicious code placement into a computer system by hackers or through computer viruses. A system risk also can include liability for losses to third-parties caused by their inability to access the computer system due to a hardware or software failure, or what is commonly called a denial-of-service attack or a distributed denial-of-service attack. This makes a computer research unavailable to its intended user.
Some commercial general liability (CGL) policies may provide advertising injury/personal injury coverage for intellectual property, defamation/disparagement, and other tort claims that may result from cyberspace activities. However, CGL policies do not generally provide coverage for every aspect of cyberspace risks.
Loss of electronically stored data is not covered under the property damage provisions of a CGL policy because electronic data is not covered tangible property. See, e.g., Peoples Telephone Co. Inc. v. Hartford Fire Ins. Co., 36 F.Supp.2d 1335 (S.D. Fla. 1997).
Because CGL policies are not principally designed to address internet risks, an insured business needs to consider supplementing the policy with express cyberspace coverage.
Cyberspace activity commonly gives rise to invasion of privacy claims. The inherently impersonal nature of e-commerce transactions has led many companies to take affirmative steps to gather information about their customers, oftentimes potentially invading an individual’s privacy interests. One corporation may sue a competitor for invasion of privacy because the competitor has placed negative information about the target corporation on its website. See Lofton v. Turbine Design Inc., 100 F.Supp.2d 404 (N.D. Miss. 2000).
E-commerce also has produced an increasing number of defamation and disparagement claims. This raises questions of whether a CGL policy will provide coverage for online defamation and disparagement, and whether the insured’s operation falls within the “broadcasters or publishers” exclusion. A cyberspace endorsement would eliminate this exclusion.
Various trademark lawsuits have been brought recently against persons or companies using domain names suggesting that the company is affiliated with or sponsors the website. To combat this, in 1995, the InterNIC (a registered service mark of the U.S. Department of Commerce that assists with registering domain names) adopted a policy requiring domain-name applicants to make warranties and representations about the applicant’s ability to use the name without infringing upon a third-party’s trademark or other intellectual property rights. Although this process assists companies in curtailing piracy by cyber squatters, it does not affect disputes over the protection available to a federally registered user who may wish to expand its trademark usage beyond a limited geographic area. The Anti-Cybersquatting Consumer Protection Act, 15 U.S.C.A. § 1125(d) establishes a cause of action for registering, trafficking in, or using a domain name confusingly similar to, or dilutive of, a trademark or personal name.
The traditional CGL policy forms contain a number of coverage gaps that increase the probability that no coverage will exist for a significant number of cyber-related claims.