The following is an older-ish AIG cyber-world contract of insurance, that is, a cyber-space insurance policy. Remember, given the speed of the commercial growth of the cyberworld, something can be old when it is a mere 15 years old. This policy may have been written as early as 2000, at any rate, it was made available in draft form around then. It is not as the reader will quickly see, a general liability policy, although it is that kind of policy. The reader should keep in mind that as of 2013, AIG is the second largest insurance companies, or group of companies, according to Fortune’s 500 (May 2013). Of course, this is the all the more impressive, since the troubled AIG accumulated enormous debt to the U.S. government and then paid its way out of.
The AIG netAdvantage Suite [Group] exists today and its focus is the e-commerce (aka E-commerce), now as then. The policy to be discussed here bares the identification number 77578 (01).
The discussion here will be, by no means, complete. It is devoted to the Insuring Agreements and some of the exclusions.
AMERICAN INTERNATIONAL SPECIALTY LINES INSURANCE
INTERNET MEDIA LIABILITY INSURANCE
I. INSURING AGREEMENT
We shall pay on your behalf those amounts, in excess of the applicable Retention,* you are legally obligated to pay, including content-based liability and liability assumed under contract as damages, resulting from any claim(s) made against you for your wrongful act(s) in connection with Internet media in the conduct of your business. Such wrongful act(s) must occur during the policy period.
[MSQ Explanation:] What is a policyholders retention? How does it differ from an deductible? A retention is often called an insured’s self-insured retention.” A deductible is an amount deducted from the insured’s total loss. It is figured after the loss is calculated; it may or may not be applied to individual losses.
II. DEFENSE COSTS, CHARGES AND EXPENSES
[MSQ Summary:]The insurer has the right and duty to defend, the right but no the duty to investigate, a conditional right to settle with a contractual incentive for the insured to agree to settle.
[MSQ Observations:]It is characteristic of insuring agreements to include definitions. How could it be otherwise? Nevertheless sometimes more definitions than usual are used all together; sometimes they are more complicated than others; and sometimes they are more technical. In any case, they can be more difficult to understand. This one is like that.
In general, definitions lay out the area of coverage, the scope of coverage, and the perils that are insured. This policy the area of coverage “Internet media,” as defined; the “scope” of coverage,is “content-based liability” as defined; and the peril insured is a “wrongful act” of the insured (wrongful acts of the insured), as defined in the contract of insurance.
The fundamental way to understand this policy is to see that conduct that causes the injury directly upon liability is created, is someone (or some entity) other insured. The insured’s liability is generated by its wrongful conduct in connection with the third party that more directly caused the injury insured against.
III. DEFINITIONS [or, rather, some of them]
G. Content-based liability means your liability arising from a third party acting upon your Internet media or Internet media services, provided the third party has no common ownership interest or other affiliation with you.
B. Assumed under contract means liability assumed by you in the form of hold harmless or indemnity agreements executed with any party, but only as respects material provided or disseminated by you.
I. First inception date means the inception date of the the fits AIGnetAdvantage policy issued by us or any other member company of [AIG] to the named insured until the issuance of this policy.
K. Internet media means advertising, webcasting, electronic publishing, transmission, republication, re-transmission utterance, dissemination, distribution, serialization, creation, production, origination, exhibition or displaying of material on your Internet sits.
U. Public Key Infrastructure (PKI) means the policies, methods, equipment and procedures, including associated software, hardware and firmware, for establishing and managing a secure method for exchanging electronic information involving the use of certification authorities, digital certificates, digital signatures, public and/or private keys or any other similar type of technology however labeled.
X. Wrongful act(s) means any actual or alleged breach of duty, neglect, act, error, misstatement, misleading statement, omission that results in:
(1) any form of defamation or other tort related to disparagement or harm to character, including libel, slander, product disparagement, trade libel, infliction of emotional distress, outrage or outrageous conduct;
(2) an infringement of copyright, domain name, title, slogan, trademark, trade name, trade dress, mark or service name, or any improper deep-linking or framing; plagiarism, piracy or misappropriation of ideas under implied contract or other misappropriation of property rights, ideas or information; or
(3) any form of invasion, infringement or interference with rights of privacy or publicity, including false light, public disclosure of private facts, intrusion and commercial appropriation of name, persona or likeness, when the insured discloses, communicates, publishes or otherwise transmits, whether in writing, orally, or electronically, information about the claimant to any party that is not an insured or an affiliate or agent of an insured.
[MSQ: Note that the definition of “[w]rongful act” includes omissions and–oddly enough–is restricted to specified consequences, falling into three categories.]
[MSQ: Comments: Let’s start with the insuring agreement and some of the definitions. Who is an insured likely to be? It is likely to be an entity that owns or controls Internet media and permits others to use them in various ways. This might include something which permits an entity to get on to the Internet, or it might be something or someone that might use “your Internet sites.“ In other words, sites on the Internet which are the insureds. The “are” here probably means “belongs to” or “with respect to which the Insured has significant and relevant rights.” So this tells us “where” the covered conduct would take place.
The configuration of the parties conceptualized in this policy is different from one of the paradigms of normal liability policies. Usually, there is (i) an insured, (ii) someone who claims that the insured injured him, and (iii) an insurer for the insured, that may be obligated to pay for the damages the insured has caused the third party, if there is coverage. Elementary auto liability cases work like this, as do many–indeed, most liability–policies. These insurance policies may have several tortfeasors all acting together or acting in a chain. Thus, there are two ways that ordinary liability policies work: (a) two persons or entities involved besides the insurer and sometimes (b) more.
The kind of insurance configuration involved here always has at least three entities besides (1) the insurer. There is (2) the entity complaining about some sort of injury; (3) the entity directly causing the injury; and (4) there is the insured. The fourth party “stands between,” as it were, the insured and the person claiming to have been injured. Here is a crude and dangerous analogy.
Consider the liability insurance of the physical world. Suppose the insured owns a zoo named Zoo ; two children, Rapunzel and Prince, are viewing the animals; a fight breaks out; and she pushes him into the snake pit where he is badly injured and then dies. In this case, the plaintiffs would be Prince and his parents; Rapunzel (and her parents) would be the defendants, as would Zoo (and/or its owners). Behind Rapunzel (etc.) would be their insurer, while behind Zoo would be its insurer. (And actually, there might be just one insurer for them both.) Nevertheless, the set up could be described as Rapunzel “standing” between Prince and Zoo. (Assuming that each of the two sets of defendants have their own liability insurers they may quarrel over who pays first, how much, and so forth., but that’s a different story.
The fact pattern which seems to be contemplated in this policy is that the insured has access to the Internet and/or a site on the Internet where various sorts of activities can be performed or initiated. Those different kinds of activities are themselves referred to in the policy as various types of “[i]nternet media.” Some might find this double usage of the term “media” confusing. The insured’s liability problem arises when (a) that which has been sent by the using entity is one or more of those described in Definition K, (b) causes injury, (c) the using entity is itself liable, (d) the insured has performed at least one relevant wrongful act.
The insured is out or may be liable for what is in effect the misconduct of the entity using insurance access and acting in certain ways. The point is that the insured may be liable, or may be found liable, for the conduct of another. The liability of the insured must arise from a “wrongful act”performed by it. Of course, its wrongful act does not produce liability for the insured unless the entity using the insured’s site has caused injury.
There is a second major source of liability to be found in the insuring agreement. This does not have to do with the insured being liable for the misconduct of someone using its site if the insured has performed a “[w]rongful act,” but where the insured has promised to stand-in for the user of the site, where the promise to stand-in is to be found in a type of contract, e.g., a promise to indemnify. This sort of contract-based-liability is most often not found in ordinary liability policies.
[MSQ: Turning to exclusions, most exclusion sections in most policies play three roles. First, they subtract from the insuring agreement. (We insure this in general but not that.) Thus, they slice situations off which would otherwise be there. (We insure all your red objects, except those which are scarlet.) Second, they make sure that objects or situations which might be associated with the insuring agreement are not covered. (We do not cover paint cans no matter what color paint was or is stored in them or is still there.) Third, exclusions are used to eliminate some ambiguities. (When we say “paintings, we mean only two or more events of painting houses. We do not mean painting pictures–as in art–and we do not mean painting railway cars.) Fourth, exclusions may be there to be safe about misinterpretation. (We are insuring financial dealings here and not physical injuries to the bodies of persons or animals. Nor are we covering ruinous physical damage to any other tangible things, including diamonds, but with the exception of paper money.)
IV. EXCLUSIONS-CLAIMS AND LOSSES NOT COVERED [MSQ: A few summaries]
D. whatever alleges or arising out of infringement of patent;
H. for bodily injury or property damage;
I. alleging or arising out of the development, dissemination, issuance, management implementation, operation, safekeeping and/or maintenance of PKI, where the insured acted in the actual or effective capacity of a certificate authority, certificate repository, validation authority or registration authority; or arising out of the theft of PKI;
J. alleging or arising out of any claim, demand, suit or litigation prior to or pending as of the first inception date; or alleging or arising out of or relating to any fact, circumstance, situation or wrongful act alleged in such claim, demand, suit or litigation;
L. alleging or arising out of liability you assume under any contract or agreement, including any contract price, cost guarantee or cost estimate being exceeded; however, this exclusion does not apply to:
(1) liability you would have in the absence of such contract or agreement, or
(2) for liability assumed under contract for an otherwise covered claim;
Q. against you that is brought by or on behalf of the Federal Trade Commission (“FTC”), Federal Communications Commission (“FCC”) or any other federal, state or local government agency or ASCAP, SESAC, BMI spell out or other licensing organizations in such entity’s regulatory, quasi-regulatory or official capacity, functions or duties;
S. alleging or arising out of a wrongful act(s), circumstances or events committed or occurring prior to the first inception date if on or before the first inception date, you knew or could have reasonably foreseen that such wrongful act(s), circumstances or event could give rise to a claim against you or a loss;
[MSQ: Comments:] Exclusion D. This exclusion pertains to patents. It is important that this be mentioned specifically as an exclusion because other forms of intellectual property file relations are covered. These days there is usually no coverage for patent related problems. There was such coverage at one time, but insurers came to realize that patent liability cases were too expensive, too complicated, and had too many dimensions.]
[MSQ Comments:] Exclusion H. This exclusion covers physical injuries to persons and property. It is important to exclude these matters, because the purpose of the policy is to cover non-physical activities and losses, and because routine out-of-the-cyberworld liability policies often cover both of these.]
[MSQ: Comments:] Exclusion I. By far the most complex of all the exclusions and the definition which, as it were, stands behind its concerns PKI aka Public Key Infrastructure. This is not the place to try and explain it. It involves anything one can imagine about creating and protecting security for the sending and receiving of information in the cyberworld. The definition really constitutes an abstract list of pretty much all that might be involved. Not everyone has it or needs it, e.g., ordinary individuals. The exclusion is about an insured’s being involved in planning, designing, passing it around or running any component of it. For example, some entities issue one or more required certificates regarding the use of certain complex systems. There is no coverage for what happens in any of those areas, including contracts of indemnity. “Mere users of PKI systems and/or components are not characterized by the definition or made “uncovered” to any extent by the exclusions, at least so I think. No doubt there will be coverage controversies about whether “something(s)” fall within the definition and therefore the exclusions.*
*(Further comment: PKI coverage issues are not for the novice, and gaining understanding for the purpose of not only adjusting, but also for underwriting and selling, requires actual technical education. We have seen adjusters who were also lawyers for many years–indeed for at least two centuries–and soon we will see adjusters who are a kind of electrical engineer.)
[MSQ Comment]: Exclusion J. This exclusion is simple enough. It pertains to timing. If certain events happen before a certain date (the first inception date), they are not covered, and if they happen after that date they may be covered, if they fit within the insuring agreement and are not subject to another exclusion. The term “event” in this context was devised and is used for simplicity; it is not a word in the policy. All sorts of events are excluded: actions, omissions, claims, suits, and so forth. The key thing to remember about the idea of first inception date is that is stretches back to the date when the first AIG policy was issued. That could be one AIG company in Year-1 and another in Year-2 and a third in Year-3. The idea of a first inception date is very general in one way. It dramatically extends “backward” the span of time where something can go wrong and/or be complained about by a third party. This is much, much better than the usual “claims made” liability policy. On the other hand, it is quite advantageous to the insurer (or group of insurers) since the insured is locked in if it wants the early first inception date.
[MSQ Comment:] Exclusion L pertains to the kinds of contractual liabilities which are not covered, and then turns immediately to two exceptions to the exclusion. It must be remembered how legal disputes over coverage are divided up. Insureds have the duty of establishing that they have coverage. (Insurers have the duty to prove that exclusions apply to coverage. Insureds have the duty to prove that exceptions to exclusions apply. The reason for this is that exceptions of exclusions are tantamount to establishing coverage under the insuring agreement and so the proof requirements are the same.)
[MSQ Comment:] Exclusion Q rules out coverage for problems initiated by various types of regulatory agencies, whether governmental or private. It is easy to imagine controversy arising out of the idea of “private agencies” of various sorts, including licensing.
[MSQ Comment]: Exclusion S rules out coverage for wrongful acts occurring before the First Inception Date, or which the insured knew about or would have anticipated, if it had been observing and/or reasoning in an acceptable manner. This sort of thing has been litigated many, many times in the insurance policies of “yesterday” and before.
V. Limits of Liability.
[MSQ Comment]: There nothing new or really very different in this section when compared with existing policies, e.g., CGL, Professional Malpractice, D & O, etc.
[MSQ Comment]: Again, there is nothing really new or usual here. It is important that the uninsured retention applies to each claim. It is not a declining aggregate over the policy period.
VII. OTHER PROVISIONS AFFECTING COVERAGE
[MSQ Comment]: In many policies these are called “Conditions.” AIG’s wording of this title is both informative and more in accordance with the actual law. It probably makes it clear that the insurer has the burden of proof, which it probably had anyway. It is a long list, but it is not unusual in comparison with long existing liability policies.