This series of blog-essays contain an introduction to the Comprehensive General Liability policy used in the “real-world,” along with a type of liability insurance for the “cyber-” or “virtual world.” The latter is attached as an endorsement to the former.  This can be done with a variety of different cyber-world policies.  The one being discussed here is a malpractice policy, which appears to cover other types of liability exposures and was created for a class of cyber-design and similar professionals working on the cyber-world.  (At least some of these professionals are also called “architects,” since the platforms and other systems, network, and so forth, as designed and are, metaphorically, very much like buildings.A good thing to keep in mind is that 50+ carriers are now peddling various cyber-world policies.

Part I of this series concerned brief observations about what the dec sheet probably contained–premiums, a list of coverage parts, the identity of the agent, the names of the insureds, warnings (e.g., “Please read this policy.”), names of clients whose claims against the insured might be covered, and so forth.  It also discussed two absolutely key definitions, followed by a discussion of the insuring agreements.

Part II will discuss some of the exclusions. Most of the exclusions will be referred to very briefly, in order to give the reader a generality of what is excluded. Some of the exclusions will be discussed at more length. Those which will be mentioned only fleetingly are versions of those usually found in “real” world policies.

There are also Conditions included in the policy.  Just as in all policies there are “conditions” to be thought of, according to the insurer, as conditions precedent to the insurer having any “further” obligations at all.  Some courts have ruled that some conditions are really covenants, that is, performances the insurer has promised to do.  Classified in this way, the insurer has obligations centered on the conditions; this was not true in earlier conceptual analyses (aka legal analyses) of insurance contracts.

As previously mentioned, my comments are not intended to be authoritative. There is not enough case law to permit that.  In addition, there may be mistakes along the way. See Part I for a further description of reservations.

I will be commenting on some of the provisions of the policy.  My comments will be in typeset smaller than the statements taken from the policy, just as it was in Part I.

No coverage where a company closely related to the named insured sues it, e.g., a subsidiary, sues the primary company, or two related companies owned both owned by the same company, sue each other and the policy covers one of the subs but not the other. (A)
No coverage where employees would have workers comp (or equivalent) coverage. (C)
No coverage when policyholder advises another on insurance (or something very insurance like) acquisition (D)
Physical dealings involving injury to ordinary “real” world tangible objects. (E)
Same for autos, boats, and airplanes. (F)
Failure to finish work on time. (G)
Unlawful discrimination. (H)
No coverage for claims generated from a contract to which the insured is a party, unless liability would have triggered anyway. (I)
No coverage for breach of contract or breach of warranties “in respect of any agreement to perform work for a specified fee.” (J) (In other words, if the insured quits a job because of non-payment of over budget fees there is not coverage.  And, of course, there are various species of this problem.)
No coverage for insolvency or bankruptcy. (K) (In other words, if the tort of the insured causes someone to become insolvent or go into bankruptcy, there is no coverage for at least part of that, e.g., the costs of the bankruptcy attributable to the injury caused by the insured, other than the other damages caused by the insured’s negligent act or omission, e.g., special legal fees for bankruptcy lawyers, and so forth.)
Injuries caused by asbestos. (M) (There is a very odd feature of this exclusion. It is applies to asbestos injuries “in hole or in part[.]”  Of course, this is nonsense.  The phrase “in hole” has meanings, but none of them fit here, and usually this sort of phrase is “in the hole,” not simply “in hole,” except for oil drilling, where “in hole” is usable.  What must be meant here is “in whole or in part; however, it is very rare for an insurance policy to contain a mistake like this one.)
No coverage for pollution or pollution caused injury or damages. (N)
No coverage for investment advice when acting as a “professional.” (O) (I confess I don’t see why this and many of the other exclusions are here, since there is no chance that any of the excluded damages will fit the insuring agreement.  Maybe some of these exclusions are designed to undermine or defeat the duty to defend.)
There is no coverage for “any claim made by any regulatory authority, or any federal state or local governmental agency.” (U)[This is a standard exclusion.  One of the reasons for it is that most of these claims are for intentional, or near intentional conduct.  Thus most of the time the doctrine of fortuity has been triggered.  I am not sure that all of this exclusion fits well into cyberworld problems.]
So far exclusions (A)-(O) & (U) have been summarily noted, setting aside (B), (L).

Coverage for “personal injury” and “advertising injury” are excluded.  “Personal injury” in this context does not mean bodily injury. It covers a group of torts, and defamation is prominent among them. (B)  It is important to recognize that, while “personal injury” itself is covered, damages arising out of “personal injury liability,” whether direct or indirect, is not. (B)[Why might these be excluded?  I suspect that this can only involve a distance between these two ideas: (1) We will pay damages for some personal injury, as defined, but we will not be liable for anything else for which you may be liable.  Consider, for example, an insured, Z, injuring A by defaming him, but A mistakenly believes that B also caused his injury.  Perhaps the insurer is refusing to pay for Z’s liability for that.]
There is no coverage for the insured’s operations as a structural “engineer.” (L)
[Structural engineering has to do with tangible objects.  That is not what this policy is about.]

There is no coverage for the insured’s liabilities to “any other [named insured] insured [under this policy],” except with respect to Privacy Injury. (P)[The phrase “Privacy Injury” is not defined.  What counts as privacy in cyberspace is not close to a settled matter; there will be legal controversy for many years.  The law review literature contains a number of disputes about this matter.  One of the best sources on this matter is Larry Lessig’s CODE 2.O. (2006). It was a redo of CODE he published in 2000, and it has been updated, but many of the ideas–at least the fundamental ones–have not changed much. Some might say the 2006 edition is outdated.  I doubt this is true.  It is a brilliant book for all sorts of reasons.  Alas, it is not easy to read.  There are plenty of newer Internet sources on this matter, but they are all too simple.  The college textbook of Richard A. Spinollo, CYBERETHICS: MORALITY AND THE LAW IN CYBERSPACE (4th ed. 2011) is newer, a far simpler beginning point, helpful and involves many ideas coming from Lessig].
There is no coverage based upon the “theft or misappropriation of trade secrets.” (Q)Remember, it is the insured that is doing the theft or the misappropriation.  These are intentional acts, so naturally there would be no coverage for them.  Liability insurance, as well as other types–first party insurance–insure against accidental risks, or risks close to accidental.  In insurance circles, it is said that insurance insures only against the fortuitous.
There is no coverage for “the infringement of patents.” (R)[Infringement of patents can be accidental, but it usually is not, so fortuity pops out again.  There is perhaps a more significant reason for this exclusion.  Dealing with patent cases is hugely expensive, both with respect to providing a defense and with respect to indemnity.  The defense expenses are also unpredictable.  Better to stay the hell away.  There is a way to deal with the situation.  Require a large retention (i.e., the insurer will pay the first).  Limit the primary policy, and then “require” that they be a tall stack of excess policies.  All the carriers would have to make sure they have substantial reinsurance.  The reader should notice that this system is getting very expensive; only rich companies could afford and rich companies are usually very large ones.  So why should they not just pick up the tab themselves?][Notice that copyright problems are not included in this exclusions.]
There is no coverage for “electrical failures, interruptions, surges, brownouts, or blackouts.”[It’s not hard to see what’s going on here.  The policy is an E & O policy for designers of cyber related “stuff.”  Electrical problems of any degree are not within that category.  Still, then can affect the quality of the policyholders work immensely.  Then again, perhaps the insureds should buy coverage for that.  It makes no more sense for professional liability carrier to insure electrical problems than it would be for  it to insure building collapses.]
There is no coverage for “intentional unauthorized access to, unauthorized use of, introduction of virus or similar malware into data or computer systems by any Insured outside their scope of duties as a partner, officer  director or employee of an Insured.  [Remember what “malware” is: it is any cyberspace transmission which injures a device for transmitting messages.  The term stands for “malicious sofware.” Viruses are a type of malware.  They are a sort of program or script, attached to something that has been transmitted, which arrives attached to emails. Worms work differently: they are not attached.  Thus, they can travel in large groups.  The probable reason they are excluded is that they intentionally send injurious transmissions and hence they are outside fortuitous risk.  Intentional misconduct is not to be insured.  It is contrary to the “essence” of insurance, even though the essence does not always apply. Consider the idea of “Personal Injury.”
Exclusion. . .V(2) shall be applied upon the final finding of guilt or fault by a jury, court or arbitrator that the act was dishonest, fraudulent, criminal, malicious or intentionally committed while knowing it was wrongful.  [This rule is extremely favorable to the insured.  It means that conduct that looks intentional cannot be classified that way by the insurer until after a final judgment.  This means that the insurer will have to defend the insured, even if the only cause of action alleged is of intentional conduct.]
Exclusions. . .V(2) shall not apply to any Insured who did not commit, acquiesce or participate in the actions which gave rise to the claim or suit.
Sometimes claims-made-policies require that the (1) event for which the claim is made against the insured, (2) the claim against the insured, and (3) the insured’s claim against the insurer must all occurt within the policy limits or during an extended period purchased by the insured. This one does not look like that. Apparently only the claim against the insured must occur within the time of policy limits or the extension, and the time limits on the insured’s claim against the insurer are restricted to a certain number of days, whenever they occur.  This may not be classified as an exclusion in the policy but part of the insuring agreement.  It is exclusionary, however, even if it not an exclusion, so I stuck it in here for good measure.

Michael Sean Quinn, Ph.D., J.D., c.p.c.u. . . .
The Law Firm of Michael Sean Quinn et
Quinn and Quinn
1300 West Lynn Street, Suite 208
Austin, Texas 78703
(512) 296-2594
(512) 344-9466 – Fax